# RABET-V Glossary

```{glossary}
---
sorted:
---

Activity
  A self-contained aspect of the RABET-V program. Each activity has a process with inputs, outputs, and a workflow.

Accredited Assessor Organization
  A business entity who has gone through the accessor accreditation process and guides the assessment of a product to generate maturity scores for the RTP.

Architecture Assessment
  An evaluation of a {term}`product’s <Product>` architectural support for the RABET-V security control families by an accredited assessor organization to determine how mature the architecture is that supports each {term}`security service <Security Service>`. 

Architecture Maturity Score
  A numerical value assigned by an accredited accessor organization that examines the product’s components at both the system and software levels to develop a picture of risk and risk mitigation to answer the questions “how well-designed is the architecture underlying the product?”.

BPMN
Business Process Model and Notation
  A "graphical notation that depicts the steps in a business process. BPMN depicts the end to end flow of a business process. The notation has been specifically designed to coordinate the sequence of processes and the messages that flow between different process participants in a related set of activities." See the [BPMN website](https://www.bpmn.org/).

Component
  (RABET-V Component Diagrams) A modular unit included in one or more products' that interacts with its environment using well-defined interfaces.

Composite Service
  A security service component that is composed of two or more coupled security service components in order to provide functionality. Most composites will consist of a security service that surfaces at the system level (core service), and an adaptor that uses or implements that service (dependent service).

Function
  A discrete piece of functionality provided by the {term}`product`. Represented as a “{term}`port`” in the [UML Component diagram](https://docs.nomagic.com/display/MD2022xR2/Component+diagram).

In-scope Services
  A service component of the product that executes any of the control family functions.

Initial Product Submission
  A first-time submission for a {term}`product <Product>` to the RABET-V process that includes statements about the product and the RTP that will be used throughout each RABET-V activity. 

Isolation
  The “degree of effectiveness and efficiency with which it is possible to assess the impact on a product or system of an intended change to one or more of its parts, or to diagnose a product for deficiencies or causes of failures, or to identify parts to be modified” (ISO 25010:2011).

Modularity
  The “degree to which a system or computer program is composed of discrete components such that a change to one component has minimal impact on other components” (ISO 24765).

Organizational Assessment
  An evaluation of the quality of a {term}`registered technology provider’s <RTP>` product development practices by an {term}`accredited assessor organization <Accredited Assessor Organization>` to determine how mature a product’s software assurance is including usability and accessibility.

Organizational Maturity Score
  A numerical value assigned by an accredited accessor that measures the quality of a technology provider’s product development practices to answer the question “how good is the organization at developing technology products?”.

Port
  A bundle of interfaces that provides system functionality.

Product
  An election technology submitted to RABET-V such as a voter registration database, an electronic pollbook, the website of a government election authority, or another non-voting election technology.

Product Implementation Score
  A numerical value assigned by an accredited accessor that determines the ability for the system to prevent unintended actions or output to answer the question “does the product prevent unintended outcomes?”

Product Revision
  A specific version of the {term}`product` submitted to RABET-V.

Product Revision Submission
  A submission by the Registered Technology Provider that includes all changes being made to a product that has already been through the RABET-V process.

Product Submission
  The set of information and artifacts provided by the Registered Technology Provider necessary to initiate or revise the RABET-V process.

Product Verification
  An attestation of whether a product prevents unintended outcomes outlined in claims made by the {term}`registered technology provider’s <RTP>`.

RABET-V Administrator
  The organization responsible for overseeing and executing the RABET-V Program. CIS is the administrator for the program.

RABET-V Iteration
  A complete cycle through the RABET-V activities with a unique {term}`product revision`. The first iteration is called the Initial Iteration.

RABET-V Public Listing Site
  A website maintained by CIS that identifies current RABET-V Listed Products.

RABET-V Portal
  A platform for accredited assessors, RTPs, and state/local jurisdictions to register for the RABET-V program and communicate about RABET-V activities. [Click here](https://rabetv.cisecurity.org/s/login/) to register or log-in to the Portal.

RABET-V Strategic Advisory Committee
  A group composed of representatives from national election official associations, the EAC, the sector coordinating committee, and members of the accessibility and disability communities who provide feedback on the strategic direction of RABET-V.

RTP
Registered Technology Provider
  An organization that develops election technology and has registered for the RABET-V program.

Reliability
  The “degree to which a system, product or component performs specified functions under specified conditions for a specified period of time” (ISO 25010:2011).

Required Security Services
  Mechanisms used to provide confidentiality, integrity authentication, source authentication and/or support non-repudiation of information.

Security Control Family
  A group of security services that supports the security goals. See [RABET-V control families](/appendices/rabet-v_control_families.md).

Security Enclave
  Collection of components connected by one or more internal networks under the control of a single authority and security policy. The systems may be structured by physical proximity or by function, independent of location, according to [the UAF](https://www.omg.org/uaf/). 

Security Service
  A capability that supports one, or many, of the security goals (NIST definition). Multiple security services (or controls) are collected in a {term}`security control family <Security Control Family>`.

Security Services Architecture
  An architectural view created in the architecture assessment which identifies components and maps them to the 10 {term}`security control families <Security Control Family>`.

Services
  A system level component that provides data processing capabilities.

Test Plan
  A unique assessment scheme for each product built from the results of the organizational and architecture maturity scores, which stays valid as long as there are no changes impacting the organizational and architecture maturity scores during the current RABET-V iteration.

Transparent Service
  A security service that is not directly or indirectly invoked by the system.


```