Election Security Tools & Resources

Cybersecurity Spotlights

A short non-technical explanation of a common cybersecurity term or practice, and its application to elections infrastructure.

View all Cybersecurity Spotlights

Malicious Code Analysis Platform (MCAP)

MCAP is a web-based service which allows members to submit suspicious files for analysis in a controlled and non-public fashion. MCAP also enables users to perform threat analysis based on domain, IP address, URL, HASH, and various IOCs.

MCAP users are able to obtain the results from analysis, behavioral characteristics and additional detailed information which allows users to remediate the incident in a timely manner. This communication with our members provides the EI-ISAC with the situational awareness needed to assess the malware threat characteristics facing our SLTT government entities on a national level.

Login to MCAP

Elections Security Checklist

A checklist that highlights key services recommended in A Handbook for Elections Infrastructure Security and available opportunities to implement them.

Download

Technology Recommendations for Federal Election Security Funding

Identifies tools that can improve an election office’s cybersecurity posture in accordance with funding provided to states through the Election Assistance Commission.

Download

Videos

Video tutorials for EI-ISAC services and non-technical explanations of cybersecurity topics to help secure elections agencies.

View Election Related Videos

Blogs

Blog posts covering multiple cybersecurity topics including hardening elections infrastructure and limiting cyber threats.

View Election Related Blogs

Table Top Exercises

The EI-ISAC supports national and local cyber exercises.

Incident Response Checklist

Learn how to identify, respond to, and communicate information about a breach.

Download

Webinars

Bi-monthly national webinars examine critical and timely cybersecurity issues to provide participants with quality information in an interactive format. Attendees receive practical advice that can be applied immediately.

View all Webinars

A Handbook for Elections Infrastructure Security

Protect your election's infrastructure with this free best practices handbook providing 88 best practices covering election management systems, voter registration systems, electronic pollbooks, vote capture devices, and results publishing.

Search Best Practices

A Guide for Ensuring Security in Election Technology Procurements

Computer hardware, software, and services are often procured from various providers and are essential for an election organization to execute its mission. You can view the guidebook online and use the Searchable Best Practices Database to filter and export the appropriate procurement guidance for each of your IT projects.

Search Best Practices

Security Best Practices for Non-Voting Election Technology Guide

An extension of the Handbook for Election Infrastructure Security, these security best practices cover America’s non-voting election technology. Find best practices on hosting and architecture, servers and workstations, software applications, data management, and administration in one place.

Download

RABET-V

The Rapid Architecture-Based Election Technology Verification (RABET-V) is an election technology verification process that supports rapid product changes by design. These documents give an overview of the process and a thorough review of the first pilot testing e-pollbook and election night reporting technologies.

Download RABET-V Overview Whitepaper

Download RABET-V Pilot Final Report

Managing Cybersecurity Supply Chain Risks in Election Technology

This guide for election technology providers continues our approach of providing best practices for specific problem areas identified to CIS by the election community. It contains recommendations and best practices to address that need for cybersecurity risks, and refers to these other CIS documents to describe a holistic, consistent approach to risk management.

Download

Monthly Advisory Summary

Summary of critical vulnerabilities identified in the previous month, along with recommendations for how executives should coordinate patching with their IT staff.

Weekly Top Attacking IPs and Domains

Weekly reports are provided highlighting malicious IPs and domains the EI-ISAC has identified through monitoring during the past seven days.

Anomali

Anomali is the ISAC’s STIX/TAXII offering that includes two tools for analyzing and sharing indicators, STAXX and Threatstream. STAXX is a free tool that can subscribe to and publish STIX/TAXII feeds. EI-ISAC members also receive access to Anomali Threatstream, which is an advanced platform for threat information sharing, research and analysis.

Security Primers

Short documents to help bring elections officials up-to-speed on various cybersecurity threats such as ransomware.

View Security Primers

CIS SecureSuite Membership

CIS SecureSuite Membership gives organizations around the world access to a collection of integrated cybersecurity resources such as CIS-CAT Pro Assessor, remediation content, and CIS-CAT Pro Dashboard. All of these tools help users evaluate and apply secure configuration settings to laptops, servers, network devices, and more. CIS SecureSuite Membership is free for U.S. SLTT organizations.

Enroll in CIS SecureSuite Membership

Security Operations Center (SOC)

24/7 Security Operations Center staffed with cyber defense experts.

Computer Emergency Response Team (CERT)

The Computer Emergency Response Team (CERT) helps elections officials respond to cybersecurity incidents.

IP and Domain Monitoring

Monitoring alerts election offices on suspicious activity involving their IPs and domains.

Quarterly Threat Report

A summary of event-related data that may be of interest to elections officials, derived from the EI-ISAC's network monitoring services, information reported by trusted partners, gathered from open sources, and incidents responded to by the EI-ISAC. This report is intended to provide situational awareness of the elections community cyber risk landscape and should be used to assist election officials and their IT staff in their own analysis of the active information security threats facing their organizations.

Quarterly Call

Each quarter, a cybersecurity call to review current topics affecting elections agencies.

Cyber Alerts

Alerts about cybersecurity vulnerabilities that may affect elections agencies.

Threat notification

EI-ISAC analysts work with trusted affiliates to conduct research and gather intelligence about cyber threats (such as website defacements) targeting elections or elections-affiliated systems. Notices are sent to impacted EI-ISAC members based on predetermined escalation procedures. The EI-ISAC also provides recommended remediation steps and technical assistance.

Nationwide Cybersecurity Review (NCSR)

The Nationwide Cybersecurity Review (NCSR) is an annual survey that helps elections agencies assess and understand their cyber defenses.

View

Homeland Security Information Network (HSIN)

The Homeland Security Information Network (HSIN) is a portal for sharing sensitive, unclassified cybersecurity information.

View

Election Day Cyber Situational Awareness Room

Every election day, the EI-ISAC operates a Situational Awareness Room to allow members and designated partners the opportunity to collaborate, share information, and provide observations in real time.

Emergency Conference Calls

Members have access to conference calls to brief all members on major incidents or emerging events.

Albert

Albert Network Monitoring provides a signature-based intrusion detection system (IDS) for protecting elections agencies.

Learn more

Security Assessment and Consulting

Elections agencies can engage in cybersecurity assessments and consulting.

Learn more

CISA Election Security

View

EAC Election Security Preparedness

View

Google Protect Your Election

View

Cloudflare Athenian Project

View

Global Cyber Alliance Cybersecurity Toolkit for Elections

View