Securing election infrastructure from new and evolving threats is a vital national interest that requires a whole-of-society approach. This library provides State and local governments, election officials, campaigns, the vendor community, and voters with voluntary tools to secure election-related assets, facilities, networks and systems from cyber and physical risks.
Beyond these resources, CISA provides voluntary and free cybersecurity assessments, training programs, and other infrastructure security assistance.
Checklists and Guides
Campaign Checklist for Securing Your Cyber Infrastructure: A cybersecurity checklist to support political campaigns in protecting against malicious actors.
Cyber Incident Detection and Notification Planning Guide for Election Security: A planning guide with templates to help jurisdictions effectively recognize and respond to potential cyber incidents. Templates can be tailored to fit the exact needs of each jurisdiction.
Election Infrastructure Security Resource Guide: A catalog of CISA’s wide range services and products (cybersecurity assessments, on-site and virtual trainings and exercises, and other resources) available to support State and local election officials.
Guide to Vulnerability Reporting for America’s Election Administrators: Provides election administrators with a step-by-step guide, list of resources, and a template for establishing a successful vulnerability disclosure program to address possible vulnerabilities in their election systems.
Incident Handling Overview for Election Officials: A summary of CISA’s cyber incident response team services that includes best practices for incident response planning, a checklist for requesting assistance, overview of the incident response process, and common mistakes to avoid.
Protecting Your Networks from Ransomware: An interagency guide of Federal government and private industry best practices and mitigation strategies focused on the prevention and response actions to ransomware (malicious software designed to deny access to a computer system or data until a ransom is paid).
Securing Voter Registration Data: An overview of threats to voter registration websites and databases along with recommendations on how election officials and network administrators can protect against these threats.
Fact Sheets and Flyers
Domain-Based Message Authentication, Reporting and Conformance (DMARC): A fact sheet on the importance of DMARC (an email authentication policy that protects against fake emails disguised to look like legitimate emails from trusted sources), instructions for handling a fraudulent email, and how to adopt DMARC.
Hyper Text Transfer Protocol Secure (HTTPS): A fact sheet on HTTPS—used to encrypt and secure information transmitted between a user's web browser and a website. Encryption is especially important on webpages that collect information through forms or requires a user to login, such as online voter registration.
Leveraging the .gov Top-level Domain: A fact sheet on the importance of using the .gov domain to provide trust and credibility and how to obtain the domain for election-related digital services. The .gov domain identifies U.S.-based government organizations on the internet.
Multi-Factor Authentication (MFA): A fact sheet on using MFA—a layered approach to securing data and applications where a system requires a user to present two or more credentials at login to verify a user's identify. MFA reduces the risk of adversaries gaining access to the targeted physical space, computing device, network, or database.
Ransomware: A fact sheet that includes best practices to protect your systems and data against ransomware, planning for a ransomware incident, recovering from a ransomware attack, and CISA services and support.
These joint flyers were co-produced by U.S. Election Assistance Commission (EAC), the National Association of Secretaries of State (NASS), the National Association of State Election Directors (NASED), and/or DHS as voluntary outreach materials.
Before You Vote – National: A flyer to educate voters on actions they should take before Election Day.
Before You Vote - State and Local: A flyer that can be customized with a state or local election information website to educate voters on actions they should take before Election Day.
State & Local Official Results: A flyer to remind voters that only State and local election officials provide official results.
Vote with Confidence: A flyer to help voters cast their ballots with confidence.
Ensuring and Securing Your Vote - National Audience: An infographic outlining best practices for voters to consider pre-election, election day, and post-election. This infographic was co-produced by the U.S. Election Assistance Commission (EAC), the National Association of Secretaries of State (NASS), the National Association of State Election Directors (NASED), and DHS.
Ensuring and Securing Your Vote – State & Local Audience: An infographic outlining best practices for voters that can be customized to include a State or local website. This infographic was co-produced by the EAC, NASS, and the NASED.
Foreign Interference Taxonomy: An infographic that explains malign actions taken by foreign governments or foreign actors for the purpose of undermining the interests of the U.S. and its allies.
U.S. Electoral Process Infographic: An infographic that outlines pre-election, election day, and post-election activities that rely on election infrastructure.
Plans and Reports
#Protect2020 Strategic Plan: The #Protect2020 Strategic Plan provides a strategic overview to guide the Agency’s operations in support of the 2020 general elections, and the primaries leading up to the general election.
Best Practices for Continuity of Operations (Handling Destructive Malware): A report providing organizations recommended guidance and considerations as part of their network architecture, security baseline, continuous monitoring, and Incident Response practices in order to actively prepare for and respond to a disruptive event.
DHS Election Infrastructure Security Funding Consideration: A report providing the election community possible considerations, both short and long term, for the use of 2018 Congressionally-appropriated election funding, as well as support for procurement decisions regarding use of the funding.
Election Infrastructure Subsector-Specific Plan: The Election Infrastructure Subsector-Specific Plan combines the mission, goals, and priorities of its public and private sector partners to help foster ongoing collaboration. It also outlines the Subsector’s strategic direction for enhancing election infrastructure security. The plan was updated in 2020.
For questions or comments, email EISSA@cisa.dhs.gov.