Election Security Tools & Resources
Tools & Training
Various cybersecurity tools and training resources to help elections officials protect their systems and data.
![]() |
Weekly News AlertA non-technical publication for EI-ISAC members that provides news summaries and commentary on items of interest to the elections community. For more information, contact [email protected] or [email protected] |
![]() |
Cybersecurity SpotlightsA short non-technical explanation of a common cybersecurity term or practice, and its application to elections infrastructure. ![]() |
![]() |
Malicious Code Analysis Platform (MCAP)MCAP is a web-based service which allows members to submit suspicious files for analysis in a controlled and non-public fashion. MCAP also enables users to perform threat analysis based on domain, IP address, URL, HASH, and various IOCs. MCAP users are able to obtain the results from analysis, behavioral characteristics and additional detailed information which allows users to remediate the incident in a timely manner. This communication with our members provides the EI-ISAC with the situational awareness needed to assess the malware threat characteristics facing our SLTT government entities on a national level. ![]() |
![]() |
Elections Security ChecklistA checklist that highlights key services recommended in A Handbook for Elections Infrastructure Security and available opportunities to implement them. ![]() |
![]() |
Technology Recommendations for Federal Election Security FundingIdentifies tools that can improve an election office’s cybersecurity posture in accordance with funding provided to states through the Election Assistance Commission. ![]() |
![]() |
VideosVideo tutorials for EI-ISAC services and non-technical explanations of cybersecurity topics to help secure elections agencies. ![]() |
![]() |
BlogsBlog posts covering multiple cybersecurity topics including hardening elections infrastructure and limiting cyber threats. ![]() |
![]() |
Table Top ExercisesThe EI-ISAC supports national and local cyber exercises. For more information, contact [email protected] or [email protected] |
![]() |
Incident Response ChecklistLearn how to identify, respond to, and communicate information about a breach. ![]() |
![]() |
WebinarsBi-monthly national webinars examine critical and timely cybersecurity issues to provide participants with quality information in an interactive format. Attendees receive practical advice that can be applied immediately. ![]() |
Guides
Multiple guides to help elections agencies secure infrastructure, procurements, and more.
![]() |
A Handbook for Elections Infrastructure SecurityProtect your election's infrastructure with this free best practices handbook providing 88 best practices covering election management systems, voter registration systems, electronic pollbooks, vote capture devices, and results publishing. ![]() ![]() |
![]() |
A Guide for Ensuring Security in Election Technology ProcurementsComputer hardware, software, and services are often procured from various providers and are essential for an election organization to execute its mission. You can view the guidebook online and use the Searchable Best Practices Database to filter and export the appropriate procurement guidance for each of your IT projects. ![]() ![]() |
![]() |
Security Best Practices for Non-Voting Election Technology GuideAn extension of the Handbook for Election Infrastructure Security, these security best practices cover America’s non-voting election technology. Find best practices on hosting and architecture, servers and workstations, software applications, data management, and administration in one place. ![]() |
![]() |
RABET-VThe Rapid Architecture-Based Election Technology Verification (RABET-V) is an election technology verification process that supports rapid product changes by design. These documents give an overview of the process and a thorough review of the first pilot testing e-pollbook and election night reporting technologies. ![]() ![]() |
![]() |
Managing Cybersecurity Supply Chain Risks in Election TechnologyThis guide for election technology providers continues our approach of providing best practices for specific problem areas identified to CIS by the election community. It contains recommendations and best practices to address that need for cybersecurity risks, and refers to these other CIS documents to describe a holistic, consistent approach to risk management. ![]() |
Technical Resources
Technical resources to help elections officials harden their systems and data from cyber threats.
![]() |
Monthly Advisory SummarySummary of critical vulnerabilities identified in the previous month, along with recommendations for how executives should coordinate patching with their IT staff. For more information, contact [email protected] or [email protected] |
![]() |
Weekly Top Attacking IPs and DomainsWeekly reports are provided highlighting malicious IPs and domains the EI-ISAC has identified through monitoring during the past seven days. For more information, contact [email protected] or [email protected] |
![]() |
AnomaliAnomali is the ISAC’s STIX/TAXII offering that includes two tools for analyzing and sharing indicators, STAXX and Threatstream. STAXX is a free tool that can subscribe to and publish STIX/TAXII feeds. EI-ISAC members also receive access to Anomali Threatstream, which is an advanced platform for threat information sharing, research and analysis. For more information, contact [email protected] or [email protected] |
![]() |
Security PrimersShort documents to help bring elections officials up-to-speed on various cybersecurity threats such as ransomware. ![]() |
![]() |
CIS SecureSuite MembershipCIS SecureSuite Membership gives organizations around the world access to a collection of integrated cybersecurity resources such as CIS-CAT Pro Assessor, remediation content, and CIS-CAT Pro Dashboard. All of these tools help users evaluate and apply secure configuration settings to laptops, servers, network devices, and more. CIS SecureSuite Membership is free for U.S. SLTT organizations. ![]() |
Services
Multiple cybersecurity services help elections agencies review and improve their cybersecurity defenses.

![]() |
Security Operations Center (SOC)24/7 Security Operations Center staffed with cyber defense experts. |
![]() |
Computer Emergency Response Team (CERT)The Computer Emergency Response Team (CERT) helps elections officials respond to cybersecurity incidents. |
![]() |
IP and Domain MonitoringMonitoring alerts election offices on suspicious activity involving their IPs and domains. |
![]() |
Quarterly Threat ReportA summary of event-related data that may be of interest to elections officials, derived from the EI-ISAC's network monitoring services, information reported by trusted partners, gathered from open sources, and incidents responded to by the EI-ISAC. This report is intended to provide situational awareness of the elections community cyber risk landscape and should be used to assist election officials and their IT staff in their own analysis of the active information security threats facing their organizations. |
![]() |
Quarterly CallEach quarter, a cybersecurity call to review current topics affecting elections agencies. |
![]() |
Cyber AlertsAlerts about cybersecurity vulnerabilities that may affect elections agencies. |
![]() |
Threat notificationEI-ISAC analysts work with trusted affiliates to conduct research and gather intelligence about cyber threats (such as website defacements) targeting elections or elections-affiliated systems. Notices are sent to impacted EI-ISAC members based on predetermined escalation procedures. The EI-ISAC also provides recommended remediation steps and technical assistance. |
![]() |
Nationwide Cybersecurity Review (NCSR)The Nationwide Cybersecurity Review (NCSR) is an annual survey that helps elections agencies assess and understand their cyber defenses. ![]() |
![]() |
Homeland Security Information Network (HSIN)The Homeland Security Information Network (HSIN) is a portal for sharing sensitive, unclassified cybersecurity information. ![]() |
![]() |
Election Day Cyber Situational Awareness RoomEvery election day, the EI-ISAC operates a Situational Awareness Room to allow members and designated partners the opportunity to collaborate, share information, and provide observations in real time. |
![]() |
Emergency Conference CallsMembers have access to conference calls to brief all members on major incidents or emerging events. |
![]() |
AlbertAlbert Network Monitoring provides a signature-based intrusion detection system (IDS) for protecting elections agencies. ![]() |
![]() |
Security Assessment and ConsultingElections agencies can engage in cybersecurity assessments and consulting. ![]() |