| Whitelist which IPs can access the device |
1 |
Devices |
Network Connected |
High |
No |
Low |
Low |
|
| Connectedness Class |
Priority |
| Network Connected |
High |
|
1 |
Whitelist which IPs can access the device |
|
| Applicable CSS Controls |
#14: Controlled Access Based on the Need to Know
The processes and tools used to track/control/prevent/correct secure access to critical assets (e.g., information, resources, systems) according to the formal determination of which persons, computers, and applications have a need and right to access these critical assets based on an approved classification.
|
| Asset Class |
Connectedness Class |
Priority |
Potential Resistance |
Upfront Cost |
Ongoing Maint. Cost |
| Devices |
Network Connected |
High |
No |
Low |
Low |
| Resource |
|
CISCO recommendations on how to implement Access Control Lists on Perimeter Devices: https://www.cisco.com/c/en/us/support/docs/security/ios-firewall/23602-confaccesslists.html.
|
|
|
| Regularly scan the network to ensure only authorized devices are connected |
2 |
Devices |
Network Connected |
High |
No |
Medium |
Medium |
|
| Connectedness Class |
Priority |
| Network Connected |
High |
|
2 |
Regularly scan the network to ensure only authorized devices are connected |
|
| Applicable CSS Controls |
#1.1: Automated Asset Inventory Tool
Deploy an automated asset inventory discovery tool and use it to build a preliminary inventory of systems connected to an organization’s public and private network(s). Both active tools that scan through IPv4 or IPv6 network address ranges and passive tools that identify hosts based on analyzing their traffic should be employed.
#12.8: Periodically Scan For Back-channel Connections To The InternetPeriodically scan for back-channel connections to the Internet that bypass the DMZ, including unauthorized VPN connections and dual-homed hosts connected to the enterprise network and to other networks via wireless, dial-up modems, or other mechanisms. |
| Asset Class |
Connectedness Class |
Priority |
Potential Resistance |
Upfront Cost |
Ongoing Maint. Cost |
| Devices |
Network Connected |
High |
No |
Medium |
Medium |
| Resource |
|
Automated tools should be available to actively scan the internal environment, while DHS and MS-ISAC services can assist organizations with scanning their externally facing assets.
|
|
|
| Limit the devices that are on the same subnet to only those devices required |
3 |
Devices |
Network Connected |
High |
No |
Medium |
Medium |
|
| Connectedness Class |
Priority |
| Network Connected |
High |
|
3 |
Limit the devices that are on the same subnet to only those devices required |
|
| Applicable CSS Controls |
#14.1: Implement Network Segmentation Based On Information Class
Segment the network based on the label or classification level of the information stored on the servers. Locate all sensitive information on separated VLANS with firewall filtering to ensure that only authorized individuals are only able to communicate with systems necessary to fulfill their specific responsibilities.
|
| Asset Class |
Connectedness Class |
Priority |
Potential Resistance |
Upfront Cost |
Ongoing Maint. Cost |
| Devices |
Network Connected |
High |
No |
Medium |
Medium |
| Resource |
|
NIST guidance is available to help the technical team determine how to appropriately segregate assets and permit access to only those devices or systems requiring access: https://nvd.nist.gov/800-53/Rev4/control/SC-7.
|
|
|
| Only utilize approved and managed USB devices with appropriate device encryption and device authentication |
4 |
Devices |
Network Connected |
High |
No |
Medium |
Low |
|
| Connectedness Class |
Priority |
| Network Connected |
High |
|
4 |
Only utilize approved and managed USB devices with appropriate device encryption and device authentication |
|
| Applicable CSS Controls |
#14: Controlled Access Based on the Need to Know
The processes and tools used to track/control/prevent/correct secure access to critical assets (e.g., information, resources, systems) according to the formal determination of which persons, computers, and applications have a need and right to access these critical assets based on an approved classification.
|
| Asset Class |
Connectedness Class |
Priority |
Potential Resistance |
Upfront Cost |
Ongoing Maint. Cost |
| Devices |
Network Connected |
High |
No |
Medium |
Low |
| Resource |
|
CISCO recommendations on how to implement Access Control Lists on Perimeter Devices:https://www.cisco.com/c/en/us/support/docs/security/ios-firewall/23602-confaccesslists.html.
|
|
|
| Disable wireless peripheral access of devices unless required and the risk is formally approved by election officials |
5 |
Devices |
Network Connected |
High |
No |
Low |
Low |
|
| Connectedness Class |
Priority |
| Network Connected |
High |
|
5 |
Disable wireless peripheral access of devices unless required and the risk is formally approved by election officials |
|
| Applicable CSS Controls |
#15.8: Disable Wireless Peripheral Access (i.e. Bluetooth, WiFi, radio, microwave, satellite, etc.) unless Required
Disable wireless peripheral access of devices (such as Bluetooth and WiFi), unless such access is requiredand risk acceptance is formally documented.
|
| Asset Class |
Connectedness Class |
Priority |
Potential Resistance |
Upfront Cost |
Ongoing Maint. Cost |
| Devices |
Network Connected |
High |
No |
Low |
Low |
| Resource |
|
Microsoft guidance on how to disable Bluetooth: https://technet.microsoft.com/en-us/library/dd252791.aspx.
|
|
|
| Ensure the system is segregated from other independent election systemsand non-election supporting systems |
6 |
Devices |
Network Connected |
High |
No |
High |
Medium |
|
| Connectedness Class |
Priority |
| Network Connected |
High |
|
6 |
Ensure the system is segregated from other independent election systemsand non-election supporting systems |
|
| Applicable CSS Controls |
#14.1: Implement Network Segmentation Based On Information Class
Segment the network based on the type of information and the sensitivity of the information processes and stored. Use virtual LANS (VLANS) to protect and isolate information and processing with different protection requirements with firewall filtering to ensure that only authorized individuals are only able to communicate with systems necessary to fulfill their specific responsibilities.
|
| Asset Class |
Connectedness Class |
Priority |
Potential Resistance |
Upfront Cost |
Ongoing Maint. Cost |
| Devices |
Network Connected |
High |
No |
High |
Medium |
| Resource |
|
While this is an often overlooked control and can require architectural redesigns, this is an important control to pursue. NIST guidance on boundary protection: https://nvd.nist.gov/800-53/Rev4/control/SC-7.
|
|
|
| Deploy Network Intrusion Detection System (IDS) (e.g., MS-ISAC Albert sensor)on Internet and extranet DMZ systems |
7 |
Devices |
Network Connected |
High |
No |
Medium |
Medium |
|
| Connectedness Class |
Priority |
| Network Connected |
High |
|
7 |
Deploy Network Intrusion Detection System (IDS) (e.g., MS-ISAC Albert sensor)on Internet and extranet DMZ systems |
|
| Applicable CSS Controls |
#12.2: Record At Least Packet Header Information On DMZ Networks
On DMZ networks, configure monitoring systems (which may be built in to the IDS sensors or deployed as a separate technology) to record at least packet header information, and preferably full packet header and payloads of the traffic destined for or passing through the network border. This traffic should be sent to a properly configured Security Information Event Management (SIEM) or log analytics system so that events can be correlated from all devices on the network.
|
| Asset Class |
Connectedness Class |
Priority |
Potential Resistance |
Upfront Cost |
Ongoing Maint. Cost |
| Devices |
Network Connected |
High |
No |
Medium |
Medium |
| Resource |
|
The Albert device is part of the MS-ISAC offering: https://www.cisecurity.org/ms-isac/services/albert/.There are a number of commercially-available options, such as: https://www.cisecurity.org/ms-isac/services/albert/.There
|
|
|
| If wireless is required, ensure all wireless traffic use at least Advanced Encryption Standard (AES) encryption with at least Wi-Fi Protected Access 2 (WPA2) |
8 |
Devices |
Network Connected |
High |
No |
Medium |
Low |
|
| Connectedness Class |
Priority |
| Network Connected |
High |
|
8 |
If wireless is required, ensure all wireless traffic use at least Advanced Encryption Standard (AES) encryption with at least Wi-Fi Protected Access 2 (WPA2) |
|
| Applicable CSS Controls |
#15.5: Protect All Wireless Traffic with AES and WPA2
Ensure that all wireless traffic leverages at least Advanced Encryption Standard (AES) encryption used with at least Wi-Fi Protected Access 2 (WPA2) protection.
|
| Asset Class |
Connectedness Class |
Priority |
Potential Resistance |
Upfront Cost |
Ongoing Maint. Cost |
| Devices |
Network Connected |
High |
No |
Medium |
Low |
| Resource |
|
NIST guidance on how to implement secure wireless networks: https://www.nist.gov/publications/guidelines-securing-wireless-local-area-networks-wlans.
|
|
|
| Use trusted certificates for any publicly-facing website |
9 |
Devices |
Network Connected |
High |
No |
Low |
Low |
|
| Connectedness Class |
Priority |
| Network Connected |
High |
|
9 |
Use trusted certificates for any publicly-facing website |
|
| Asset Class |
Connectedness Class |
Priority |
Potential Resistance |
Upfront Cost |
Ongoing Maint. Cost |
| Devices |
Network Connected |
High |
No |
Low |
Low |
| Resource |
|
Vendor recommendation on deploying certificates with the system. Also, test to verify SSL certificate configuration, with products such as with Qualys: https://www.ssllabs.com/ssltest/.
|
|
|
| Ensure logs are securely archived |
10 |
Process |
Network Connected |
High |
No |
Medium |
Medium |
|
| Connectedness Class |
Priority |
| Network Connected |
High |
|
10 |
Ensure logs are securely archived |
|
| Asset Class |
Connectedness Class |
Priority |
Potential Resistance |
Upfront Cost |
Ongoing Maint. Cost |
| Process |
Network Connected |
High |
No |
Medium |
Medium |
| Resource |
|
Work with appropriate vendors. Additionally, see Microsoft’s How to Set Event Log Security: https://support. microsoft.com/en-us/help/323076/how-to-set-event-log-security-locally-or-by-using-group-policy.
|
|
|
| On a regular basis, review logs to identify anomalies or abnormal events |
11 |
Process |
Network Connected |
High |
No |
Medium |
Medium |
|
| Connectedness Class |
Priority |
| Network Connected |
High |
|
11 |
On a regular basis, review logs to identify anomalies or abnormal events |
|
| Asset Class |
Connectedness Class |
Priority |
Potential Resistance |
Upfront Cost |
Ongoing Maint. Cost |
| Process |
Network Connected |
High |
No |
Medium |
Medium |
| Resource |
|
|
|
|
| Ensure critical data is encrypted and digitally signed |
12 |
Process |
Network Connected |
High |
No |
Medium |
Medium |
|
| Connectedness Class |
Priority |
| Network Connected |
High |
|
12 |
Ensure critical data is encrypted and digitally signed |
|
| Applicable CSS Controls |
#13.2: Deploy Hard Drive Encryption Software
Deploy approved hard drive encryption software to mobile devices and systems that hold sensitive data.
|
| Asset Class |
Connectedness Class |
Priority |
Potential Resistance |
Upfront Cost |
Ongoing Maint. Cost |
| Process |
Network Connected |
High |
No |
Medium |
Medium |
| Resource |
|
Work with appropriate vendors. Additionally, see Microsoft guidance on digital signatures: https://technet. microsoft.com/en-us/library/cc962021.aspx.
|
|
|
| Ensure staff is properly trained on cybersecurity and audit procedures and audit every election in accordance with local, state, and federal guidelines |
13 |
Process |
Network Connected |
High |
No |
Low |
Low |
|
| Connectedness Class |
Priority |
| Network Connected |
High |
|
13 |
Ensure staff is properly trained on cybersecurity and audit procedures and audit every election in accordance with local, state, and federal guidelines |
|
| Asset Class |
Connectedness Class |
Priority |
Potential Resistance |
Upfront Cost |
Ongoing Maint. Cost |
| Process |
Network Connected |
High |
No |
Low |
Low |
| Resource |
|
Work with appropriate vendors. Review EAC guidance: https://www.eac.gov/election-officials/election-management-guidelines/.
|
|
|
| Perform system testing prior to elections (prior to any ballot delivery),such as acceptance testing |
14 |
Process |
Network Connected |
High |
No |
Medium |
Low |
|
| Connectedness Class |
Priority |
| Network Connected |
High |
|
14 |
Perform system testing prior to elections (prior to any ballot delivery),such as acceptance testing |
|
| Asset Class |
Connectedness Class |
Priority |
Potential Resistance |
Upfront Cost |
Ongoing Maint. Cost |
| Process |
Network Connected |
High |
No |
Medium |
Low |
| Resource |
|
Work with appropriate vendors. Review EAC guidance: https://www.eac.gov/election-officials/election-management-guidelines/.
|
|
|
| Ensure acceptance testing is done when receiving or installing new/updated software or new devices |
15 |
Process |
Network Connected |
High |
No |
Low |
Low |
|
| Connectedness Class |
Priority |
| Network Connected |
High |
|
15 |
Ensure acceptance testing is done when receiving or installing new/updated software or new devices |
|
| Asset Class |
Connectedness Class |
Priority |
Potential Resistance |
Upfront Cost |
Ongoing Maint. Cost |
| Process |
Network Connected |
High |
No |
Low |
Low |
| Resource |
|
Work with appropriate vendors. Review EAC guidance: https://www.eac.gov/election-officials/election-management-guidelines/.
|
|
|
| Conduct criminal background checks for all staff including vendors, consultants,and contractors supporting the election process |
16 |
Process |
Network Connected |
High |
No |
Medium |
Medium |
|
| Connectedness Class |
Priority |
| Network Connected |
High |
|
16 |
Conduct criminal background checks for all staff including vendors, consultants,and contractors supporting the election process |
|
| Asset Class |
Connectedness Class |
Priority |
Potential Resistance |
Upfront Cost |
Ongoing Maint. Cost |
| Process |
Network Connected |
High |
No |
Medium |
Medium |
| Resource |
|
Examples of this include National Agency Check Criminal History: https://www.gsa.gov/forms-library/basic-national-agency-check-criminal-history.
|
|
|
| Deploy application whitelisting |
17 |
Software |
Network Connected |
High |
No |
Medium |
Low |
|
| Connectedness Class |
Priority |
| Network Connected |
High |
|
17 |
Deploy application whitelisting |
|
| Applicable CSS Controls |
# 2.2: Deploy Application Whitelisting
Deploy application whitelisting technology that allows systems to run software only if it is included on the whitelist and prevents execution of all other software on the system. The whitelist may be very extensive (as is available from commercial whitelist vendors), so that users are not inconvenienced when using common software. Or, for some special-purpose systems (which require only a small number of programs to achieve their needed business functionality), the whitelist may be quite narrow.
|
| Asset Class |
Connectedness Class |
Priority |
Potential Resistance |
Upfront Cost |
Ongoing Maint. Cost |
| Software |
Network Connected |
High |
No |
Medium |
Low |
| Resource |
|
NIST guidance on how to implement application whitelisting: http://nvlpubs.nist.gov/nistpubs/ SpecialPublications/NIST.SP.800-167.pdf. May have to work with the vendors to implement it on their systems.
|
|
|
| Work with election system provider to ensure base system components(e.g., OS, database) are hardened based on established industry standards |
18 |
Software |
Network Connected |
High |
No |
High |
Low |
|
| Connectedness Class |
Priority |
| Network Connected |
High |
|
18 |
Work with election system provider to ensure base system components(e.g., OS, database) are hardened based on established industry standards |
|
| Applicable CSS Controls |
#3.1: Establish Standard Secure Configurations For OS And Software
Establish standard secure configurations of operating systems and software applications. Standardized images should represent hardened versions of the underlying operating system and the applications installed on the system. These images should be validated and refreshed on a regular basis to update their security configuration in light of recent vulnerabilities and attack vectors.
#18.7: Use Standard Database Hardening TemplatesFor applications that rely on a database, use standard hardening configuration templates. All systems that are part of critical business processes should also be tested. |
| Asset Class |
Connectedness Class |
Priority |
Potential Resistance |
Upfront Cost |
Ongoing Maint. Cost |
| Software |
Network Connected |
High |
No |
High |
Low |
| Resource |
|
CIS Benchmarks provide hardened configurations for consumer grade operating systems and applications: https://www.cisecurity.org/cis-benchmarks/. In addition, NIST provides additional recommendations for baselines https://www.cisecurity.org/cis-benchmarks/. Some vendor products may require tailoring to work with benchmark configured systems. Deviations from the benchmark should be documented.
|
|
|
| Regularly run a SCAP-compliant vulnerability scanner |
19 |
Software |
Network Connected |
High |
No |
Low |
Medium |
|
| Connectedness Class |
Priority |
| Network Connected |
High |
|
19 |
Regularly run a SCAP-compliant vulnerability scanner |
|
| Applicable CSS Controls |
#4.1: Weekly Automated Vulnerability Scanning
Run automated vulnerability scanning tools against all systems on the network on a weekly or more frequent basis and deliver prioritized lists of the most critical vulnerabilities to each responsible system administrator along with risk scores that compare the effectiveness of system administrators and departments in reducing risk. Use a SCAP-validated vulnerability scanner that looks for both code-based vulnerabilities (such as those described by Common Vulnerabilities and Exposures entries) and configuration-based vulnerabilities (as enumerated by the Common Configuration Enumeration Project).
|
| Asset Class |
Connectedness Class |
Priority |
Potential Resistance |
Upfront Cost |
Ongoing Maint. Cost |
| Software |
Network Connected |
High |
No |
Low |
Medium |
| Resource |
|
Principal cost beyond the purchase of the tool is the adjudication and remediation of the findings. SCAP validated tools can be found at: https://nvd.nist.gov/scap/validated-tools and there are a number of other commercially available tools.
|
|
|
| Utilize EAC certified or equivalent software and hardware productswhere applicable |
20 |
Software |
Network Connected |
High |
No |
Medium |
Medium |
|
| Connectedness Class |
Priority |
| Network Connected |
High |
|
20 |
Utilize EAC certified or equivalent software and hardware productswhere applicable |
|
| Asset Class |
Connectedness Class |
Priority |
Potential Resistance |
Upfront Cost |
Ongoing Maint. Cost |
| Software |
Network Connected |
High |
No |
Medium |
Medium |
| Resource |
|
Guidance from EAC about their vendor certification process: https://www.eac.gov/voting-equipment/ frequently-asked-questions/.
|
|
|
| Store secure baseline configuration on hardened offline system and securelydeploy baseline configurations |
21 |
Software |
Network Connected |
High |
No |
Low |
Low |
|
| Connectedness Class |
Priority |
| Network Connected |
High |
|
21 |
Store secure baseline configuration on hardened offline system and securelydeploy baseline configurations |
|
| Applicable CSS Controls |
#3.3: Store Master Images Securely
Store the master images on securely configured servers, validated with integrity checking tools capable of continuous inspection, and change management to ensure that only authorized changes to the images are possible. Alternatively, these master images can be stored in offline machines, air-gapped from the production network, with images copied via secure media to move them between the image storage servers and the production network.
|
| Asset Class |
Connectedness Class |
Priority |
Potential Resistance |
Upfront Cost |
Ongoing Maint. Cost |
| Software |
Network Connected |
High |
No |
Low |
Low |
| Resource |
|
NIST guidance on Software Integrity: https://nvd.nist.gov/800-53/Rev4/control/SI-7.
|
|
|
| Utilize write once media for transferring critical system files and system updates. Where it is not possible to use write-once media, that media should be used one time (for a single direction off transfer to a single destination device) and securely dispose of the media. |
22 |
Software |
Network Connected |
High |
No |
Low |
Low |
|
| Connectedness Class |
Priority |
| Network Connected |
High |
|
22 |
Utilize write once media for transferring critical system files and system updates. Where it is not possible to use write-once media, that media should be used one time (for a single direction off transfer to a single destination device) and securely dispose of the media. |
|
| Asset Class |
Connectedness Class |
Priority |
Potential Resistance |
Upfront Cost |
Ongoing Maint. Cost |
| Software |
Network Connected |
High |
No |
Low |
Low |
| Resource |
|
NIST guidance on Media Protection: https://nvd.nist.gov/800-53/Rev4/control/MP-7.
|
|
|
| Maintain detailed maintenance record of all system components |
23 |
Users |
Network Connected |
High |
No |
Low |
Low |
|
| Connectedness Class |
Priority |
| Network Connected |
High |
|
23 |
Maintain detailed maintenance record of all system components |
|
| Asset Class |
Connectedness Class |
Priority |
Potential Resistance |
Upfront Cost |
Ongoing Maint. Cost |
| Users |
Network Connected |
High |
No |
Low |
Low |
| Resource |
|
Maintenance process, procedures and recommendations based on NIST guidance: https://nvd.nist.gov/800-53/ Rev4/control/MA-2.
|
|
|
| Require the use of multi-factor authentication |
24 |
Users |
Network Connected |
High |
No |
High |
Medium |
|
| Connectedness Class |
Priority |
| Network Connected |
High |
|
24 |
Require the use of multi-factor authentication |
|
| Applicable CSS Controls |
#5.6: Use Multi-factor Authentication For All Administrative Access
Use multi-factor authentication for all administrative access, including domain administrative access.Multi-factor authentication can include a variety of techniques, to include the use of smart cards,certificates,One Time Password (OTP) tokens, biometrics, or other similar authentication methods.
#12.6: Require Two-factor Authentication For Remote LoginRequire all remote login access (including VPN, dial-up, and other forms of access that allow login to internal systems) to use two-factor authentication.#16.11: Use Multi-factor Authentication For Accounts Accessing Sensitive Data Or SystemsRequire multi-factor authentication for all user accounts that have access to sensitive data or systems. Multi-factor authentication can be achieved using smart cards, certificates, One Time Password (OTP) tokens, or biometrics. |
| Asset Class |
Connectedness Class |
Priority |
Potential Resistance |
Upfront Cost |
Ongoing Maint. Cost |
| Users |
Network Connected |
High |
No |
High |
Medium |
| Resource |
|
Vendor specific. NIST guidance on authentication: https://pages.nist.gov/800-63-3/sp800-63b.html.
|
|
|
| Require users to use strong passwords (14 character passphrases)if multi factor authentication is not available |
25 |
Users |
Network Connected |
High |
No |
Low |
Low |
|
| Connectedness Class |
Priority |
| Network Connected |
High |
|
25 |
Require users to use strong passwords (14 character passphrases)if multi factor authentication is not available |
|
| Applicable CSS Controls |
#5.7: User Accounts Shall Use Long Passwords
Where multi-factor authentication is not supported, user accounts shall be required to use long passwords on the system (longer than 14 characters).
#16.12: Use Long Passwords For All User AccountsWhere multi-factor authentication is not supported, user accounts shall be required to use long passwords on the system (longer than 14 characters). |
| Asset Class |
Connectedness Class |
Priority |
Potential Resistance |
Upfront Cost |
Ongoing Maint. Cost |
| Users |
Network Connected |
High |
No |
Low |
Low |
| Resource |
|
Vendor specific. CIS Benchmarks details how this can be implemented for consumer grade operating systems and applications: https://www.cisecurity.org/cis-benchmarks/.
|
|
|
| Limit the number of individuals with administrative access to the platformand remove default credentials |
26 |
Users |
Network Connected |
High |
No |
Low |
Low |
|
| Connectedness Class |
Priority |
| Network Connected |
High |
|
26 |
Limit the number of individuals with administrative access to the platformand remove default credentials |
|
| Applicable CSS Controls |
#5.1: Minimize And Sparingly Use Administrative Privileges
Minimize administrative privileges and only use administrative accounts when they are required. Implement focused auditing on the use of administrative privileged functions and monitor for anomalous behavior.
|
| Asset Class |
Connectedness Class |
Priority |
Potential Resistance |
Upfront Cost |
Ongoing Maint. Cost |
| Users |
Network Connected |
High |
No |
Low |
Low |
| Resource |
|
Microsoft resources for managing users: https://msdn.microsoft.com/en-us/library/cc505882.aspx.
|
|
|
| Ensure that all devices are documented and accountedfor throughout their lifecycle |
27 |
Devices |
Network Connected |
Medium |
No |
Low |
Low |
|
| Connectedness Class |
Priority |
| Network Connected |
Medium |
|
27 |
Ensure that all devices are documented and accountedfor throughout their lifecycle |
|
| Asset Class |
Connectedness Class |
Priority |
Potential Resistance |
Upfront Cost |
Ongoing Maint. Cost |
| Devices |
Network Connected |
Medium |
No |
Low |
Low |
| Resource |
|
NIST guidance on maintaining hardware inventories: https://nvd.nist.gov/800-53/Rev4/control/CM-8.
|
|
|
| Utilize tamper evident seals on all external ports that are not required for useand electronically deactivate ports where feasible |
28 |
Devices |
Network Connected |
Medium |
No |
Low |
Low |
|
| Connectedness Class |
Priority |
| Network Connected |
Medium |
|
28 |
Utilize tamper evident seals on all external ports that are not required for useand electronically deactivate ports where feasible |
|
| Asset Class |
Connectedness Class |
Priority |
Potential Resistance |
Upfront Cost |
Ongoing Maint. Cost |
| Devices |
Network Connected |
Medium |
No |
Low |
Low |
| Resource |
|
Check to see if vendors have this information as part of their Technical Data Product (TDP). Additional information on tamper evident seals: http://permalink.lanl.gov/object/tr?what=info:lanl-repo/lareport/LA-UR-03-0269.
|
|
|
| Maintain an inventory of assets that should be on the same subnetas the election system component |
29 |
Devices |
Network Connected |
Medium |
No |
Low |
Low |
|
| Connectedness Class |
Priority |
| Network Connected |
Medium |
|
29 |
Maintain an inventory of assets that should be on the same subnetas the election system component |
|
| Applicable CSS Controls |
#1.4: Asset Inventory Accounts For All Devices
Maintain an asset inventory of all systems connected to the network and the network devices themselves, recording at least the network addresses, machine name(s), purpose of each system, an asset owner responsible for each device, and the department associated with each device. The inventory should include every system that has an Internet protocol (IP) address on the network, including but not limited to desktops, laptops, servers, network equipment (routers, switches, firewalls, etc.), printers, storage area networks, Voice Over-IP telephones, multi-homed addresses, virtual addresses, etc. The asset inventory created must also include data on whether the device is a portable and/or personal device. Devices such as mobile phones, tablets, laptops, and other portable electronic devices that store or process data must be identified, regardless of whether they are attached to the organization’s network.
|
| Asset Class |
Connectedness Class |
Priority |
Potential Resistance |
Upfront Cost |
Ongoing Maint. Cost |
| Devices |
Network Connected |
Medium |
No |
Low |
Low |
| Resource |
|
NIST guidance on maintaining hardware inventories: https://nvd.nist.gov/800-53/Rev4/control/CM-8.
|
|
|
| Establish and follow rigorous protocol for installing tamper evident sealsand verifying their integrity upon removal |
30 |
Devices |
Network Connected |
Medium |
No |
Low |
Low |
|
| Connectedness Class |
Priority |
| Network Connected |
Medium |
|
30 |
Establish and follow rigorous protocol for installing tamper evident sealsand verifying their integrity upon removal |
|
| Asset Class |
Connectedness Class |
Priority |
Potential Resistance |
Upfront Cost |
Ongoing Maint. Cost |
| Devices |
Network Connected |
Medium |
No |
Low |
Low |
| Resource |
|
Check to see if vendors have this information as part of their Technical Data Product (TDP). Additional information on tamper evident seals: http://permalink.lanl.gov/object/tr?what=info:lanl-repo/lareport/LA-UR-03-0269.
|
|
|
| Conduct load and stress tests for any transactional related systems to ensurethe ability of the system to mitigate potential DDoS type attacks |
31 |
Devices |
Network Connected |
Medium |
No |
Medium |
Low |
|
| Connectedness Class |
Priority |
| Network Connected |
Medium |
|
31 |
Conduct load and stress tests for any transactional related systems to ensurethe ability of the system to mitigate potential DDoS type attacks |
|
| Asset Class |
Connectedness Class |
Priority |
Potential Resistance |
Upfront Cost |
Ongoing Maint. Cost |
| Devices |
Network Connected |
Medium |
No |
Medium |
Low |
| Resource |
|
|
|
|
| Limit the use of personally identifiable information. When it is required, ensure that that it is properly secured and staff with access are properly trained on how to handle it. |
32 |
Process |
Network Connected |
Medium |
No |
Low |
Low |
|
| Connectedness Class |
Priority |
| Network Connected |
Medium |
|
32 |
Limit the use of personally identifiable information. When it is required, ensure that that it is properly secured and staff with access are properly trained on how to handle it. |
|
| Asset Class |
Connectedness Class |
Priority |
Potential Resistance |
Upfront Cost |
Ongoing Maint. Cost |
| Process |
Network Connected |
Medium |
No |
Low |
Low |
| Resource |
|
Review EAC guidance: https://www.eac.gov/election-officials/election-management-guidelines/.
|
|
|
| Conduct mock elections prior to major elections to help eliminate gapsin process and legal areas |
33 |
Process |
Network Connected |
Medium |
No |
Medium |
Medium |
|
| Connectedness Class |
Priority |
| Network Connected |
Medium |
|
33 |
Conduct mock elections prior to major elections to help eliminate gapsin process and legal areas |
|
| Asset Class |
Connectedness Class |
Priority |
Potential Resistance |
Upfront Cost |
Ongoing Maint. Cost |
| Process |
Network Connected |
Medium |
No |
Medium |
Medium |
| Resource |
|
|
|
|
| Identify and maintain information on network service providers and third-party companies contacts with a role in supporting election activities |
34 |
Process |
Network Connected |
Medium |
No |
Low |
Low |
|
| Connectedness Class |
Priority |
| Network Connected |
Medium |
|
34 |
Identify and maintain information on network service providers and third-party companies contacts with a role in supporting election activities |
|
| Applicable CSS Controls |
#19.5: Assemble and maintain information on third-party contact information to be used to report a security incident (e.g., maintain an email address of security@organization.com or have a web page http://organization.com/security).
|
| Asset Class |
Connectedness Class |
Priority |
Potential Resistance |
Upfront Cost |
Ongoing Maint. Cost |
| Process |
Network Connected |
Medium |
No |
Low |
Low |
| Resource |
|
|
|
|
| Implement a change freeze prior to peak election periods for major elections |
35 |
Process |
Network Connected |
Medium |
No |
Low |
Low |
|
| Connectedness Class |
Priority |
| Network Connected |
Medium |
|
35 |
Implement a change freeze prior to peak election periods for major elections |
|
| Asset Class |
Connectedness Class |
Priority |
Potential Resistance |
Upfront Cost |
Ongoing Maint. Cost |
| Process |
Network Connected |
Medium |
No |
Low |
Low |
| Resource |
|
|
|
|
| Prior to major elections, conduct in person site audits to verify complianceto security policies and procedures |
36 |
Process |
Network Connected |
Medium |
No |
Medium |
Medium |
|
| Connectedness Class |
Priority |
| Network Connected |
Medium |
|
36 |
Prior to major elections, conduct in person site audits to verify complianceto security policies and procedures |
|
| Asset Class |
Connectedness Class |
Priority |
Potential Resistance |
Upfront Cost |
Ongoing Maint. Cost |
| Process |
Network Connected |
Medium |
No |
Medium |
Medium |
| Resource |
|
|
|
|
| Work with vendors to establish and follow hardening guidance for their applications |
37 |
Software |
Network Connected |
Medium |
No |
Low |
Low |
|
| Connectedness Class |
Priority |
| Network Connected |
Medium |
|
37 |
Work with vendors to establish and follow hardening guidance for their applications |
|
| Applicable CSS Controls |
#3.1: Establish Standard Secure Configurations For OS And Software
Establish standard secure configurations of operating systems and software applications. Standardized images should represent hardened versions of the underlying operating system and the applications installed on the system. These images should be validated and refreshed on a regular basis to update their security configuration in light of recent vulnerabilities and attack vectors.
|
| Asset Class |
Connectedness Class |
Priority |
Potential Resistance |
Upfront Cost |
Ongoing Maint. Cost |
| Software |
Network Connected |
Medium |
No |
Low |
Low |
| Resource |
|
Vendors will typically provide recommendations on how to securely deploy and manage their systems.
|
|
|
| Ensure logging is enabled on the system |
38 |
Software |
Network Connected |
Medium |
No |
Low |
Medium |
|
| Connectedness Class |
Priority |
| Network Connected |
Medium |
|
38 |
Ensure logging is enabled on the system |
|
| Applicable CSS Controls |
#6.2: Ensure Audit Log Settings Support Appropriate Log Entry Formatting
Validate audit log settings for each hardware device and the software installed on it, ensuring that logs include a date, timestamp, source addresses, destination addresses, and various other useful elements of each packet and/or transaction. Systems should record logs in a standardized format such as syslog entries or those outlined by the Common Event Expression initiative. If systems cannot generate logs in a standardized format, log normalization tools can be deployed to convert logs into such a format.
|
| Asset Class |
Connectedness Class |
Priority |
Potential Resistance |
Upfront Cost |
Ongoing Maint. Cost |
| Software |
Network Connected |
Medium |
No |
Low |
Medium |
| Resource |
|
Work with Vendor to identify logging capabilities. CIS-CAT can check this configuration item for consumer grade operating systems and applications: https://www.cisecurity.org/cybersecurity-tools/cis-cat-pro/. CIS Benchmarks provides logging recommendations for major platforms: https://www.cisecurity.org/cybersecurity-tools/cis-cat-pro/.
|
|
|
| Use automated tools to assist in log management and where possibleensure logs are sent to a remote system |
39 |
Software |
Network Connected |
Medium |
No |
High |
High |
|
| Connectedness Class |
Priority |
| Network Connected |
Medium |
|
39 |
Use automated tools to assist in log management and where possibleensure logs are sent to a remote system |
|
| Applicable CSS Controls |
#6.6: Deploy A SIEM OR Log Analysis Tools For Aggregation And Correlation/Analysis
Deploy a SIEM (Security Information and Event Management) or log analytic tools for log aggregation and consolidation from multiple machines and for log correlation and analysis. Using the SIEM tool, system administrators and security personnel should devise profiles of common events from given systems so that they can tune detection to focus on unusual activity, avoid false positives, more rapidly identify anomalies, and prevent overwhelming analysts with insignificant alerts.
|
| Asset Class |
Connectedness Class |
Priority |
Potential Resistance |
Upfront Cost |
Ongoing Maint. Cost |
| Software |
Network Connected |
Medium |
No |
High |
High |
| Resource |
|
A variety of tools that have various capabilities and costs as well as the effort and rigor of the review and retention of the logs which will have varying costs. Windows Event Subscription Guide: https://technet. microsoft.com/en-us/library/cc749183(v=ws.11).aspx.
|
|
|
| Where feasible, utilize anti-malware software with centralized reporting |
40 |
Software |
Network Connected |
Medium |
No |
Medium |
Low |
|
| Connectedness Class |
Priority |
| Network Connected |
Medium |
|
40 |
Where feasible, utilize anti-malware software with centralized reporting |
|
| Applicable CSS Controls |
# 8.1: Deploy Automated Endpoint Protection Tools
Employ automated tools to continuously monitor workstations, servers, and mobile devices with anti-virus,anti-spyware, personal firewalls, and host-based IPS functionality. All malware detection events should be sent to enterprise anti-malware administration tools and event log servers.
|
| Asset Class |
Connectedness Class |
Priority |
Potential Resistance |
Upfront Cost |
Ongoing Maint. Cost |
| Software |
Network Connected |
Medium |
No |
Medium |
Low |
| Resource |
|
Vendor specific.
|
|
|
| Ensure only required ports are open on the system through regular port scans |
41 |
Software |
Network Connected |
Medium |
No |
Low |
Low |
|
| Connectedness Class |
Priority |
| Network Connected |
Medium |
|
41 |
Ensure only required ports are open on the system through regular port scans |
|
| Applicable CSS Controls |
#9.3: Perform Regular Automated Port Scanning
Perform automated port scans on a regular basis against all key servers and compare to a known effective baseline. If a change that is not listed on the organization’s approved baseline is discovered, an alert should be generated and reviewed.
#9.1: Limit Open Ports, Protocols, and ServicesEnsure that only ports, protocols, and services with validated business needs are running on each system. |
| Asset Class |
Connectedness Class |
Priority |
Potential Resistance |
Upfront Cost |
Ongoing Maint. Cost |
| Software |
Network Connected |
Medium |
No |
Low |
Low |
| Resource |
|
Checkable by CIS-CAT and other SCAP-validated tools (https://nvd.nist.gov/scap/validated-tools), and other network scanning tools such as NMAP: https://nvd.nist.gov/scap/validated-tools),.
|
|
|
| Where feasible, implement host-based firewalls or port filtering tools |
42 |
Software |
Network Connected |
Medium |
No |
Medium |
Medium |
|
| Connectedness Class |
Priority |
| Network Connected |
Medium |
|
42 |
Where feasible, implement host-based firewalls or port filtering tools |
|
| Applicable CSS Controls |
#9.2: Leverage Host-based Firewalls
Apply host-based firewalls or port filtering tools on end systems, with a default-deny rule that drops all traffic except those services and ports that are explicitly allowed.
|
| Asset Class |
Connectedness Class |
Priority |
Potential Resistance |
Upfront Cost |
Ongoing Maint. Cost |
| Software |
Network Connected |
Medium |
No |
Medium |
Medium |
| Resource |
|
If host-based, can be verified by CIS-CAT: https://www.cisecurity.org/cybersecurity-tools/cis-cat-pro/. Microsoft guidance on implementing firewalls: https://www.cisecurity.org/cybersecurity-tools/cis-cat-pro/.
|
|
|
| Verify software updates and the validity of the code base through the useof hashing algorithms and digital signatures where available |
43 |
Software |
Network Connected |
Medium |
No |
Medium |
Low |
|
| Connectedness Class |
Priority |
| Network Connected |
Medium |
|
43 |
Verify software updates and the validity of the code base through the useof hashing algorithms and digital signatures where available |
|
| Asset Class |
Connectedness Class |
Priority |
Potential Resistance |
Upfront Cost |
Ongoing Maint. Cost |
| Software |
Network Connected |
Medium |
No |
Medium |
Low |
| Resource |
|
NIST guidance on Software Integrity: https://nvd.nist.gov/800-53/Rev4/control/SI-7. For EAC certified voting systems, System Validation Tools are required which provide a process for validating the hash values on the system versus the trusted build (certified software).
|
|
|
| Ensure vendors distribute software packages and updates using secure protocols |
44 |
Software |
Network Connected |
Medium |
No |
Low |
Low |
|
| Connectedness Class |
Priority |
| Network Connected |
Medium |
|
44 |
Ensure vendors distribute software packages and updates using secure protocols |
|
| Applicable CSS Controls |
#3.4: Use Only Secure Channels For Remote System Administration
Perform all remote administration of servers, workstation, network devices, and similar equipment over secure channels. Protocols such as telnet, VNC, RDP, or others that do not actively support strong encryption should only be used if they are performed over a secondary encryption channel, such as , TLS or IPSEC.
|
| Asset Class |
Connectedness Class |
Priority |
Potential Resistance |
Upfront Cost |
Ongoing Maint. Cost |
| Software |
Network Connected |
Medium |
No |
Low |
Low |
| Resource |
|
Work with the election software vendors.
|
|
|
| Maintain a chain of custody for all core devices |
45 |
Users |
Network Connected |
Medium |
No |
Low |
Low |
|
| Connectedness Class |
Priority |
| Network Connected |
Medium |
|
45 |
Maintain a chain of custody for all core devices |
|
| Asset Class |
Connectedness Class |
Priority |
Potential Resistance |
Upfront Cost |
Ongoing Maint. Cost |
| Users |
Network Connected |
Medium |
No |
Low |
Low |
| Resource |
|
|
|
|
| All remote connection to the system will use secure protocols (TLS, IPSEC) |
46 |
Users |
Network Connected |
Medium |
No |
Low |
Low |
|
| Connectedness Class |
Priority |
| Network Connected |
Medium |
|
46 |
All remote connection to the system will use secure protocols (TLS, IPSEC) |
|
| Applicable CSS Controls |
#3.4: Use Only Secure Channels For Remote System Administration
Perform all remote administration of servers, workstation, network devices, and similar equipment over secure channels. Protocols such as telnet, VNC, RDP, or others that do not actively support strong encryption should only be used if they are performed over a secondary encryption channel, such as, TLS or IPSEC.
|
| Asset Class |
Connectedness Class |
Priority |
Potential Resistance |
Upfront Cost |
Ongoing Maint. Cost |
| Users |
Network Connected |
Medium |
No |
Low |
Low |
| Resource |
|
CIS-CAT can identify whether secure protocols are configured consumer grade operating system: https://www.cisecurity.org/cybersecurity-tools/cis-cat-pro/. Microsoft guidance on securing remote access: https://www.cisecurity.org/cybersecurity-tools/cis-cat-pro/.
|
|
|
| Users will use unique user IDs |
47 |
Users |
Network Connected |
Medium |
No |
Low |
Low |
|
| Connectedness Class |
Priority |
| Network Connected |
Medium |
|
47 |
Users will use unique user IDs |
|
| Asset Class |
Connectedness Class |
Priority |
Potential Resistance |
Upfront Cost |
Ongoing Maint. Cost |
| Users |
Network Connected |
Medium |
No |
Low |
Low |
| Resource |
|
Individual accountability is one of the linchpins in cybersecurity and is useful for auditing eventsand actions taken on a system. Microsoft resources for managing users: https://msdn.microsoft.com/en-us/library/cc505882.aspx.
|
|
|
| Use a dedicated machine for administrative tasks to separate day to day functions from other security critical functions (For some components this may not be practical to implement) |
48 |
Users |
Network Connected |
Medium |
No |
Medium |
Low |
|
| Connectedness Class |
Priority |
| Network Connected |
Medium |
|
48 |
Use a dedicated machine for administrative tasks to separate day to day functions from other security critical functions (For some components this may not be practical to implement) |
|
| Applicable CSS Controls |
#5.9: Use Dedicated Administrative Machines
Administrators shall use a dedicated machine for all administrative tasks or tasks requiring elevated access.This machine shall be isolated from the organization’s primary network and not be allowed Internet access.This machine shall not be used for reading e-mail, composing documents, or surfing the Internet.
|
| Asset Class |
Connectedness Class |
Priority |
Potential Resistance |
Upfront Cost |
Ongoing Maint. Cost |
| Users |
Network Connected |
Medium |
No |
Medium |
Low |
| Resource |
|
For some components this may not be practical to implement.
|
|
|
| Ensure that user activity is logged and monitored for abnormal activities |
49 |
Users |
Network Connected |
Medium |
No |
Medium |
Medium |
|
| Connectedness Class |
Priority |
| Network Connected |
Medium |
|
49 |
Ensure that user activity is logged and monitored for abnormal activities |
|
| Applicable CSS Controls |
#16.10: Profile User Account Usage And Monitor For Anomalies
Profile each user’s typical account usage by determining normal time-of-day access and access duration. Reports should be generated that indicate users who have logged in during unusual hours or have exceeded their normal login duration. This includes flagging the use of the user’s credentials from a computer other than computers on which the user generally works.
|
| Asset Class |
Connectedness Class |
Priority |
Potential Resistance |
Upfront Cost |
Ongoing Maint. Cost |
| Users |
Network Connected |
Medium |
No |
Medium |
Medium |
| Resource |
|
CIS-CAT can identify these at the consumer grade operating systems and applications: https://www.cisecurity.org/cybersecurity-tools/cis-cat-pro/. It is desirable to have a log aggregation or SIEM system in place to aggregate and analyze logs for abnormal behaviors.
|
|
|
| Regularly review all accounts and disable any account that can’t be associatedwith a process or owner |
50 |
Users |
Network Connected |
Medium |
No |
Low |
Low |
|
| Connectedness Class |
Priority |
| Network Connected |
Medium |
|
50 |
Regularly review all accounts and disable any account that can’t be associatedwith a process or owner |
|
| Applicable CSS Controls |
#16.3: Ensure System Access Is Revoked Upon Employee/Contractor Termination
Establish and follow a process for revoking system access by disabling accounts immediately upon termination of an employee or contractor. Disabling instead of deleting accounts allows preservation of audit trails.
|
| Asset Class |
Connectedness Class |
Priority |
Potential Resistance |
Upfront Cost |
Ongoing Maint. Cost |
| Users |
Network Connected |
Medium |
No |
Low |
Low |
| Resource |
|
Microsoft resources for managing users: https://msdn.microsoft.com/en-us/library/cc505882.aspx.
|
|
|
| Establish a process for revoking system access immediately upon terminationof employee or contractor |
51 |
Users |
Network Connected |
Medium |
No |
Low |
Low |
|
| Connectedness Class |
Priority |
| Network Connected |
Medium |
|
51 |
Establish a process for revoking system access immediately upon terminationof employee or contractor |
|
| Applicable CSS Controls |
#16.3: Ensure System Access Is Revoked Upon Employee/Contractor Termination
Establish and follow a process for revoking system access by disabling accounts immediately upon termination of an employee or contractor. Disabling instead of deleting accounts allows preservation of audit trails.
|
| Asset Class |
Connectedness Class |
Priority |
Potential Resistance |
Upfront Cost |
Ongoing Maint. Cost |
| Users |
Network Connected |
Medium |
No |
Low |
Low |
| Resource |
|
Resources on the process potentially involved with termination process NIST: https://nvd.nist.gov/800-53/Rev4/ control/PS-4.
|
|
|
| Ensure that user credentials are encrypted or hashed on all platforms |
52 |
Users |
Network Connected |
Medium |
No |
Low |
Low |
|
| Connectedness Class |
Priority |
| Network Connected |
Medium |
|
52 |
Ensure that user credentials are encrypted or hashed on all platforms |
|
| Applicable CSS Controls |
#16.14: Encrypt/Hash All Authentication Files And Monitor Their Access
Verify that all authentication files are encrypted or hashed and that these files cannot be accessed without root or administrator privileges. Audit all access to password files in the system.
|
| Asset Class |
Connectedness Class |
Priority |
Potential Resistance |
Upfront Cost |
Ongoing Maint. Cost |
| Users |
Network Connected |
Medium |
No |
Low |
Low |
| Resource |
|
CIS-CAT can identify this configuration on consumer grade operating systems and applications, work with vendor to verify: https://www.cisecurity.org/cybersecurity-tools/cis-cat-pro/.
|
|
|
| Ensure all workstations and user accounts are logged off after a period of inactivity |
53 |
Users |
Network Connected |
Medium |
No |
Low |
Low |
|
| Connectedness Class |
Priority |
| Network Connected |
Medium |
|
53 |
Ensure all workstations and user accounts are logged off after a period of inactivity |
|
| Applicable CSS Controls |
#16.5: Configure screen locks on systems to limit access to unattended workstations.
|
| Asset Class |
Connectedness Class |
Priority |
Potential Resistance |
Upfront Cost |
Ongoing Maint. Cost |
| Users |
Network Connected |
Medium |
No |
Low |
Low |
| Resource |
|
Work with dedicated purpose election system vendors to verify their products. CIS-CAT can identify this configuration on consumer grade operating systems and applications: https://www.cisecurity.org/cybersecurity-tools/cis-cat-pro/.
|
|
|
| Ensure your organization has a documented Acceptable Use policy that users are aware of which details the appropriate uses of the system |
54 |
Users |
Network Connected |
Medium |
No |
Low |
Low |
|
| Connectedness Class |
Priority |
| Network Connected |
Medium |
|
54 |
Ensure your organization has a documented Acceptable Use policy that users are aware of which details the appropriate uses of the system |
|
| Asset Class |
Connectedness Class |
Priority |
Potential Resistance |
Upfront Cost |
Ongoing Maint. Cost |
| Users |
Network Connected |
Medium |
No |
Low |
Low |
| Resource |
|
|
|
|
| For data transfers that utilize physical transmission, utilize tamper evident sealson the exterior of the packaging |
55 |
Devices |
Indirectly Connected |
High |
No |
Medium |
Low |
|
| Connectedness Class |
Priority |
| Indirectly Connected |
High |
|
55 |
For data transfers that utilize physical transmission, utilize tamper evident sealson the exterior of the packaging |
|
| Applicable CSS Controls |
#13.5: Disable Write Capabilities To USB Devices
If there is no business need for supporting such devices, configure systems so that they will not write data to USB tokens or USB hard drives. If such devices are required, enterprise software should be used that can configure systems to allow only specific USB devices (based on serial number or other unique property) to be accessed, and that can automatically encrypt all data placed on such devices. An inventory of all authorized devices must be maintained.
|
| Asset Class |
Connectedness Class |
Priority |
Potential Resistance |
Upfront Cost |
Ongoing Maint. Cost |
| Devices |
Indirectly Connected |
High |
No |
Medium |
Low |
| Resource |
|
Windows guidance on how to restrict hardware devices: https://technet.microsoft.com/en-us/library/ cc771759(v=ws.10).aspx. Best practice is the use of specially designed USB keys that allow for encryption and device authentication.
|
|
|
| Disable wireless peripheral access of devices |
56 |
Devices |
Indirectly Connected |
High |
No |
Low |
Low |
|
| Connectedness Class |
Priority |
| Indirectly Connected |
High |
|
56 |
Disable wireless peripheral access of devices |
|
| Applicable CSS Controls |
#15.8: Disable Wireless Peripheral Access (i.e. Bluetooth) Unless Required
Disable wireless peripheral access of devices (such as Bluetooth), unless such access is required for a documented business need.
|
| Asset Class |
Connectedness Class |
Priority |
Potential Resistance |
Upfront Cost |
Ongoing Maint. Cost |
| Devices |
Indirectly Connected |
High |
No |
Low |
Low |
| Resource |
|
Windows guidance on how to restrict hardware devices: https://technet.microsoft.com/en-us/library/ cc771759(v=ws.10).aspx. Best practice is the use of specially designed USB keys that allow for encryption and device authentication.
|
|
|
| Ensure staff is properly trained on cybersecurity and audit procedures and audit every election in accordance with local, state, and federal guidelines |
57 |
Process |
Indirectly Connected |
High |
No |
Low |
Low |
|
| Connectedness Class |
Priority |
| Indirectly Connected |
High |
|
57 |
Ensure staff is properly trained on cybersecurity and audit procedures and audit every election in accordance with local, state, and federal guidelines |
|
| Asset Class |
Connectedness Class |
Priority |
Potential Resistance |
Upfront Cost |
Ongoing Maint. Cost |
| Process |
Indirectly Connected |
High |
No |
Low |
Low |
| Resource |
|
Work with appropriate vendors. Review EAC Guidance: https://www.eac.gov/election-officials/election-management-guidelines/.
|
|
|
| Conduct criminal background checks for all staff including vendors, consultants and contractors supporting the election process |
58 |
Process |
Indirectly Connected |
High |
No |
Medium |
Medium |
|
| Connectedness Class |
Priority |
| Indirectly Connected |
High |
|
58 |
Conduct criminal background checks for all staff including vendors, consultants and contractors supporting the election process |
|
| Asset Class |
Connectedness Class |
Priority |
Potential Resistance |
Upfront Cost |
Ongoing Maint. Cost |
| Process |
Indirectly Connected |
High |
No |
Medium |
Medium |
| Resource |
|
Examples of this include National Agency Check Criminal History: https://www.gsa.gov/forms-library/basic-national-agency-check-criminal-history.
|
|
|
| Ensure staff is properly trained for reconciliation procedures for the pollbooks to the voting systems and reconcile every polling place and voter record in accordance with local, state, and federal guidelines |
59 |
Process |
Indirectly Connected |
High |
No |
Low |
Low |
|
| Connectedness Class |
Priority |
| Indirectly Connected |
High |
|
59 |
Ensure staff is properly trained for reconciliation procedures for the pollbooks to the voting systems and reconcile every polling place and voter record in accordance with local, state, and federal guidelines |
|
| Asset Class |
Connectedness Class |
Priority |
Potential Resistance |
Upfront Cost |
Ongoing Maint. Cost |
| Process |
Indirectly Connected |
High |
No |
Low |
Low |
| Resource |
|
|
|
|
| Store secure baseline configuration on hardened offline systemand securely deploy baseline configurations |
60 |
Software |
Indirectly Connected |
High |
No |
Low |
Low |
|
| Connectedness Class |
Priority |
| Indirectly Connected |
High |
|
60 |
Store secure baseline configuration on hardened offline systemand securely deploy baseline configurations |
|
| Applicable CSS Controls |
#3.3: Store Master Images Securely
Store the master images on securely configured servers, validated with integrity checking tools capable of continuous inspection, and change management to ensure that only authorized changes to the images are possible. Alternatively, these master images can be stored in offline machines, air-gapped from the production network, with images copied via secure media to move them between the image storage servers and the production network.
|
| Asset Class |
Connectedness Class |
Priority |
Potential Resistance |
Upfront Cost |
Ongoing Maint. Cost |
| Software |
Indirectly Connected |
High |
No |
Low |
Low |
| Resource |
|
NIST guidance on Software Integrity: https://nvd.nist.gov/800-53/Rev4/control/SI-7.
|
|
|
| Work with the vendor to deploy application whitelisting |
61 |
Software |
Indirectly Connected |
High |
Yes |
Medium |
Low |
|
| Connectedness Class |
Priority |
| Indirectly Connected |
High |
|
61 |
Work with the vendor to deploy application whitelisting |
|
| Applicable CSS Controls |
#2.2: Deploy Application Whitelisting
Deploy application whitelisting technology that allows systems to run software only if it is included on the whitelist and prevents execution of all other software on the system. The whitelist may be very extensive (as is available from commercial whitelist vendors), so that users are not inconvenienced when using common software. Or, for some special-purpose systems (which require only a small number of programs to achieve their needed business functionality), the whitelist may be quite narrow.
|
| Asset Class |
Connectedness Class |
Priority |
Potential Resistance |
Upfront Cost |
Ongoing Maint. Cost |
| Software |
Indirectly Connected |
High |
Yes |
Medium |
Low |
| Resource |
|
NIST guidance on how to implement application whitelisting: http://nvlpubs.nist.gov/nistpubs/ SpecialPublications/NIST.SP.800-167.pdf. May have to work with the vendors to implement it on their systems.
|
|
|
| Utilize the most up-to-date and certified version of vendor software |
62 |
Software |
Indirectly Connected |
High |
No |
Low |
Medium |
|
| Connectedness Class |
Priority |
| Indirectly Connected |
High |
|
62 |
Utilize the most up-to-date and certified version of vendor software |
|
| Applicable CSS Controls |
#4.5: Use Automated Patch Management And Software Update Tools
Deploy automated patch management tools and software update tools for operating system and software/ applications on all systems for which such tools are available and safe. Patches should be applied to all systems, even systems that are properly air gapped.
#18.1: Use Only Vendor-supported SoftwareFor all acquired application software, check that the version you are using is still supported by the vendor. If not, update to the most current version and install all relevant patches and vendor security recommendations. |
| Asset Class |
Connectedness Class |
Priority |
Potential Resistance |
Upfront Cost |
Ongoing Maint. Cost |
| Software |
Indirectly Connected |
High |
No |
Low |
Medium |
| Resource |
|
NIST guidance on Software Integrity: https://nvd.nist.gov/800-53/Rev4/control/SI-7.
|
|
|
| Utilize write once media for transferring critical system files and system updates. Where it is not possible to use write-once media, that media should be used one time (for a single direction off transfer to a single destination device) and securely dispose of the media. |
63 |
Software |
Indirectly Connected |
High |
No |
Low |
Low |
|
| Connectedness Class |
Priority |
| Indirectly Connected |
High |
|
63 |
Utilize write once media for transferring critical system files and system updates. Where it is not possible to use write-once media, that media should be used one time (for a single direction off transfer to a single destination device) and securely dispose of the media. |
|
| Asset Class |
Connectedness Class |
Priority |
Potential Resistance |
Upfront Cost |
Ongoing Maint. Cost |
| Software |
Indirectly Connected |
High |
No |
Low |
Low |
| Resource |
|
NIST guidance on Media Protection: https://nvd.nist.gov/800-53/Rev4/control/MP-7.
|
|
|
| Only use the devices for election related activities |
64 |
Software |
Indirectly Connected |
High |
No |
Medium |
Low |
|
| Connectedness Class |
Priority |
| Indirectly Connected |
High |
|
64 |
Only use the devices for election related activities |
|
| Applicable CSS Controls |
#5.9: Use Dedicated Administrative Machines
Administrators shall use a dedicated machine for all administrative tasks or tasks requiring elevated access. This machine shall be isolated from the organization’s primary network and not be allowed Internet access. This machine shall not be used for reading e-mail, composing documents, or surfing the Internet.
|
| Asset Class |
Connectedness Class |
Priority |
Potential Resistance |
Upfront Cost |
Ongoing Maint. Cost |
| Software |
Indirectly Connected |
High |
No |
Medium |
Low |
| Resource |
|
Review EAC guidance:https://www.eac.gov/election-officials/election-management-guidelines/.
|
|
|
| Maintain detailed maintenance records of all system components |
65 |
Users |
Indirectly Connected |
High |
No |
Low |
Low |
|
| Connectedness Class |
Priority |
| Indirectly Connected |
High |
|
65 |
Maintain detailed maintenance records of all system components |
|
| Asset Class |
Connectedness Class |
Priority |
Potential Resistance |
Upfront Cost |
Ongoing Maint. Cost |
| Users |
Indirectly Connected |
High |
No |
Low |
Low |
| Resource |
|
Maintenance process, procedures and recommendations based on NIST: https://nvd.nist.gov/800-53/Rev4/ control/MA-2.
|
|
|
| Limit the number of individuals with administrative access to the platform and remove default credentials |
66 |
Users |
Indirectly Connected |
High |
No |
Low |
Low |
|
| Connectedness Class |
Priority |
| Indirectly Connected |
High |
|
66 |
Limit the number of individuals with administrative access to the platform and remove default credentials |
|
| Applicable CSS Controls |
#5.1: Minimize And Sparingly Use Administrative Privileges
Minimize administrative privileges and only use administrative accounts when they are required. Implement focused auditing on the use of administrative privileged functions and monitor for anomalous behavior.
|
| Asset Class |
Connectedness Class |
Priority |
Potential Resistance |
Upfront Cost |
Ongoing Maint. Cost |
| Users |
Indirectly Connected |
High |
No |
Low |
Low |
| Resource |
|
Microsoft resources for managing users: https://msdn.microsoft.com/en-us/library/cc505882.aspx.
|
|
|
| Utilize tamper evident seals on all external ports that are not required for use |
67 |
Devices |
Indirectly Connected |
Medium |
No |
Low |
Low |
|
| Connectedness Class |
Priority |
| Indirectly Connected |
Medium |
|
67 |
Utilize tamper evident seals on all external ports that are not required for use |
|
| Asset Class |
Connectedness Class |
Priority |
Potential Resistance |
Upfront Cost |
Ongoing Maint. Cost |
| Devices |
Indirectly Connected |
Medium |
No |
Low |
Low |
| Resource |
|
Check to see if vendors have this information as part of their Technical Data Product (TDP). Additional information on tamper evident seals: http://permalink.lanl.gov/object/tr?what=info:lanl-repo/lareport/LA-UR-03-0269.
|
|
|
| Ensure that all devices are documented and accounted for throughout their lifecycle |
68 |
Devices |
Indirectly Connected |
Medium |
No |
Low |
Low |
|
| Connectedness Class |
Priority |
| Indirectly Connected |
Medium |
|
68 |
Ensure that all devices are documented and accounted for throughout their lifecycle |
|
| Asset Class |
Connectedness Class |
Priority |
Potential Resistance |
Upfront Cost |
Ongoing Maint. Cost |
| Devices |
Indirectly Connected |
Medium |
No |
Low |
Low |
| Resource |
|
NIST guidance on maintaining hardware inventories: https://nvd.nist.gov/800-53/Rev4/control/CM-8.
|
|
|
| Establish and follow rigorous protocol for installing tamper evident sealsand verifying their integrity upon removal |
69 |
Devices |
Indirectly Connected |
Medium |
No |
Low |
Low |
|
| Connectedness Class |
Priority |
| Indirectly Connected |
Medium |
|
69 |
Establish and follow rigorous protocol for installing tamper evident sealsand verifying their integrity upon removal |
|
| Asset Class |
Connectedness Class |
Priority |
Potential Resistance |
Upfront Cost |
Ongoing Maint. Cost |
| Devices |
Indirectly Connected |
Medium |
No |
Low |
Low |
| Resource |
|
Check to see if vendors have this information as part of their Technical Data Product (TDP). Additional information on tamper evident seals: http://permalink.lanl.gov/object/tr?what=info:lanl-repo/lareport/LA-UR-03-0269.
|
|
|
| Perform system testing prior to elections (prior to any ballot delivery),such as logic and accuracy testing |
70 |
Process |
Indirectly Connected |
Medium |
No |
Medium |
Low |
|
| Connectedness Class |
Priority |
| Indirectly Connected |
Medium |
|
70 |
Perform system testing prior to elections (prior to any ballot delivery),such as logic and accuracy testing |
|
| Asset Class |
Connectedness Class |
Priority |
Potential Resistance |
Upfront Cost |
Ongoing Maint. Cost |
| Process |
Indirectly Connected |
Medium |
No |
Medium |
Low |
| Resource |
|
Work with appropriate vendors. Review EAC guidance: https://www.eac.gov/election-officials/election-management-guidelines/.
|
|
|
| Ensure acceptance testing is done when receiving or installing new or updated software or new devices |
71 |
Process |
Indirectly Connected |
Medium |
No |
Low |
Low |
|
| Connectedness Class |
Priority |
| Indirectly Connected |
Medium |
|
71 |
Ensure acceptance testing is done when receiving or installing new or updated software or new devices |
|
| Asset Class |
Connectedness Class |
Priority |
Potential Resistance |
Upfront Cost |
Ongoing Maint. Cost |
| Process |
Indirectly Connected |
Medium |
No |
Low |
Low |
| Resource |
|
Work with appropriate vendors. Review EAC guidance: https://www.eac.gov/election-officials/election-management-guidelines/.
|
|
|
| Conduct mock elections prior to major elections to help eliminate gapsin process and legal areas |
72 |
Process |
Indirectly Connected |
Medium |
No |
Medium |
Medium |
|
| Connectedness Class |
Priority |
| Indirectly Connected |
Medium |
|
72 |
Conduct mock elections prior to major elections to help eliminate gapsin process and legal areas |
|
| Asset Class |
Connectedness Class |
Priority |
Potential Resistance |
Upfront Cost |
Ongoing Maint. Cost |
| Process |
Indirectly Connected |
Medium |
No |
Medium |
Medium |
| Resource |
|
|
|
|
| Identify and maintain information on network service providers and third-party companies contacts with a role in supporting election activities |
73 |
Process |
Indirectly Connected |
Medium |
No |
Low |
Low |
|
| Connectedness Class |
Priority |
| Indirectly Connected |
Medium |
|
73 |
Identify and maintain information on network service providers and third-party companies contacts with a role in supporting election activities |
|
| Applicable CSS Controls |
#19.5: Assemble and maintain information on third-party contact information to be used to report a security incident (e.g., maintain an email address of security@organization.com or have a web page http://organization.com/security).
|
| Asset Class |
Connectedness Class |
Priority |
Potential Resistance |
Upfront Cost |
Ongoing Maint. Cost |
| Process |
Indirectly Connected |
Medium |
No |
Low |
Low |
| Resource |
|
|
|
|
| Implement a change freeze prior to peak election periods for major elections |
74 |
Process |
Indirectly Connected |
Medium |
No |
Low |
Low |
|
| Connectedness Class |
Priority |
| Indirectly Connected |
Medium |
|
74 |
Implement a change freeze prior to peak election periods for major elections |
|
| Asset Class |
Connectedness Class |
Priority |
Potential Resistance |
Upfront Cost |
Ongoing Maint. Cost |
| Process |
Indirectly Connected |
Medium |
No |
Low |
Low |
| Resource |
|
|
|
|
| Prior to major elections, conduct in person site audits to verify complianceto security policies and procedures |
75 |
Process |
Indirectly Connected |
Medium |
No |
Medium |
Medium |
|
| Connectedness Class |
Priority |
| Indirectly Connected |
Medium |
|
75 |
Prior to major elections, conduct in person site audits to verify complianceto security policies and procedures |
|
| Asset Class |
Connectedness Class |
Priority |
Potential Resistance |
Upfront Cost |
Ongoing Maint. Cost |
| Process |
Indirectly Connected |
Medium |
No |
Medium |
Medium |
| Resource |
|
|
|
|
| Verify software updates and the validity of the code base through the use of hashing algorithms and digital signatures where available |
76 |
Software |
Indirectly Connected |
Medium |
No |
Medium |
Low |
|
| Connectedness Class |
Priority |
| Indirectly Connected |
Medium |
|
76 |
Verify software updates and the validity of the code base through the use of hashing algorithms and digital signatures where available |
|
| Asset Class |
Connectedness Class |
Priority |
Potential Resistance |
Upfront Cost |
Ongoing Maint. Cost |
| Software |
Indirectly Connected |
Medium |
No |
Medium |
Low |
| Resource |
|
NIST guidance on Software Integrity: https://nvd.nist.gov/800-53/Rev4/control/SI-7. For EAC certified voting systems, System Validation Tools are required which provide a process for validating the hash values on the system versus the trusted build (certified software).
|
|
|
| Ensure the use of unique user IDs |
77 |
Users |
Indirectly Connected |
Medium |
No |
Low |
Low |
|
| Connectedness Class |
Priority |
| Indirectly Connected |
Medium |
|
77 |
Ensure the use of unique user IDs |
|
| Asset Class |
Connectedness Class |
Priority |
Potential Resistance |
Upfront Cost |
Ongoing Maint. Cost |
| Users |
Indirectly Connected |
Medium |
No |
Low |
Low |
| Resource |
|
Individual accountability is one of the linchpins in cybersecurity and is useful for auditing events and actions taken on a system. Microsoft resources for managing users: https://msdn.microsoft.com/en-us/library/cc505882.aspx.
|
|
|
| Ensure individuals are only given access to the devices they need for their job |
78 |
Users |
Indirectly Connected |
Medium |
No |
Low |
Low |
|
| Connectedness Class |
Priority |
| Indirectly Connected |
Medium |
|
78 |
Ensure individuals are only given access to the devices they need for their job |
|
| Applicable CSS Controls |
#14: Controlled Access Based on the Need to Know
The processes and tools used to track/control/prevent/correct secure access to critical assets (e.g., information, resources, systems) according to the formal determination of which persons, computers, and applications have a need and right to access these critical assets based on an approved classification.
|
| Asset Class |
Connectedness Class |
Priority |
Potential Resistance |
Upfront Cost |
Ongoing Maint. Cost |
| Users |
Indirectly Connected |
Medium |
No |
Low |
Low |
| Resource |
|
How to implement least privilege within an organization according to NIST: https://nvd.nist.gov/800-53/Rev4/ control/AC-6.
|
|
|
| Maintain a chain of custody for all core devices |
79 |
Users |
Indirectly Connected |
Medium |
No |
Low |
Low |
|
| Connectedness Class |
Priority |
| Indirectly Connected |
Medium |
|
79 |
Maintain a chain of custody for all core devices |
|
| Asset Class |
Connectedness Class |
Priority |
Potential Resistance |
Upfront Cost |
Ongoing Maint. Cost |
| Users |
Indirectly Connected |
Medium |
No |
Low |
Low |
| Resource |
|
|
|
|
| Ensure all workstations and user accounts are logged off after a period of inactivity |
80 |
Users |
Indirectly Connected |
Medium |
No |
Low |
Low |
|
| Connectedness Class |
Priority |
| Indirectly Connected |
Medium |
|
80 |
Ensure all workstations and user accounts are logged off after a period of inactivity |
|
| Applicable CSS Controls |
#16.5: Configure screen locks on systems to limit access to unattended workstations
|
| Asset Class |
Connectedness Class |
Priority |
Potential Resistance |
Upfront Cost |
Ongoing Maint. Cost |
| Users |
Indirectly Connected |
Medium |
No |
Low |
Low |
| Resource |
|
CIS-CAT can identify this configuration on consumer grade operating systems and applications: https://www. cisecurity.org/cybersecurity-tools/cis-cat-pro/. Work with special purpose election system vendors to verify their products.
|
|
|
| Regularly review all authorized individuals and disable any accountthat can’t be associated with a process or owner |
81 |
Users |
Indirectly Connected |
Medium |
No |
Medium |
Medium |
|
| Connectedness Class |
Priority |
| Indirectly Connected |
Medium |
|
81 |
Regularly review all authorized individuals and disable any accountthat can’t be associated with a process or owner |
|
| Asset Class |
Connectedness Class |
Priority |
Potential Resistance |
Upfront Cost |
Ongoing Maint. Cost |
| Users |
Indirectly Connected |
Medium |
No |
Medium |
Medium |
| Resource |
|
Microsoft resources for managing users: https://msdn.microsoft.com/en-us/library/cc505882.aspx.
|
|
|
| Ensure your organization has a documented Acceptable Use policy that usersare aware of which details the appropriate uses of the system |
82 |
Users |
Indirectly Connected |
Medium |
No |
Low |
Low |
|
| Connectedness Class |
Priority |
| Indirectly Connected |
Medium |
|
82 |
Ensure your organization has a documented Acceptable Use policy that usersare aware of which details the appropriate uses of the system |
|
| Asset Class |
Connectedness Class |
Priority |
Potential Resistance |
Upfront Cost |
Ongoing Maint. Cost |
| Users |
Indirectly Connected |
Medium |
No |
Low |
Low |
| Resource |
|
|
|
|
| Use secure protocols for all remote connections to the system (TLS, IPSEC) |
83 |
Transmission |
|
High |
No |
Low |
Low |
|
| Connectedness Class |
Priority |
|
High |
|
83 |
Use secure protocols for all remote connections to the system (TLS, IPSEC) |
|
| Applicable CSS Controls |
#3.4: Use Only Secure Channels For Remote System Administration
Perform all remote administration of servers, workstation, network devices, and similar equipment over secure channels. Protocols such as telnet, VNC, RDP, or others that Table5 not actively support strong encryption should only be used if they are performed over a secondary encryption channel, such as, TLS or IPSEC.
|
| Asset Class |
Connectedness Class |
Priority |
Potential Resistance |
Upfront Cost |
Ongoing Maint. Cost |
| Transmission |
|
High |
No |
Low |
Low |
| Resource |
|
CIS-CAT can identify whether secure protocols are configured for common operating systems and applications: https://www.cisecurity.org/cybersecurity-tools/cis-cat-pro/. Microsoft guidance on securing remote access: https://www.cisecurity.org/cybersecurity-tools/cis-cat-pro/.
|
|
|
| Ensure critical data is encrypted and digitally signed |
84 |
Transmission |
|
High |
No |
Medium |
Medium |
|
| Connectedness Class |
Priority |
|
High |
|
84 |
Ensure critical data is encrypted and digitally signed |
|
| Applicable CSS Controls |
#13.2: Deploy Hard Drive Encryption Software
Deploy approved hard drive encryption software to mobile devices and systems that hold sensitive data.
|
| Asset Class |
Connectedness Class |
Priority |
Potential Resistance |
Upfront Cost |
Ongoing Maint. Cost |
| Transmission |
|
High |
No |
Medium |
Medium |
| Resource |
|
Work with appropriate vendors. Additionally, see Microsoft’s How to Set Event Log Security: https://support. microsoft.com/en-us/help/323076/how-to-set-event-log-security-locally-or-by-using-group-policy.
|
|
|
| Ensure the use of bidirectional authentication to establish trust betweenthe sender and receiver |
85 |
Transmission |
|
Medium |
No |
Medium |
Low |
|
| Connectedness Class |
Priority |
|
Medium |
|
85 |
Ensure the use of bidirectional authentication to establish trust betweenthe sender and receiver |
|
| Asset Class |
Connectedness Class |
Priority |
Potential Resistance |
Upfront Cost |
Ongoing Maint. Cost |
| Transmission |
|
Medium |
No |
Medium |
Low |
| Resource |
|
|
|
|
| For data transfers that utilize physical transmission utilize tamper evidentseals on the exterior of the packaging |
86 |
Transmission |
|
Medium |
No |
Low |
Low |
|
| Connectedness Class |
Priority |
|
Medium |
|
86 |
For data transfers that utilize physical transmission utilize tamper evidentseals on the exterior of the packaging |
|
| Asset Class |
Connectedness Class |
Priority |
Potential Resistance |
Upfront Cost |
Ongoing Maint. Cost |
| Transmission |
|
Medium |
No |
Low |
Low |
| Resource |
|
Check to see if vendors have this information as part of their product offerings. Additionally see information on tamper evident seals: http://permalink.lanl.gov/object/tr?what=info:lanl-repo/lareport/LA-UR-03-0269.
|
|
|
| Conduct criminal background checks for all staff including vendors,consultants and contractors supporting the election process |
87 |
Transmission |
|
Medium |
No |
Medium |
Medium |
|
| Connectedness Class |
Priority |
|
Medium |
|
87 |
Conduct criminal background checks for all staff including vendors,consultants and contractors supporting the election process |
|
| Asset Class |
Connectedness Class |
Priority |
Potential Resistance |
Upfront Cost |
Ongoing Maint. Cost |
| Transmission |
|
Medium |
No |
Medium |
Medium |
| Resource |
|
Examples of this include National Agency Check Criminal History: https://www.gsa.gov/forms-library/basic-national-agency-check-criminal-history.
|
|
|
| Track all hardware assets used for transferring data throughout their lifecycle |
88 |
Transmission |
|
Medium |
No |
Low |
Low |
|
| Connectedness Class |
Priority |
|
Medium |
|
88 |
Track all hardware assets used for transferring data throughout their lifecycle |
|
| Asset Class |
Connectedness Class |
Priority |
Potential Resistance |
Upfront Cost |
Ongoing Maint. Cost |
| Transmission |
|
Medium |
No |
Low |
Low |
| Resource |
|
NIST guidance on maintaining hardware inventories: https://nvd.nist.gov/800-53/Rev4/control/CM-8.
|
|
|
Blog post
•
30 Nov 2021
