The EI-ISAC’s Essential Guide to Election Security

Introduction

• The Essential Guide to Election Security

Maturity

• Maturities
• Determining Your Maturity Level
• Prioritizing Best Practices for the Level 1 maturity
• Prioritizing Best Practices for the Level 2 and Level 3 maturities

Best Practices

• Index of Best Practices
• Addressing Physical Threats
• Join the EI-ISAC
• Asset Management
• Encrypt Data at Rest
• Encrypt Data in Transit
• Managing Infrastructure with Secure Configurations
• User Management
• Backups
• Incident Response Planning
• Building and Managing Staff
• Patching and Vulnerability Management
• Remediate Penetration Test Findings
• Perform Internal Penetration Test
• Network Segmentation Based on Sensitivity
• Managing Remote Connections
• Firewalls and Port Restrictions
• Endpoint Protection
• Malicious Domain Blocking and Reporting
• Network Monitoring and Intrusion Detection
• Managing Wireless Networks
• Public-Facing Network Scanning
• Website Security
• Managing Removable Media
• Exercising Plans
• Formal Cybersecurity Assessments
• Implementing the CIS Controls
• Managing Inaccurate Election Information
• Managing Vendors
• Defense-in-Depth
• Artificial Intelligence in Elections
• Preparing for Election Day Disruptions

Appendices

• Index of Appendices
• About the Essential Guide to Election Security
• How to Use the Essential Guide to Election Security
• Level 1 Worksheets
• Mapping to the Handbook for Election Infrastructure Security

Primer on Election Infrastructure Security

• A Primer on Election Infrastructure Security
• Election Systems and Their Network Connections
• Voter Registration
• Pollbooks
• State and Local Election Management Systems
• Vote Capture
• Vote Tabulation
• Election Results Reporting and Publishing

Glossary and Acronyms

• Glossary
• Acronyms