CISA’s election security resource library provides voluntary, no-cost informational resources for use by state, local, tribal and territorial (SLTT) governments; private sector election infrastructure partners; and the public. These resources are designed to enhance the security and resilience of election infrastructure by helping stakeholders understand and mitigate risks to elections.
A general guide with resources and actionable steps to connect, plan, train, and report for election officials to improve their physical security posture and enhance resilience of election operations in their jurisdiction.
This resource offers guidance on understanding and mitigating the risk of insider threats to elections, highlights risk relevant to elections, and offers direction for establishing an insider threat mitigation program.
SLTT guidance on how to administer and secure election ballot drop box infrastructure. General guidance around number of boxes needed and good locations, as well as security considerations and resources are outlined.
This guide helps election officials think through how systems may be impacted by denial-of-service (DoS) incidents, how to coordinate with service providers, and how to incorporate DoS incidents into incident response planning. Spanish Version
A fact sheet on DMARC - the email authentication policy that protects against fake emails disguised to look like legitimate emails from trusted sources, instructions for handling a fraudulent email, and how to adopt DMARC. Spanish Version
A fact sheet that includes best practices to protect your systems and data against ransomware, planning for a ransomware incident, recovering from a ransomware attack, and CISA services and support.
A fact sheet on how to counter or prevent email-based attacks, including best practices to reduce potential email-based cybersecurity threats, ways to secure user accounts, and take advantage of security measures offered by email providers.
This guide helps jurisdictions effectively recognize and respond to potential cyber incidents. Election offices can use this as a basic cyber incident response plan or integrate it into a broader plan.
A checklist for political campaigns to protect against malicious actors via a variety of recommended cybersecurity measures. The checklist includes general steps to take along with explanations of the security benefits they afford.
In this 2020 document, we identify risks and considerations for election administrators seeking to use electronic ballot delivery, electronic ballot marking, and/or electronic return of marked ballots.
This guide provides an overview for election officials on preparing to handle mail safely, identifying potentially suspicious mail, and responding to potential hazardous materials exposure from handling mail.
This Spanish-language guide provides an overview for election officials on preparing to handle mail safely, identifying potentially suspicious mail, and responding to potential hazardous materials exposure from handling mail.
An overview of chain of custody, the risks resulting from a broken chain of custody, and an initial framework with five actionable steps for critical infrastructure owners and operators to secure chain of custody.
A summary of CISA’s cyber incident response team services that includes best practices for incident response planning, a checklist for requesting assistance, overview of the incident response process, and common mistakes to avoid.
Foreign Influence Operations and Disinformation
CISA Insights: Preparing for and Mitigating Foreign Influence Operations Targeting Critical Infrastructure
This CISA Insights makes critical infrastructure owners and operators aware of the risks of influence operations leveraging social media and online platforms. Organizations can take steps to ensure swift information sharing.
An overview of synthetic media threats, techniques, and trends. Threats from synthetic media, such as deepfakes, have exponentially increased—presenting a growing challenge to include for national critical infrastructure owners and operators.
An overview of generative AI-enabled capabilities relevant to election security, how these capabilities can be used by malicious actors to target the security and integrity of election infrastructure, and basic mitigations to counter these risks.
Election Infrastructure Subsector
Securing the complex supply chains serving our election infrastructure is mission critical, and comprehensive risk analysis is an important component of this process. This infographic provides some key considerations and recommendations.
This report provides the election community possible considerations, both short- and long-term, for the use of 2018 Congressionally appropriated election funding, as well as support for procurement decisions regarding use of the funding.
This Plan combines the mission, goals, and priorities of its public and private sector partners to help foster ongoing collaboration. It also outlines the Subsector’s strategic direction for enhancing election infrastructure security.
This guide is for organizations, SLTT government officials, and private sector partners seeking to dispel specific MDM narratives through transparent and authoritative information.
Joint Releases with Federal Partners
This fact sheet provides state and local officials with vital information and resources to securely conduct election functions.
Informs the public that foreign actors may intensify efforts to influence the outcome of the 2022 midterm elections.
2022: Malicious Cyber Activity Against Election Infrastructure Unlikely to Disrupt or Prevent Voting
Informs the public that attempts by cyber actors to compromise election infrastructure are unlikely to result in large-scale disruptions or prevent voting.
Election Security Services
A summary of resources available to assist SLTT election officials and their private sector partners in responding to threats to personnel and guidance on assessing and mitigating risks to their physical assets.
A compiled toolkit of free services and tools intended to help state and local government officials, election officials, and vendors enhance the cybersecurity and cyber resilience of U.S. election infrastructure.
This package includes exercise objectives, scenarios, and discussion questions, as well as a collection of cybersecurity references and resources. Use the exercise package to initiate discussions about addressing threats to election infrastructure.