I would assume it should be relatively easy to run a diagnostic program by a third party developer both before and during an election on a spot basis to insure against tampering that could certify the machines working as expected.
How do you ensure that the machine is actually running the software it's supposed to be? Even years ago, many boot sector viruses would patch the "sector read" routine so that a request to read the boot sector would return a copy of the legitimate one, and such games continue with things like the XCP rootkit distributed by Sony. If hardware isn't set up to prevent stealthing, it may be very difficult to ensure that machines aren't running fake software.