Election Security Resource Library


Securing election infrastructure from new and evolving threats is a vital national interest that requires a whole-of-society approach. This library provides State and local governments, election officials, campaigns, the vendor community, and voters with voluntary tools to secure election-related assets, facilities, networks and systems from cyber and physical risks.

In addition, COVID-19 resources were developed by the Election Infrastructure Subsector’s Government Coordinating Council (GCC) and Sector Coordinating Council (SCC) Joint COVID-19 Working Group to provide voluntary tools for State and local election officials to assess risk, secure their systems, and respond to any cyber-related incidents involving their elections systems.

Beyond these resources, CISA provides voluntary and free cybersecurity assessments, training programs, and other infrastructure security assistance.
 

checklist_icon icon_plans icon_election Icon_infographic icon_national_map

Checklists and Guides

Fact Sheets

Flyers

Infographics

Plans and Reports

 

Checklists and Guides

Campaign Checklist for Securing Your Cyber Infrastructure: A cybersecurity checklist to support political campaigns in protecting against malicious actors.

Cyber Incident Detection and Notification Planning Guide for Election Security: A planning guide with templates to help jurisdictions effectively recognize and respond to potential cyber incidents. Templates can be tailored to fit the exact needs of each jurisdiction.

Election Infrastructure Security Resource Guide: A catalog of CISA’s wide range services and products (cybersecurity assessments, on-site and virtual trainings and exercises, and other resources) available to support State and local election officials.

Guide to Vulnerability Reporting for America’s Election Administrators: Provides election administrators with a step-by-step guide, list of resources, and a template for establishing a successful vulnerability disclosure program to address possible vulnerabilities in their election systems.

Incident Handling Overview for Election Officials: A summary of CISA’s cyber incident response team services that includes best practices for incident response planning, a checklist for requesting assistance, overview of the incident response process, and common mistakes to avoid.

Physical Security of Voting Locations and Election Facilities: A general guide with resources and actionable steps—to Connect, Plan, Train, and Report—that election officials should consider to improve the physical security posture and enhance resilience of election operations in their jurisdiction.

Protecting Your Networks from Ransomware: An interagency guide of Federal government and private industry best practices and mitigation strategies focused on the prevention and response actions to ransomware (malicious software designed to deny access to a computer system or data until a ransom is paid). 

Securing Voter Registration Data: An overview of threats to voter registration websites and databases along with recommendations on how election officials and network administrators can protect against these threats.

Fact Sheets and Flyers

Domain-Based Message Authentication, Reporting and Conformance (DMARC): A fact sheet on the importance of DMARC (an email authentication policy that protects against fake emails disguised to look like legitimate emails from trusted sources), instructions for handling a fraudulent email, and how to adopt DMARC.

Hyper Text Transfer Protocol Secure (HTTPS): A fact sheet on HTTPS—used to encrypt and secure information transmitted between a user's web browser and a website. Encryption is especially important on webpages that collect information through forms or requires a user to login, such as online voter registration.

Leveraging the .gov Top-level Domain: A fact sheet on the importance of using the .gov domain to provide trust and credibility and how to obtain the domain for election-related digital services. The .gov domain identifies U.S.-based government organizations on the internet.

Multi-Factor Authentication (MFA): A fact sheet on using MFA—a layered approach to securing data and applications where a system requires a user to present two or more credentials at login to verify a user's identify. MFA reduces the risk of adversaries gaining access to the targeted physical space, computing device, network, or database.

Ransomware: A fact sheet that includes best practices to protect your systems and data against ransomware, planning for a ransomware incident, recovering from a ransomware attack, and CISA services and support.

Flyers

These joint flyers were co-produced by U.S. Election Assistance Commission (EAC), the National Association of Secretaries of State (NASS), the National Association of State Election Directors (NASED), and/or DHS as voluntary outreach materials.

Before You Vote – National: A flyer to educate voters on actions they should take before Election Day.

Before You Vote - State and Local: A flyer that can be customized with a state or local election information website to educate voters on actions they should take before Election Day.

State & Local Official Results: A flyer to remind voters that only State and local election officials provide official results.

Vote with Confidence: A flyer to help voters cast their ballots with confidence.

Infographics

    Election Disinformation Toolkit: A toolkit for election officials to emphasize their role as “trusted voices” for election information, and to spread the importance of “we’re all in this together” in reducing the impacts of disinformation campaigns on the 2020 elections.

    Election Infographic Products: A set of five products designed to combat disinformation by equipping election officials, stakeholders, and voters with information on the mail-in voting, post election, and election result processes (which vary by state and/or jurisdictions). The products include:

    [Note: CISA is committed to providing access to our webpages and documents for individuals with disabilities, both members of the public and federal employees. If the format of any elements or content within these documents interfere with your ability to access the information, as defined in the Rehabilitation Act, please email EISSA@cisa.dhs.gov. To enable us to respond in a manner most helpful to you, please indicate the nature of your accessibility problem and the preferred format in which to receive the material.]

    Ensuring and Securing Your Vote - National Audience: An infographic outlining best practices for voters to consider pre-election, election day, and post-election. This infographic was co-produced by the U.S. Election Assistance Commission (EAC), the National Association of Secretaries of State (NASS), the National Association of State Election Directors (NASED), and DHS.  

    Ensuring and Securing Your Vote – State & Local Audience: An infographic outlining best practices for voters that can be customized to include a State or local website. This infographic was co-produced by the EAC, NASS, and the NASED.

    Foreign Interference Taxonomy: An infographic that explains malign actions taken by foreign governments or foreign actors for the purpose of undermining the interests of the U.S. and its allies.

    Three P’s of Voting: An infographic to help voters understand the importance of being prepared ahead of elections to cast their vote, participating to help during local elections, and being patient as increased usage of mail-in and absentee ballots may lead to slower than usual results reporting in some states.

    U.S. Electoral Process Infographic: An infographic that outlines pre-election, election day, and post-election activities that rely on election infrastructure.

    Plans and Reports

    #Protect2020 Strategic Plan: The #Protect2020 Strategic Plan provides a strategic overview to guide the Agency’s operations in support of the 2020 general elections, and the primaries leading up to the general election. 

    Best Practices for Continuity of Operations (Handling Destructive Malware): A report providing organizations recommended guidance and considerations as part of their network architecture, security baseline, continuous monitoring, and Incident Response practices in order to actively prepare for and respond to a disruptive event. 

    DHS Election Infrastructure Security Funding Consideration: A report providing the election community possible considerations, both short and long term, for the use of 2018 Congressionally-appropriated election funding, as well as support for procurement decisions regarding use of the funding.

    Election Infrastructure Subsector-Specific Plan: The Election Infrastructure Subsector-Specific Plan combines the mission, goals, and priorities of its public and private sector partners to help foster ongoing collaboration. It also outlines the Subsector’s strategic direction for enhancing election infrastructure security. The plan was updated in 2020.

    Other Resources

    Election Security GCC and SCC Resources

    CISA’s Countering Foreign Influence Task Force 

    #Protect2020 | Foreign Interference Resources

    CISA’s Cybersecurity Assessments

    Critical Infrastructure Training


    For questions or comments, email EISSA@cisa.dhs.gov.

    Was this document helpful?  Yes  |  Somewhat  |  No