×
Why CIS Solutions Join CIS Resources
CIS WorkBench Sign-in CIS WorkBench Sign In Cloud Security CIS Cloud Security Support CIS Support


Why CIS

Who We Are

CIS is an independent, nonprofit organization with a mission to create confidence in the connected world



About Us Leadership Principles Testimonials

Solutions

secure your organization
Secure Your Organization


secure specific platforms
Secure Specific Platforms


cis securesuite CIS SecureSuite®
u s state local tribal and territorial governments
U.S. State, Local, Tribal & Territorial Governments


View All Products & Services  

Join CIS

Get Involved

Join CIS as a member, partner, or volunteer - or explore our career opportunities



CIS SecureSuite® Membership Multi-State ISAC (MS-ISAC®) Elections Infrastructure ISAC (EI-ISAC®) CIS CyberMarket® Vendors CIS Communities Careers

Resources

resources
Secure Your Organization


learn
Learn


filter by topic
Filter by Topic


View All Resources  
CIS Logo Show Search Expand Menu

Cybersecurity Spotlight – Why Election Offices Should Perform Security Assessments

A security assessment is a thorough, proactive study of an organization’s systems that helps identify security challenges and implement solutions. It is a benefit to election offices as they can use assessments to prevent cyberattacks, meet national standards, and gain voter trust.

How you can benefit

  • Identify and prevent security issues before they become a problem and cause potential damage.
  • Use assessment results to justify a budget, procure security resources, tools, and services.
  • Gain public trust through adherence to a recognized risk assessment framework, like the CIS Controls or NIST Framework. These were developed collaboratively by organizations with deep experience, allowing you to leverage their work and show voters they can have confidence in your organization’s security.

How you can get started

  • Review the CISA Resource Hub, where you can read about the different types of security assessments.
    • Determine the appropriate assessment type for your goals. You may be able to combine elements from several assessments to meet requirements.
    • Third parties can be hired to conduct impartial security assessments or if there is limited technical staff available.
  • Decide which systems and processes you want to include in the assessment, and work closely with technical staff or a vendor to identify system details.
  • Perform the assessment.
  • Review the findings with your staff, and form an action plan around the next steps.

Repeat assessments on a regular cadence to measure your growth.

Learn more about security assessments

---
Spotlights provide election officials with an overview of common cybersecurity topics, and how they relate to election infrastructure security. Please reach out to elections@cisecurity.org to request a topic.