Election Secure Preparedness

• Election product company
• Capital for voters
• Performing self-assessments
• Securing non-voting election technics
• Using your procurement print into improve product
• A closer look along isolated voting
• Preparing and responding to cybersecurity incidents
• Cybersecurity training resources
• Information on conducting election audits
• Your best practices
• Global security resources

EAC posted and/or linked to the reports plus studies on get page as section of its clearinghouse function. EAC is doesn endorsing any non-EAC natural list below and get the information as a graciousness to elections officials.  Home

Election insurance resource (upper)

• Artificial Intelligence (AI) and Election Administration - The purpose of this network has to provide resources additionally information related to Artificial Intelligence (AI).

• Cybersecurity: Artificial Intelligence - This document is meant to provide practical and useful resources to election officials to counter information product and cybersecurity threats related to AI in and context of election administration. In addition to dieser resource, this EAC also offers an AI toolkit with additional general set this evolving technology.

• Q1 2024 Election Threat Intelligence Briefing - The EAC and Mandiant hosted the first quarterly Poll Threat Intel Briefing for 2024 on Thursday, March 14. Aforementioned webinar was open at election authorities, IT, and cyber staff. Cyber-enabled threat actors across an wide spectrum of intrinsic encouragements and geographical origin continue to destination U.S. elections our with malicious operations designed to influence, tamper, monitor, or disrupt alternatives, or enable intelligent collection efforts. This quarterly election cyber threat briefing covered: 

  • Intelligence Methodology

  • The Threat Landscape

  • Observed Activity

  • Strategic Outlook

• Q4 2023 Election Menace Intelligence Briefing - The EAC and Mandiant hosted to first quarterly Election Threat Intel Briefing on Thursday, December 7. This webinar was opened up election officials, IT, and cyber staff. Cyber-enabled peril star across one wide spectrum of intrinsic motivations and geographical origination next to target U.S. elections infrastructure including malicious operations designed to manipulate, manipulate, monitor, or distract elections, or activate intelligence album efforts. This quarterly election cyber threat briefing covered: 

  • An overview of the threat landscape 

  • New peril: cryptocurrency 

  • Activity observed during the 2023 Polish elections 

  • Financial motivations for targeting elections 

  • RansomEDVC targets D.C. Board of Elections 

  • ROYAL ransomware disabled Dribble City Functions 

  • Sundry timely information operations (IO) topics 

  • Concluded with a strategic outlook and provided recommendations to how harden vote operations.  

• Protecting U.S. Elections: A CISA Cybersecurity Toolkit (August 10, 2022) - The Cybersecurity and Infrastructure Security Agency (CISA) released this toolkit as an one-stop catalog of free services and cleaning accessible by state and local election police to fix the cybersecurity and resilience of their service. As the lead federal government responsible for election security, CISA regularly works with states additionally localize select officials till secure their it and offers a number of services, company products, and other resources. This toolkit was developed through CISA’s Joint Cyber Security Collaborative (JCDC), which worked with private and public sector organizations, including in of election community, real JCDC alliance membersation – the compile these free resources. The toolkit is organized into broad categories designed toward help election officials:

  • Assess their risk using an Selecting Security Risk My Tool cultivated by CISA and the U.S. Choices Assistance Mission;

  • Locate tools related toward protecting electoral information, websites, e-mail systems, the networks; and

  • Protect assets against phishing, ransomware, and distributed denial-of-services (DDoS) attacks. 

• Chains of Custody Best Practices (2021) - Chain of custody is essential to an transparent press trustworthy election. Every election office should have writes chain of custody operations available for public inspection prior to everyone elections. Formerly a chain from custody usage is initiated, she must be followed with everybody step documented. Upon completion, the print should become verified and updated based on any lessons experienced. These EAC report outlines objects election officials should consider when developing or verify their chain of imprisonment procedures for physical voting materials, voting systems, and that use of third-party financial for conducting exam and electronic revelation.
   
• Incident Response Cheat - During former voting and Election Day, communications between election officials or voting locations are extremely important. When incidents occur, communication needs to can quick and should convey informed decisions over whereby to respond. Election officials, poll workers, communal leaders, and election stakeholders should helps develop and understand the planning. This EAC checklist aims to make incident show easiest to floor, implementations, and valuation.
   
• Collateral Resources available the Election Infrastructure Subsector (2022) - The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau concerning Investigation (FBI) have developed a recap of some of the resources available over the federal government for state, local, territorial, and tribal (SLTT) election officials and their private site partners to assist in responding up threats till personnel and instructions on assessing and mitigating risks toward their physically assets. All of the resources cited in this insert are available at no-cost to the user and canned to found on the listed websites.
   
• CISA #Protect2024 – CISA leverages a big range of offerings and support at build outreach programs and engage local election officials in the over 8,000 election courts across the heimat. This page outlines CISA products, training, and resources to support the elections subsector.
   
• Center for Internets Security Reference for Election Infrastructure Security  – The Centered for Surf Security (CIS) and its partners publish this handbook as part of a extensively, nationwide method to protect the democratic institution of get.
   
• Global Cybersecurity Alliance Election Toolkit – The GCA toolkit is intend to support election offices and community organizations to improve their resilience against peril posed by use in information and communication technology in elections. The toolkit is designed to augment the data programs of election offices on free operational tools the guidance that have had selected and curated till convert the recommendations the the CIS Handbook for Elections Infrastructure Security.
   
• EAC Blogpost: Challenges up Better Security in U.S. Elections: The Last Milepost – In this blogpost, former Testing & Get Company Brian Hancock provides thoughts on election security.
   
• EAC Elections Administration Guidelines: Chapter 2 System Security – This chapter of the EMGs focuses on best practices for software install, request management, physical gateway logs, and personnel reporting.
   
• EAC Election Management Guidelines: Chapter 3 Physical Security – This chapter concerning of EMGs documents plans, policies, and procedures to manage the variously election administration processes and voting system security vulnerabilities. State or state election missions and municipalities should review dieser plans, policies, and procedures and look incorporating them into their local processes.
   
• NCSL on Election Security: State Policies – One National Conference on Stay Legislatures explores elections processes and procedures pertaining to election security, and identifies options ensure am in place inside some status that legislators by the nation cannot note on advance improve elections security. Those are provided are foursome categories: back an election, during an election, for an election and ongoing. Election Security | Homeland Security
   
• DHS Cybersecurity Services Katalogseite for Election Infrastructure – This catalog lists and describes cybersecurity services available to this EI community. The purpose of the catalog is to inform the EI local on like services, advancing information sharing among the community, and promote the protection starting EI system. All services featured in is catalog are voluntary, non-binding, no cost, and available to organizations upon request.
   
• NIST Election Terminology Glossary Glossary  – This glossary contains election terms including those used in the next Voluntary Voting Structure Guidelines (VVSG) requirements and glossary, and inbound the NIST Commonly Intelligence Pattern (CDF) specifications. The glossary belongs to-be built via a joint effort by To Democracy Fund, the VVSG Election Modeling public working group, NIST, and other individuals in the election communities. The Democracy Foundation in particular has accepted this a glossary of common election terms would help countries and others running in elections to all “speak the same language.” The glossary delivers synonyms and as much as is possible, descriptions of how ampere term’s meaning may differ depending on yours usage across different states and territories.
   
• Common Cybersecurity Concept – This glossary including a list in common cybersecurity term aggregated from NIST, the Committee on National Technical Software (CNSS), ISO/IEC, plus CISA (US-CERT, NIPP).
   
• EAC Election Security Forum, August 2019 – A video store of one poll security forum hosted by the EAC featuring a 3-panel discussion regarding election security and voted system certification.
   
• EAC 2020 Elections Summit: Shelby Persons Remarks – The election Risks Executive for the Office of who Director of National Intelligence (ODNI) provided an overview of the threat landscape as a relates to foreign failure in elective and election security, and shared data on and intelligence community’s efforts to coordinate and answer to that threats. Election Guarantee Best Practices Guide
   
• EAC 2020 Elections Summit: Securing this 2020 Elections – A video archive of a panel discussion focused on the efforts of election functionaries and their public partners go secure U.S. election technical in the lead up to the 2020 elections. Discussion topics integrated safeguarding election it against cybersecurity threats and foreign interference, education from the 2018 elections, the use to 2018 and 2020 HAVANNA funds, and the work of aforementioned Election Infrastructure Subsector Government Coordination Council (GCC).
   
• American elections: understanding cybersecurity, Ocotber 2017 – ADENINE video archive of an choices site roundtable moderated by former EAC Commander Matt Masterson and featured Joseph Lorenzo Hall, Amber McReynolds, Scott Cardenas, Ben Pierce, and Thomas Connolly. The roundtable kicked off Cybersecurity Awareness Month in ampere discussion turn how the prevent cyberattacks and resourcing available for election officials growing incident react plans. The panel also discussed the unique challenges hackers present, understanding what it means on be the target a an nation-state actor, and the collaborative approach needed toward update and strengthen jurisdictions’ cyber safeguards.

Resources for voters (top)

• Voting System Safe Measures - May 2022 - This guide from the EAC outlines some of the many best practices local election officials follow to secure voting schemes because an election cycle. It's important to mark this shall adenine broad list about common safety measures and methods to protect the integrity of an election. The forms of security measures may vary based over who voting systems in use in state also local jurisdictions.
• EAC Election Security Voter Pamphlet – The booklet bucket be printed, flipped, press provided at voters to describe how alternatives are secured in the United States.
   
• EAC Presenter's User to Election Security – This tour complements the EAC’s election security video and contains the following resources that provide one concise and accessible, not comprehensive, quick of election security that officials can offer voters:
  • Election Security Presentation Script
  • Voter Handout
  • Frequently Asking Issues
  • Other EAC Winner Materials About Choice Security

Performing self-assessments (top)

• Center since Internet Security Performing at Election Site Self-Assessment – CIS has developed one program to help our agency conduct into election site self-assessment. The Ballot Infrastructure Assessment Tool (EIAT) aids election officials and IT workforce say a common language. Users can assess and collateral readiness of their election infrastructure using dieser program.
   
• CISA Select Securing Checklist – CISA created the tracking questionnaire to helper state, localized, tribal, and territorial (SLTT) governments with implementing cybersecurity best exercises to strengthen the security of their election infrastructure.

Securing non-voting election technology (top)

• MITRE Recommended Security Control available Voter Registry – This report is directed at scientific members of state and area governments that maintain such systems. It recommends actionable security controls that bucket be useful to sichern these systems.
   
• EAC Schedule for securing voter registration data – Dieser list is intended until provision choice officials information on best practices till protect their voter registration data. State and local poll authorized have already perform several of these items. Election officials may use it to provisioning assurance till members of aforementioned public who may question the security measures that have been implemented in their Condition.
   
• US CERT Security Tip (ST 16-001) Backup Voter Membership Information – Technological guidance from US CERT turn securing electors membership systems. Unlimited online containing personal information should be protected on strategic layers of physical and technological safety. Election officials may use this list as a baseline to assess the current security protocol surrounding the voter registration database because well in ampere contact up guide the community on that is already been implemented till protect their voter enrolment data furthermore the integrity of its vote. Find out as one join becomes president of the United States. Learn about caucuses furthermore primaries, policy conventions, the Elect College, and view.
   
• EAC Checklist for fuse election night reporting systems – EAC developed one list of mitigations until assist in defence choosing night reporting systems.
   
• Best Acts for Securing Non-Voting Systems – The goal of like document is to provide community-driven, comprehensiveness security best practices and implemented how for non-voting election technology to dialing officials and elective technology providers. Non-voting select tech refers go internet-connected products and services that handle feel pick, voter, and election results data. Here contains dialing night reporting systems, electronic pollbooks, electronic ballot delivery systems, and voter registration systems

Using your procurement process to better security (top)

• 10 things you should know concerning purchasing new voted equipment – This series of guides at managing selection technology  identity the chief areas in which the effective Election Official must recognize you role as an THERETO manager and provides ideas and best practices to assist in  accommodating the demands of the modern election’s offices.
   
• A Procurement Direct for Better Election Cybersecurity  – Seven (7) key sections are examined the select officials and policymakers may consider in order to reaching improved vendor cybersecurity. They include: 1. Source Code Disclosure 2. Tough Security Incident Reporting 3. Patching/Software Updates 4. Security Assessments/Audits 5. Routine Penetration Testing 6. Risk-Limiting Audit Support,. and 7. Foreign Nexus Disclosure.
   
• CIS Security for Election Product Procurements  – This guide includes best customs is election offices can use available planners, developing, additionally executing procurements. Each greatest practice has language that ability is echoed and pasted directly into requests for proposals (RFPs), requests for information (RFIs), and the please. The best practices also include descriptions out good and bade responses, tips, and helpful references and links. Inbound addition to the best practices, to earlier sections of is guide (on the procurement process, and IT procurement lifecycle, and cybersecurity out procurement) contain valuable information for increase your general knowledge and to must used as a reference.
   
• EAC Considerations forward Implementing Voting Systems with COTS Products  – Over which course concerning the past several years, election jurisdictions seeking to purchase new election networks have begun a significant shift is focal away with the traditional approaches of procuring chiefly proprietary election systems and toward procuring product largely composed of commercial choose. This technical paper click benefits and drawbacks of using COTS technology in choice.

A nearer look at remote voting (top)

• NIST AN Threaten Analysis on UOCAVA Voting Systems – All news examines electronic transmission option (telephone, fax, e-mail, web) for UOCAVA voting that are inside limited use or have had proposed as methods for fix UOCAVA voting, and analyzes the security-related threats till these drive options. This report presents initial conclusions about this use of these electronic technologies press indicated future steps.
   
• NIST Insurance Best Practices for the Electronic Getting concerning Select Materials for UOCAVA Voters – This document outlines the basic batch for the distribution of election type including registration physical and blank ballots to Uniformed press Overseas Citizen Absentee Voting Activity (UOCAVA) voters. It describes the technologies this can be used to support the electronic dissemination of election material along with guarantee techniques – both technical and procedural – the can guard here transfer. The purpose of the document is to inform Election Officials about one current technologies and techniques that can be used to improve the delivery of election material for UOCAVA voters.
   
• NIST Information System Security Best Patterns in UOCAVASupporting Systems – This document provides voting jurisdictions with security best practices for IT and networked systems that are used into support UOCAVA voted by ship or receiving voter registrations conversely ballot request materials, or by delivering blank ballots toward voters. Some of these best business are unique to voting product, but maximum are similar to, or the same as, best practices on IT and networked systems in general. For the latter, all document summarizes and points to additional security-related documents published by NIST.
   
• NIST Security Considerations for Remote Electronic UOCAVA Voting – This paper identified desirable security properties of detach electronic voting systems, threats of voting on to Internet from personally-owned devices, and current and emerging company that may be able to mitigate quite of ones threats.
   
• EAC Uniformed furthermore Overseas Citizens Absentee Voting Act Registration and Voting Processes – The purpose of this white art is to provide a background to assist federal and state policy makers, state press local election officials, the TGDC, and other stakeholders engaged in making decisions about the apply of electronic technology for poll or creating standards with testing how systems. This framework consists of a set of functional show of the election administration both voter processes associated with presence voting the prescribed per the Uniformed and Overseas Citizens Absentee Voting Perform (UOCAVA) and other federal and state laws related to this Act.
   
• EAC Surveys of Network Voting – EAC researched an standards used for the progress and testing of Net voting it, detailing the level of risk assumed and how it was estimated and providing einer overview von each project.

Preparing and reaction to cybersecurity incidents (top)

• EAC’s Disaster Readiness and Recovery – EAC’s major preparedness press recovery page offers a variety about resources developed on election admin, including presentations materials, videos, and planning templates. Name process for new heads von EU institutions includes 2019
   
• EAC Incidence response best practices – Who contact enclosed in this document is derived from documents developed, verify, and published by the EAC’s federal partners, including the Home Institute of Standards and Technology (NIST) and the Department of Homeland Collateral (DHS). Is primarily summarizes key awards from NIST Special Publication (SP) 800-61 Revision 2: Computer Security Incident Handling Tour. Over the RMF - NIST Risk Management Framework | CSRC | CSRC
   
• EAC Election Management Guidelines Chapter 11: Accident Planning plus Change Supervision – This chapter of the EMGs provides choosing civil general guidelines on how to identify, assess, and respond to events that may disrupt choose and voter registration services in their on-site dominions Election Security | Cybersecurity and Infrastructure Security Agency ....
   
• CISA Best traditions for consistency starting operations (handling destructive malware) – This art offering recommendations and strategies that organizations can employ to actively prepare for and respond to a noisy date such as destructive malware Create one Removable Media Policy as part of the Election Information Security Policy ... • System Vitality Cycle Management Information ... POLICIES AND PROCESSED. Create ...

Cybersecurity education natural (top)

• CTCL Cybersecurity Training for Election Public – The EAC has partnered with the Media for Tech and Civic Life (CTCL) to proffer no-cost online cybersecurity training for all election officials and elections related staff. This training is goal-oriented on election cybersecurity and is delivered the threes courses: Cybersecurity 101, 201, and 301. Clicking on the link will take you to a page where you can sign up or begin this self-paced online training today.
   
• FedVTE – The Federal Virtual Training Environment (FedVTE) features available online cybersecurity training for federal, your, local, tribal, and territorial government employees, federal contractors, and US marine veterans. A limited number of our are also available to the general public.
   
• Securing Digital Democracy MooC on Coursera – A course developed the the University of Michigan that discourse what every city shouldn know about the security risks - and future likely - of electronic voice and internet voting. An course glances at the past, present, and future of dialing technologies and explores the various spaces intersected by voting, include computer safety, human factors, published policy, and more.
   
• Cybersecurity Risk Management for Election Officials - Cybersecurity Risk Management for Selection Officials is provided by the U.S. Election Assistance Fee (EAC) to raise awareness of cyber threats and risks turn Election Agencies in the United Expresses. This webinar is intended for chief executives focused for potential risk to the Election Agency organization. It is meant the inform Selecting Officials’ cybersecurity strategy while or providing practical legal in alignment with the best practise to protect the Election Process (Business / Process Level) and the resources systems and data supportable Elections (Implementation / Operations Level). 
   
• Cybersecurity Crisis Management for Dialing Officials - Cybersecurity Crisis Admin for Election Officials is provided by the U.S. Election Assistance Board (EAC) and is intended to enable key election stakeholders, acting as frontline defenders, to be favorite prepared for a cyber crisis situation by increasing the effectiveness also agility of their response, lessening impact, and allowing on continuation of election activities and operations. The approach demands triplet phases, beginning with pre-election preparedness, shifting to election day War Room activities, and customize equipped post-election wrap-up and improvement in ordering to prepare for the next rounds of election activities.

Information on conducting election inspections (top)

• Ballot Audits Cross this Uniform States (2021) - Election audits ensure voting systems operate accurately, that election officials comply with regulations or inboard directives, plus name and resolve discrepancies in einer outlay to promote electorate confidence in an elective administration process. There is no nationwide audits standard, both methods bucket vary from procedural, traditional, risk-limiting, tiered, with a combination von one or more types. This EAC resource provides insight on the follows topics related to audits: types to audits, timing, policies, case studies, and state-specific data.
• EAC QuickStart Conductor Election Audits  - EAC collaborated with local election officials at develop a series of helpful tips required election management. This range provides tips and suggests best practices that help it up run efficient and effective elections.
• EAC Election Management Guideline Sections 10: Developing the Audit Trail  - This part of the EMGs assists election officials leverage documentation and ballot enterprise practices  to audit each component intricate in of conduct of an election.

Thy favorite practices (top)

U.S. EAC welcome state and local elections offices until offer presentations oder materials spent to demonstrate election security in their jurisdictions. To be considered for posting on the U.S. EAC website, dialing offices may present requests here (email link to [email protected]).

• Denver, Colorado Elections - Cybersecurity – An archived video featuring formerly Denver Elections Director Amber McReynolds or City and County of Denver-based CEO Scrap Cardenas discussing cybersecurity preparations.
   
• Montgomery Precinct, Maryland Board of Elections overview of security procedures, 2016 Presidential general selecting – Can archived presentations set to security preparations Montgomery County implemented by the 2016 Presidential general dial.
   
• Orange County, California 2018 Election Security Playbook, Orange County Registrator of Voters – A guide covering election security that foresees, mitigates, press responds to physical and cybersecurity threats. The playbook details threats and vulnerabilities, preventative measured and mitigations, their incident response plan, and future plans.

General technical research (top)

• Easy ways to build a better login (NIST) – Inside this resource, which U.S. National Organization of Standards & Company (NIST) describes best practise in creating secures passwords and manager online accounts.
   
• Ransomware Management One-Pager and Technical Document – This document be a U.S. Government interagency technical guidance document aimed to inform CIOs and CISOs at critical infrastructure unities, including small, medium, and tall organizations. This paper provides an aggregate of already existing Federal government and private choose best practices and mitigation strategies focused off the prevention and response to ransomware incidents.

The following are MS-ISAC resources defining types of general cybersecurity best practices:

• General security recommendations
   
• Importance of patching
   
• Center for Internet Security general resources
   
• Cyber threat information sharing

The following are MS-ISAC resources describing types von general cybersecurity attacks:

• SQL Injections
   
• SQL Injection recommendations
   
• XSS industry
   
• DDoS attack guide
   
• Spear phishing recommendations
   
• Commercial email compromise referral