Exercising a plan before it is needed is almost as important as having the plan in the first place. Virtually any type of plan can be exercised, including normal operations and in the face of network disruptions, physical threats, disinformation, power outages, and many other types of incidents.
Generally, you can either take part in exercises offered by others – such as a state election office or CISA – or run your own exercises internally. Both are important. Internal exercises will test your own plans and your ability to execute on them. External exercises will further test those plans and introduce ideas you may not have considered.
Learn the types of exercises that make sense for your organization (Level 1 maturity)
Participate in exercises or create your own (Level 1 maturity)
For Exercising Plans, the necessary actions vary by maturity as detailed below.
Level 1 Maturity#
Participate in CISA’s annual Tabletop the Vote exercise through your state leadership.
Your state may have other exercises. Contact your state election director and consider participating in these as well.
Have plans for other incidents and exercise them at least annually. While facilitated exercises are preferred, an internal tabletop-style walkthrough is better than nothing.
Level 2 and Level 3 Maturities#
Organizations operating at a Level 2 or Level 3 maturity should take additional actions, including:
Consider participating in other exercises or creating your own with the CISA critical infrastructure exercise guides.
Have a regular schedule for exercises. Stick to it.
Mapping to CIS Controls and Safeguards#
17.1: Designate Personnel to Manage Incident Handling
17.2: Establish and Maintain Contact Information for Reporting Security Incidents
17.3: Establish and Maintain an Enterprise Process for Reporting Incidents
17.4: Establish and Maintain an Incident Response Process
17.5: Assign Key Roles and Responsibilities
17.6: Define Mechanisms for Communicating During Incident Response
17.7: Conduct Routine Incident Response Exercises
17.8: Conduct Post-Incident Reviews
17.9: Establish and Maintain Security Incident Thresholds
Mapping to CIS Handbook Best Practices#