Press Release

CISA Releases Guide to Operational Security for Election Officials


WASHINGTON –Today, the Cybersecurity and Infrastructure Security Agency (CISA) released its “Guide to Operational Security for Election Officials.” This essential guide aims to enhance the security of election infrastructure by providing a thorough overview of operational security (OPSEC) within the election context, highlighting potential risks and offering practical mitigation measures.

Operational security is a systematic approach to identifying and protecting sensitive information, data, or capabilities within an organization.  Without robust safeguards, sensitive information can be inadvertently or deliberately exposed and exploited by threat actors, potentially impacting the ability of election workers to fulfill their duties, exposing voters’ personally identifiable information (PII) and enabling unauthorized access to internal systems and facilities.

By incorporating OPSEC principles into daily election operations and fostering a culture of security awareness, election workers can significantly reduce the risk of unauthorized disclosures while maintaining a transparent elections process and responding to public inquiries.  The guide emphases the importance of viewing data from an adversary’s perspective to holistically assess and mitigate potential threats.

“CISA provides various training programs for election workers, including secure practices, incident response planning, and de-escalation techniques.” said CISA Special Advisor to the Director for Election Security Cait Conley. “This guide is another excellent resource CISA provides the public with to keep our elections safe and secure.”

Key points from the Guide:

  • OPSEC is critical for protecting election infrastructure from exposure to potential threat actors.
  • Embedding OPSEC principles in daily operations helps prevent unauthorized access to sensitive information.
  • Training and awareness of OPSEC principles enable election workers to understand and manage aggregated risks effectively.
  • The guide provides real-world examples and mitigation activities to strengthen operational security. 

To learn more, visit #Protect2024 on