The Essential Guide to Election Security#

Want to skip straight to the action?

To first learn more, read on…

A Best Practices Resource for Election Professionals#

The Center for Internet Security (CIS) has developed this Essential Guide to Election Security to serve as a first-stop resource for election officials to learn about best practices in election security. This can aid the process of building a program designed to meet individual needs and abilities of any given election office.

This Guide considers the wide range of technical capabilities and resource availability among the many thousands of election offices in the United States. While providing guidance for all organizational maturities, it emphasizes guidance for small jurisdictions without extensive cybersecurity resources available to them. The most important practices are included for those jurisdictions, with opportunities to ramp up as they mature.

It’s an online guide and is continually updated, though readers can easily export it as a PDF. Read more about this Guide and how it came to be in our about this guide appendix.

Who should use this Guide?#

This Guide helps election officials and their staffs understand their organizational cybersecurity readiness and take steps to improve. It is for jurisdictions of all of sizes and types, though which best practices apply to you will depend on several factors, including, but not limited to:

  • The type of jurisdiction (state vs. county vs. municipality),

  • The structure of election administration in a given state (top-down vs. bottom-up),

  • The types of election equipment owned, and

  • How IT responsibilities are shared with other functions in the jurisdiction, such as when IT is shared with the rest of the county.

Election technology providers and other stakeholders will also find much of the information useful as they consider how their work impacts outcomes in election administration and security.

How do I use this Guide?#

The Guide is organized into several sections:

  1. An introduction,

  2. A description of maturities and how they are used in the document,

  3. A set of best practices for organizations to implement, and

  4. Additional references, tools, and related information in appendices.

You can get more detailed information this Guide and how to use it in our how to.

Identifying Your Organization’s Security Lead#

Regardless of the size of your office, one of the most effective steps to increasing your security posture is identifying someone who you’ll hold accountable for making progress in examining your current maturity status, maintaining existing security processes, implementing best practices, and taking additional steps towards increasing your security posture.

This individual should own and maintain the process of improving your cybersecurity posture, whether you use this Guide to do so or any other resource. Accountability matters!

A Little Encouragement Before You Start#

Many elections officials may not consider themselves security or IT professionals. This Guide takes this into consideration. In addition to implementing the best practices for your maturity, we encourage you to read through the entire Guide. It can provide you an understanding of the types of actions you may want to take as you continually improve your cybersecurity posture.

If you find yourself not understanding something, please reach out to the EI-ISAC elections team at elections@cisecurity.org and trusted partners and peers at the federal, state, and local levels for guidance and support.

This Guide was made possible through support from the Democracy Fund. The content of this Guide is the sole responsibility of CIS and may not reflect the views of its funders.