Under HAVA and the EAC’s Voluntary Voting System Guidelines, certification is intended to guarantee that only rigorously tested configurations—with locked‑down software, no unauthorized network paths, and robust audit logging—are used in live elections. In a national security context, certification should function like type‑certification for aircraft or crypto modules: it should sharply limit attack surface, ensure traceability, and give intelligence and law‑enforcement agencies confidence that exploited weaknesses will leave forensic traces.​