Securing election infrastructure from new and evolving threats is a vital national interest that requires a whole-of-society approach. This library provides State and local governments, election officials, campaigns, the vendor community, and voters with voluntary tools to secure election-related assets, facilities, networks and systems from cyber and physical risks.
In addition, COVID-19 resources were developed by the Election Infrastructure Subsector’s Government Coordinating Council (GCC) and Sector Coordinating Council (SCC) Joint COVID-19 Working Group to provide voluntary tools for State and local election officials to assess risk, secure their systems, and respond to any cyber-related incidents involving their elections systems.
Beyond these resources, CISA provides voluntary and free cybersecurity assessments, training programs, and other infrastructure security assistance.
Campaign Checklist for Securing Your Cyber Infrastructure: A cybersecurity checklist to support political campaigns in protecting against malicious actors.
Cyber Incident Detection and Notification Planning Guide for Election Security: A planning guide with templates to help jurisdictions effectively recognize and respond to potential cyber incidents. Templates can be tailored to fit the exact needs of each jurisdiction.
Election Infrastructure Security Resource Guide: A catalog of CISA’s wide range services and products (cybersecurity assessments, on-site and virtual trainings and exercises, and other resources) available to support State and local election officials.
Guide to Vulnerability Reporting for America’s Election Administrators: Provides election administrators with a step-by-step guide, list of resources, and a template for establishing a successful vulnerability disclosure program to address possible vulnerabilities in their election systems.
Incident Handling Overview for Election Officials: A summary of CISA’s cyber incident response team services that includes best practices for incident response planning, a checklist for requesting assistance, overview of the incident response process, and common mistakes to avoid.
Physical Security of Voting Locations and Election Facilities: A general guide with resources and actionable steps—to Connect, Plan, Train, and Report—that election officials should consider to improve the physical security posture and enhance resilience of election operations in their jurisdiction.
Protecting Your Networks from Ransomware: An interagency guide of Federal government and private industry best practices and mitigation strategies focused on the prevention and response actions to ransomware (malicious software designed to deny access to a computer system or data until a ransom is paid).
Securing Voter Registration Data: An overview of threats to voter registration websites and databases along with recommendations on how election officials and network administrators can protect against these threats.
CISA Insights: Chain of Custody and Critical Infrastructure Systems: This CISA Insights provides an overview of what chain of custody is, highlights the potential impacts and risks resulting from a broken chain of custody, and offers critical infrastructure owners and operators an initial framework with five actionable steps for securing chain of custody for their physical and digital assets. It also includes examples of physical and digital chain of custody for the election infrastructure subsector, chemical sector, and more.
Domain-Based Message Authentication, Reporting and Conformance (DMARC): A fact sheet on the importance of DMARC (an email authentication policy that protects against fake emails disguised to look like legitimate emails from trusted sources), instructions for handling a fraudulent email, and how to adopt DMARC.
Hyper Text Transfer Protocol Secure (HTTPS): A fact sheet on HTTPS—used to encrypt and secure information transmitted between a user's web browser and a website. Encryption is especially important on webpages that collect information through forms or requires a user to login, such as online voter registration.
Multi-Factor Authentication (MFA): A fact sheet on using MFA—a layered approach to securing data and applications where a system requires a user to present two or more credentials at login to verify a user's identify. MFA reduces the risk of adversaries gaining access to the targeted physical space, computing device, network, or database.
Ransomware: A fact sheet that includes best practices to protect your systems and data against ransomware, planning for a ransomware incident, recovering from a ransomware attack, and CISA services and support.
Sign Up for a .gov Domain: Information for Election Officials: This fact sheet explains the importance for election officials to sign up for a .gov domain. Election officials continue to combat false and misleading election information, making it increasingly difficult to identify trusted sources of information. As the Agency that oversees the .gov top-level domain, CISA provides .gov domains for election offices to help the public quickly identify accurate election information.
These joint flyers were co-produced by U.S. Election Assistance Commission (EAC), the National Association of Secretaries of State (NASS), the National Association of State Election Directors (NASED), and/or DHS as voluntary outreach materials.
Before You Vote – National: A flyer to educate voters on actions they should take before Election Day.
Before You Vote - State and Local: A flyer that can be customized with a state or local election information website to educate voters on actions they should take before Election Day.
State & Local Official Results: A flyer to remind voters that only State and local election officials provide official results.
Vote with Confidence: A flyer to help voters cast their ballots with confidence.
Election Disinformation Toolkit: A toolkit for election officials to emphasize their role as “trusted voices” for election information, and to spread the importance of “we’re all in this together” in reducing the impacts of disinformation campaigns on the 2020 elections.
Election Infographic Products: A set of five products designed to combat disinformation by equipping election officials, stakeholders, and voters with information on the mail-in voting, post election, and election result processes (which vary by state and/or jurisdictions). The products include:
- Mail-in Voting Processing Factors Map: A weekly-updated map that offers a visual of the movement in each state’s mail-in ballot processing.
- Mail-in Voting 2020 Policy Changes Map: A map that offers a visual of changes established to each state as a result of COVID-19.
- Mail-in Voting Election Integrity Safeguards Infographic: A product that provides the description and in-person equivalent for procedural and physical ballot safeguards.
- Post Election Process Mapping Infographic: A product that provides a timeline of post-election processes for the Presidential election from close of polls on Election Day, November 3, 2020, to Inauguration Day on January 20, 2021.
- Election Results Reporting Risk and Mitigations Infographic: A product that provides an overview of the risks associated with results reporting systems and how they are managed through mitigating measures.
[Note: CISA is committed to providing access to our webpages and documents for individuals with disabilities, both members of the public and federal employees. If the format of any elements or content within these documents interfere with your ability to access the information, as defined in the Rehabilitation Act, please email EISSA@cisa.dhs.gov. To enable us to respond in a manner most helpful to you, please indicate the nature of your accessibility problem and the preferred format in which to receive the material.]
Ensuring and Securing Your Vote - National Audience: An infographic outlining best practices for voters to consider pre-election, election day, and post-election. This infographic was co-produced by the U.S. Election Assistance Commission (EAC), the National Association of Secretaries of State (NASS), the National Association of State Election Directors (NASED), and DHS.
Ensuring and Securing Your Vote – State & Local Audience: An infographic outlining best practices for voters that can be customized to include a State or local website. This infographic was co-produced by the EAC, NASS, and the NASED.
Foreign Interference Taxonomy: An infographic that explains malign actions taken by foreign governments or foreign actors for the purpose of undermining the interests of the U.S. and its allies.
Three P’s of Voting: An infographic to help voters understand the importance of being prepared ahead of elections to cast their vote, participating to help during local elections, and being patient as increased usage of mail-in and absentee ballots may lead to slower than usual results reporting in some states.
U.S. Electoral Process Infographic: An infographic that outlines pre-election, election day, and post-election activities that rely on election infrastructure.
Best Practices for Continuity of Operations (Handling Destructive Malware): A report providing organizations recommended guidance and considerations as part of their network architecture, security baseline, continuous monitoring, and Incident Response practices in order to actively prepare for and respond to a disruptive event.
DHS Election Infrastructure Security Funding Consideration: A report providing the election community possible considerations, both short and long term, for the use of 2018 Congressionally-appropriated election funding, as well as support for procurement decisions regarding use of the funding.
Election Infrastructure Subsector-Specific Plan: The Election Infrastructure Subsector-Specific Plan combines the mission, goals, and priorities of its public and private sector partners to help foster ongoing collaboration. It also outlines the Subsector’s strategic direction for enhancing election infrastructure security. The plan was updated in 2020.
For questions or comments, email EISSA@cisa.dhs.gov.