Securing the vote Research on voting vulnerabilities and recommendations
1
TABLE OF CONTENTS Securing the vote: an end-to-end challenge . . . . . . . . . . . . . . . 4 Voting governance today . . . . . . . . . . . . . . . . . . . . . . . . . 5 VVSG: a good start, but not far enough . . . . . . . . . . . . . . . . .
6
Voting infrastructure overview and threats . . . . . . . . . . . . . . . 8 Election management systems . . . . . . . . . . . . . . . . . . . . . . 8 Electronic voting systems . . . . . . . . . . . . . . . . . . . . . . . . . 9 Counting systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
11
Reporting systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12 Vetting the end-to-end process through election phases . . . . . . .
13
Pre-election . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14 Election . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14 Post-election . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14 Conclusion of potential risks . . . . . . . . . . . . . . . . . . . . . . .
15
Looking forward: improving the process . . . . . . . . . . . . . . . . . 17
2 | COALFIRE.COM
The U.S. voting system is peppered with vulnerabilities, and voters are losing confidence. Voting machines are built on loosely enforced, inconsistent standards rife with technical and physical vulnerabilities. The state and federal standards that are in place to ensure security are inadequate. Coalfire’s real-world experience testing
and voting machine vendors and the
voting infrastructure under the National
transparency demanded by voters.
Cybersecurity Assessments and Technical Services (NCATS) program under the Department of Homeland Security (DHS), as well as on voting machines on behalf of 10 state governments, can be summed up in five words: Our voting systems are broken. They require significant improvement to hardware and software, the networks that connect the votes and databases, and the policies and standards that oversee their operations. However, we see progress and present recommendations to address these challenges in this report.
Voting is a detailed process with risks from people, process, and technology. Arriving at a more secure state can be achieved by looking to other models in technology cybersecurity. While voting systems are unique in their purpose, they share common goals and objectives as other technology: • Providing assurance that the systems are functioning as intended • Functioning efficiently • Leaving evidence that the systems are protected and used as designed
To set context for our recommendations,
Coalfire’s analyses and recommendations
it is important to understand the
in this report are derived not only from our
current state of voting machine security.
work with voting networks and systems
This includes an understanding of
but also through our experience with more
governmental legislation efforts, funding
than 3,000 cybersecurity engagements
challenges, and the unique fractured
in the past year. The cybersecurity best
accountability of the U.S voting system.
practices and standards that we see
The Voluntary Voting System Guidelines
implemented within cloud, healthcare,
standard (VVSG 1.0) addresses some
payments, and other industries are vastly
of the fundamentals but falls short of
more rigorous; and we believe such
establishing robust end-to-end testing
constructs should be quickly deployed
requirements. Several vulnerabilities and
in voting oversight to safeguard the
risks could lead to compromise even if the
principles our nation was built upon
systems were designed to meet VVSG 1.0.
and voter confidence.
There is also a fundamental disconnect between the assurances provided by states
3 3
Securing the vote: an end-to-end challenge Scrutiny on U.S. voting systems technologies has increased since the 2016 election; voting has not seen this much coverage since the “hanging chad” incident of 2000. Media articles about voting dominate the news cycles; DHS meets with Congress on a regular basis; and citizens heatedly debate the topic on social media outlets. Our nation’s adversaries, surely, have been putting their own focus on U.S. voting, and this (likely accurate) perception has continued to stoke the fires of the issue. The security community has taken notice as well. At training events held at conferences such as Black Hat and in labs like DEFCON’s Voting Village, voting machines have been hacked with relative ease, gaining more media headlines and fueling the blaze of public concern. The problem goes well beyond the voting machines to the challenge of securing the voting process every step of the way, including the need for better controls, staff training, and testing prior to the election; physical security and monitoring controls during the election; and auditing and postevent testing after the election. A laser focus on machines is not unwarranted – in fact, it is quite necessary, and we discuss specific concerns in the pages that follow. But a far more diligent and holistic study of the cybersecurity needs of voting process governance (whether this be at the federal or state level), oversight, and standards rigor is a greater problem that must be explored. Certainly, wheels are in motion in various sectors and through a number of
organizations, both federal and private, to attempt to address the problem. Examples include a recently defeated motion to eliminate electronic voting systems in Georgia,1 as well as legislation slogging slowly through the Senate, the Secure Elections Act,2 which was designed to set guidelines for information sharing, federal government standards development, and other voting cybersecurity guardrails. Funding is also up for debate. Capital is needed to replace the large number of systems with questionable security, train staff, audit systems, and increase onsite security. The Help America Vote Act provided $380 million to assist states in upgrading cybersecurity through 2018, and many states requested their allocations. But the funds were eliminated from 2019 appropriations, and even with the 2018 grants, plenty of legacy systems are still around and will be for a long time to come. One study found that to update the systems for just seven states would cost close to $400 million.3
1 Mark Niesse. “Federal Judge Rejects Paper Ballots for 2018 Georgia Election.” Atlanta Journal-Constitution, September 18, 2018. https://www.ajc.com/news/state--regional-govt--politics/federal-judge-rejects-paper-ballot-effort-for-2018-georgia-election/MPNGITqPbZ9wYfZ0NEP1IJ/ 2 Secure Elections Act (S.2593) https://www.rules.senate.gov/imo/media/doc/Secure%20Elections%20Act%20Text1.pdf 3 Brennan Study for Justice. “Federal Funds for Election Security: Will They Cover the Costs of Voter Marked Paper Ballots?” March 23, 2018. https://www.brennancenter.org/analysis/federal-funds-election-security-will-they-cover-costs-voter-marked-paper-ballots 4 | COALFIRE.COM
Voting governance today The entire voting process, including cybersecurity, is managed at the state level; the federal government does not mandate cybersecurity standards, guidelines, processes, or practices. Each state, and in some cases, each county, determines its own processes, security guardrails, technology equipment, and implementations. A state election board or election commission may determine a set of processes or guidelines for each county to follow. Some states, such as Maryland, may allow those decisions to be made by each individual county. Few states have employed a reporting or transparency structure wherein counties report back to the election board on their security implementations for review or testing. The result is the U.S. effectually has more than 50 types of elections, which only complicates implementing what’s necessary to secure the vote. Regarding machines, the responsibility for vetting the cybersecurity stature of the technologies falls primarily on the state that employs it, as well as reliance on the technologies’ compliance with the VVSG standard adopted by the Election Assistance Commission (EAC). States are not required to employ VVSG-certified machines, though most in-use machines are certified. 5 5
VVSG: a good start, but not far enough The EAC’s VVSG 1.1 is the current governing standard that provides guidance to assure the accessibility and security of voting systems. While VVSG 1.1 has security testing requirements designed to demonstrate that the systems were built with security in mind, they are limited in scope (including only access control and data interception and disruption) and do not mandate penetration testing of the machine’s entire end-to-end ecosystem. They are purposely broad to allow for a wide degree of implementation freedom for vendors, but this also opens the door to suboptimal cybersecurity even in accredited machines (e.g., recommending end-to-end encryption or a strong password protocol, but providing no specificity around what these should be to ensure effectiveness). Case in point, the machines that were compromised in the DEFCON Voting Village were, in fact, accredited. Eleven systems (and their various generations) built by seven companies have been certified to this (and other) standards on the EAC website. But how solid is this standard upon which their assurances of security rely? VVSG 2.0 is currently under development, and while the draft still appears to be
insufficient to safeguard against a number of risks, it does significantly raise the bar for secure development of voting systems. This new standard is based on 15 lofty principles, but the standard itself is heading in the direction of being specific to technical security measures. While the revised standard will address a much more specific collection of security controls than the existing standard, the development of security testing guidance to determine whether the organization has met the standard is yet to be defined. Creating comprehensive testing requirements that can be applied universally and in a costeffective manner will be a tall order. There is some solid precedent set, though. We’re hopeful that the testing guidelines allow for – or even require – the same level of openness and creativity that the PA Voting System Security Standard4 has required in section 4.7 of that document. Table 1 illustrates threats to voting systems, and whether VVSG 1.1 and 2.0 have the mechanisms to address them. As shown, even the improved standard leaves a number of real-world risks unvetted and unaddressed.
4 “Pennsylvania Department of State Attachment E to the directive for electronic voting systems PA voting system security standard. https://www.dos.pa.gov/VotingElections/Documents/Voting%20Systems/Directives/Conduct%20Directive%20Att%20 E%20-%20PA%20Voting%20System%20Security%20Standard%20v06122018.pdf
6 | COALFIRE.COM
Table 1: Threats to voting systems and VVSG controls capabilities to address them Threat
VVSG 1.1
VVSG 2.0
Recommendation
Network attacks on the EMS
Yes?
Yes
None
Reverse engineering/ forging of election setup media
No
No
Testing procedures MUST include the evaluation of the susceptibility to reverse engineer the information written to that media, from an adversarial perspective.
Reverse engineering/ forging of voter media
No
No
Insertion of malicious voter media to the voting system
No
Partial – VVSG 2.0 Draft requires the logging of media insertion events.
Testing procedures MUST include the reverse engineering of administrative/poll-worker media, voter media, election management media, and the associated software with the objective of compromising the operating system and software running on the voting systems.
Overwriting / altering election software
No
Partial – Operations require authentication under VVSG 2.0.
Altering the print jobs sent to the printer via man-in-the-middle
No
Partial – Physical security requirements under VVSG 2.0, section 12 require alarms when physical devices are connected or disconnected.
Regularly inspect each polling station.
Altering the print jobs produced by the printer to make them unreadable
No
No
Regularly inspect each polling station or implement a “test ballot” that proceeds to optical scan/central count as applicable for verification.
Injecting malicious code into central count systems through the insertion of DRE or BMD media
No
No
Establish procedures to evaluate the media and content prior to insertion into a central count system.
Compromised count system used to impact other systems on the isolated network (such as the reporting systems / EMS)
Yes
Yes
To evaluate solutions for susceptibility to this attack, include these counting systems in the reverse engineering and research activities that should be part of the testing procedures.
7
VOTING INFRASTRUCTURE OVERVIEW AND THREATS
process, such as scanners, tabulator workstations, and auditing systems.
Voting systems are one component in a rather complex process. We will address issues such as staff, physical security, physical storage, voter registration, and other end-to-end voting process concerns shortly; in this section, we review some potential threats to the voting infrastructure (as briefly discussed in Table 1) through a review of the major components that comprise most voting environments.
In the months preceding an election, election officials must set up the election parameters – defining and planning the upcoming election, precinct/district setup, race definition, and ballot setup. Regardless of the implementation, all systems have a workstation that interfaces with the election management system. This information is written on media (a smart card, USB thumb drive, or a PCMCIA “cartridge”) that is used to configure the voting systems for each polling location. The election definition media is typically handled centrally by voting officials.
ELECTION MANAGEMENT SYSTEMS Election management systems and support infrastructure are usually located in environments intended to be secure and isolated, yet locally networked with other systems that participate in the election
Protection of the media is critical. If a threat actor accessed and modified it, there could be material consequences regardless of how secure the voting machine is that it is loaded
Attack vectors associated with voting infrastructure
Election management systems and supporting infrastructure • Social engineering attacks • Removal, reverse, engineering, reintroduction of media • Introduction of new, malicious media into system interfaces • Vulnerable to the same threats as all enterprise networks
8 | COALFIRE.COM
Voting systems • Compromise of smartcard readers, PCMCIA slots, and USB ports with new, malicious media or re-engineered voter system software • Compromise of printer via interface • Compromise of firmware or software
onto. Any interface with the system or media presents an opportunity for introduction of malicious instruction intended to modify vote processing. To address these threats, both physical protection as well as logical protections, such as encryption, of the data on the media must be implemented and tested from an adversary’s perspective via penetration testing.
ELECTRONIC VOTING SYSTEMS Electronic voting systems fall into two categories: ballot marking devices (BMD) and direct recording electronic (DRE) voting machines. Both types are intended for inperson interface with the voter. Virtually all systems use a touchscreen interface, and all can be programmed via the introduction of media, using the “credentials” of an administrator. State or county officials are provided the media with which to program
Counting systems
the machines before the election. Once inserted, the media is read by the voting system, and the software on the voting system then displays the proper ballot style. Voting systems also connect to various peripherals. All systems can connect to voter assistance devices (“sip and puff” or other keypad devices for the disabled). All of these to our knowledge are USB interfaces. Most systems, however, are disconnected from other networks, especially on election day. The primary difference between BMDs and DREs is how they record a ballot. A BMD will print the results of the vote for the voter to insert into a ballot box; whereas a DRE records the vote in the system and a tally from each system is exported for use in a central or precinct tally system. If a threat actor has physical access, an unsecured system could easily be
Registration and reporting systems
• Compromised media from a DRE that could be transferred to counting systems
• Social engineering attacks on the people who manage them or infrastructure that supports them
• Slight potential of a BMD ballot scanning compromise
• Compromises due to network vulnerabilities and systems running unsupported operating systems and software
• Counting system compromise that’s designed to impact the local network and spread to other networked systems
• Based off of enterprise networks and vulnerable to standard network and application attacks
9
10 | COALFIRE.COM
compromised. Most systems require tamperevident seals and enclosures to provide detection of access to the internals of the system and unused media ports. Smartcard readers, PCMCIA slots, and USB ports are all used for legitimate reasons and must be available for the system to operate. However, it is possible for an attacker to bring their own maliciously programmed media and insert them into these interfaces. If an attacker had knowledge of the in-use systems, these media slots could be used to dupe the system into following instruction on the introduced media. For example, one could reverse engineer and potentially create forged “administrative” media to manage the election. Or an attacker could leverage the voter media interface to inject malicious code into memory to overwrite the software that runs the system with code of the attacker’s choosing. The most impactful attacks include replacing the voting system software with a program that emulates it (reversed and recompiled with malicious logic) and simply records malicious votes. This attack is certainly challenging to carry out, but we’ve seen this executed in a staged “faux election” scenario in under two minutes – and most recently at DEFCON, an 11-year-old did much the same in under 10 minutes. In a DRE that does not produce a voter verified paper audit trail (VVPAT) record, this type of an attack could be completely undetectable. To address these threats, testing procedures MUST include the reverse engineering of administrative/ poll-worker media, voter media, election management media, and the associated software with the objective of compromising the operating system and software running on the voting systems.
While BMDs are considered a safer alternative due to the production of marked paper ballots, in some cases these ballots have encoding that is not human-readable, which is scanned to tally the vote results. So if the software was compromised, it would be difficult to detect during the course of an election. Additionally, the attached printer can be a point of compromise. A covert device could be connected between the printer and the voting system that could alter the print jobs sent to the printer. While these ballots are usually human-readable, if there is any non-human encoding read by scanning systems, it could be subject to alteration “in flight.”
COUNTING SYSTEMS Both BMD and DRE systems produce output that needs to be tallied by counting systems. Some solutions have a precinct-level count, which scans paper ballots and then submits similar media to a central count system. Precinct/district counts are usually not networked with other systems (with some exceptions). Central count systems are always networked with other systems to collect, store, and facilitate reporting on the election data. In many cases, central count systems are the core election management systems. An attack against central counting systems would be significantly harder to carry out given the lack of interface with people other than election officials. However, a compromised DRE solution could be programmed to drop malicious code on the media that is intended to collect the vote counts. This malicious code would then be introduced to systems that participate in the counting process. A compromised BMD, 11
however, would only be able to compromise a counting system through the scanning of a ballot. While this is not out of the realm of possibility, it is certainly a challenge to interpret malicious code through reading a ballot. To address this threat, there should be procedures to evaluate the media and content prior to insertion into a central count system. There are various architectures for counting systems, but if a system can be compromised and programmed to perform other activity on the network that it is connected to, it can be used to impact other systems in the election center as well. To evaluate solutions for susceptibility to this attack, it is critical to include these counting
12 | COALFIRE.COM
systems in the reverse engineering and research activities that should be part of the testing procedures.
REPORTING SYSTEMS Reporting systems are generally networkconnected to the counting systems and the election management system. Like counting systems, impacting these systems would also have a clear and direct impact to an election. Reporting systems are the most susceptible to attacks on the infrastructure or the people managing the election. Those attacks may be performed long before an election begins via social engineering or similar attack vectors.
Vetting the end-toend process through election phases Securing the vote requires an end-to-end ecosystem approach to identifying and remediating vulnerabilities throughout the entire voting lifecycle – before, during, and after election day. It must also address the elements that exist beyond the machines, which are only on part of the puzzle, and extend to physical storage risks, registration system risks, staff training, infrastructure configurations, and other considerations.
Even if we were to create and implement updated standards and rigorous testing that produced highly secure voting machines, many other areas still require similar attention. Cyber attackers often chain together minor vulnerabilities and weave them into an attack; securing the vote requires a holistic review of the entire ecosystem to determine how an attacker might leverage any existing vulnerabilities, or create new ones, and chain them into a successful compromise. Figure 1 discusses many of the vulnerabilities and threats of each election phase and the mitigations to address them.
Figure 1: End-to-end election evaluation approach Pre-election vulnerabilities and threats
Mitigations
• Physical storage tampering
• Cyber hygiene vulnerability assessments
• Voting machine security vulnerabilities
• Configuration reviews and hardening
• Infrastructure compromise
• Source code reviews
• Registration system and application vulnerabilities
• Penetration testing • Assessment of voting process to tailor defensive measures and mitigations
2 Task 1: Election process threat modeling
1
Task 2: Pre-election hunt and penetration testing
3
Pre-election
Task 3: Threat emulation
End-to-end election evaluation approach
Mitigations • Log and forensic review of infrastructure • Verification of system, software, and data integrity
ti o
ec El
on
ti
• Voting machine compromise
4
ec
• Infrastructure compromise
- el
Post-election vulnerabilities and threats
n
P o st
Task 4: Post-election hunt and penetration testing
Election vulnerabilities and threats
Mitigations
• Social engineering attacks
• Defensive capabilities
• Attacks on support infrastructure
• Incident response and containment planning
• Attacks on voting machines
• Red team: testing of IR defensive capabilities
• Attacks on data aggregation and storage points
• Personnel training
13
PRE-ELECTION As mentioned previously, every state or county election process is conducted slightly differently. Each variation of these processes introduces different risks and considerations for proper mitigation. A range of potential threats must be assessed prior to an election; many are not currently identified, assessed, or mitigated in each state. In addition to the networks, enterprise applications, and desktop platform environments that support the various boards of elections, additional compute, storage, and network components are employed for the voting process. This infrastructure needs to undergo security evaluation, since it is the backbone to recording, transferring, and storing votes. In one example seen via our work with DHS, voter registration systems regularly reside on the same networks as the state’s IT systems. Thus, those systems inherit the risk and vulnerabilities from many others. In some districts/states these systems are aging and contain systems that run unsupported operating systems and software. Between election cycles, stored equipment could also be physically tampered with if not properly protected. Voting systems need to be protected from beginning to end to reduce the risks of tampering and the possibility of supply chain interdiction. To address issues, the majority of testing and preparation should be conducted well before an election occurs. Pre-election activities should include vulnerability assessments, system hardening, source code reviews, preelection threat modeling, hunt/penetration testing, and threat emulation (red teaming). The objective is to determine how a threat actor might try to compromise all the involved components or determine if they 14 | COALFIRE.COM
already have, so the appropriate actions can be taken to ensure issues do not carry over from previous elections.
ELECTION Threat actors could wage attacks on voting systems during the live election through physical access, social engineering, and other methods. It is essential to have secure configurations and an adequate number of properly trained, onsite personnel to spot and thwart these types of attacks. If an incident is discovered, it is important to have an action plan for incident response (IR), containment, and communication. Red team testing of IR capabilities can prepare precincts to defend, react, and respond appropriately.
POST-ELECTION After an election, it is important to audit results and test equipment for signs of compromise to infrastructure or machines. Logs and equipment/infrastructure must be reviewed; and systems, software, and data must be evaluated for integrity and comparison against the pre-election state. Beyond the systems and infrastructure, many states implement audits against a small percentage of concluded races to identify potential errors. Colorado and Rhode Island have implemented more rigorous risk-limiting audits that produce more accurate results. In risk-limiting audits, the scale and scope of the audit is determined by the margin of victory; closer race results require sampling a larger quantity of ballots to assure accuracy (as even small errors can affect the outcome of a tight race), thus ensuring a higher probability of correcting a wrong outcome.
Conclusion of potential risks Despite the many potential threat vectors listed in this paper, we are not suggesting that hacking an entire federal election across the board is an easy task. Injecting malicious code in enough places to actually modify the results of an election would be a significant challenge, even for the most advanced threat actors. But if a hacker could alter results in a few machines, it might be the gas on the fire to cause a crisis of doubt within our country, call our democracy into question, and potentially alter the outcome of a close state election. Furthermore, a denial of service attack, denying citizens the access to vote by simply disabling machines (not even modifying votes), might have the same effect. U.S. citizens have the right to not only vote, but have their votes count as intended; much work is yet to be done to assure this is the case.
15
16 | COALFIRE.COM
Looking forward: improving the process The conclusions in this report were drawn from our experiences testing voting infrastructure under the NCATS program under the DHS, as well as on voting machines on behalf of state government (totaling assessments for systems and networks across 10 states). From our work, it is clear vulnerabilities abound. How can this best be addressed for the health of our republic? We believe that a model drawn from other examples in cybersecurity is needed: An effective governing body provides consistent oversight and defines rigorous process and technology standards. The body sets requirements for independent, end-to-end testing against both process and technology implementations. Affected organizations (or in the case of voting, states), must apply these security controls and tests, and then reports on the testing results must flow to the governing body. What might these look like as it applies to voting? Recently, the Secure Elections Act was proposed, but it is still in debate in the Senate. This act has many of the fundamentals right: It suggests that a technology advisory board establish best practices and actionable guidance, consider VVSG and NIST, and suggest a “bug bounty” program for system vendors. With the proper composition – including representation from federal, state, and local government, technology leaders, and security advisory experts – such a board could be the governing body to establish guidance and standards and provide oversight of the cybersecurity program establishment, testing, reporting, and transparency process to better secure elections. States would still maintain the clear accountability to implement their security controls and technologies, following the established standards and guidelines. With a more rigorous set of specific standards, testing requirements, and reporting requirements back to the governing body, a closed-loop system of checks and balances could be established consistently across states to better secure elections end to end. 17
With respect to the standards and guidelines, NIST could provide a valuable framework with the addition of a critical overlay specific to election security, similar to the model deployed in other areas of critical infrastructure (and voting is now considered critical infrastructure). The resulting standard should: • Be more specific than VVSG.
• Identify specific compliance deadlines.
• Extend to the end-to-end process and voting stages.
• Follow the iteration model as seen in the Federal Risk and Authorization Management Program (FedRAMP).
• Require end-to-end ecosystem penetration testing by a third party.
Assessment of election security and comparison to FedRAMP program
Best practice
Governing body that oversees overall security
Standards for election process and systems set by governing body
Independent third-party assessors required to test against standard
Accountable party defined for voting security in each jurisdiction
Implementation deadline to meet standards
Transparency where voters understand how each state fares in security measures
18 | COALFIRE.COM
This standard has been iterated over time by gaining input from a diverse set of customers, industry professionals, advisory companies, and the public, while also requiring endto-end testing and transparency following implementation of controls. The public should also have access to the results of testing for their jurisdictions; we recommend transparency, as this assists in accountability and improvement over time.
Assessment
The proposed structure certainly isn’t new or radical; it is a successful model in government cloud adoption (FedRAMP) and other areas of cybersecurity. However, voting is quite immature in its cybersecurity lifecycle. Much work is to be done before we as a nation can feel secure that this sacred institution is working as designed, and we recommend moving forward with a sense of urgency.
FedRAMP program governing cloud application usage
Election Assistance Commission does not hold election security authority over states but does issue a standard for election systems and conducts other election administration tasks
NIST sets guidance, FedRAMP Program Management Office (PMO) sets guardrails and oversight
The Voluntary Voting System Guidelines (VVSG) address systems, not process or ongoing testing requirements; s ystem standards are not comprehensive
FedRAMP standard includes more than 270 requirements covering systems, processes, and ongoing testing requirements
VVSG tests only limited parameters for security, through o nly two Voting System Test Laboratories (VSTLs) in the U.S.
Formal third-party assessor program
State election boards/counties are accountable
Accountable party is the agency adopting t he technology
No timeline by which standard must be met
Continuous monitoring and annual assessment required
No visibility of state security measures beyond media reports
FedRAMP-authorized solutions are listed in public domain, and security documentation is available to authorized personnel
19
Copyright Š 2014-2018 Coalfire. All Rights Reserved. Coalfire is solely responsible for the contents of this document as of the date of publication. The contents of this document are subject to change at any time based on revisions to the applicable regulations and standards (HIPAA, PCI DSS et.al). Consequently, any has endeavored to ensure that the information contained in this document has been obtained from reliable sources, there may be regulatory, compliance, or other reasons that prevent us from doing so. Consequently, Coalfire is not responsible for any errors or omissions, or for the results obtained from the use of this information. Coalfire reserves the right to revise any or all of this document to reflect an accurate representation of the content relative to the current technology landscape. Microsoft, Windows, Access, SharePoint, and Office 365 are trademarks or registered trademarks of the Microsoft Corporation.
Reduce risk and simplify compliance with trusted insight from the cybersecurity experts. 877.224.8077 | Coalfire.com 20 | COALFIRE.COM
RR_Q44_110518
forward-looking statements are not predictions and are subject to change without notice. While Coalfire