Election Security Self-assessments
Having good security means understanding your risks. Understanding your risks requires a security assessment. CIS has developed a program to help your agency conduct an election security self-assessment.
The Election Infrastructure Assessment Tool
The Election Infrastructure Assessment Tool (EIAT) helps election officials and IT personnel speak a common language. Users can assess the security readiness of their election infrastructure using this program.
The EIAT was developed using the security best practices found in A Handbook for Elections Infrastructure Security. The tool describes how to apply 88 recommended IT best practices to each aspect of the election environment. The EIAT is tailored to address:
- Voter registration
- Election management systems
- Election night results reporting
- Vote capture devices
- Vote tabulation devices
The tool also provides a dashboard displaying each jurisdiction’s overall risk profile against the national average of all participating jurisdictions. This dashboard helps users assess their election security.
Getting started with EIAT
The EIAT is free for election officials. It’s structured for use by local election officials, as part of a management control plan, or by IT administrators. The tool reflects the need for jurisdictions to implement a methodological approach to prepare for today’s modern election environment. With correct permissions, the EIAT allows state-level jurisdictions to view the results of localities in its state.
Using the tool
The EIAT provides a guided walkthrough of each CIS election security best practice. Each security recommendation falls into one of five categories: devices, processes, software, users, or transmissions. Each best practice provides a high-level description of the activity, key technical recommendations, and resources for additional context.