Election Security Spotlight – Why Election Offices Should Perform Security Assessments
A security assessment is a thorough, proactive study of an organization’s systems that helps identify security challenges and implement solutions. It is a benefit to election offices as they can use assessments to prevent cyberattacks, meet national standards, and gain voter trust.
How you can benefit
- Identify and prevent security issues before they become a problem and cause potential damage.
- Use assessment results to justify a budget, procure security resources, tools, and services.
- Gain public trust through adherence to a recognized risk assessment framework, like the CIS Controls or NIST Framework. These were developed collaboratively by organizations with deep experience, allowing you to leverage their work and show voters they can have confidence in your organization’s security.
How you can get started
- Review the CISA Resource Hub, where you can read about the different types of security assessments.
- Determine the appropriate assessment type for your goals. You may be able to combine elements from several assessments to meet requirements.
- Third parties can be hired to conduct impartial security assessments or if there is limited technical staff available.
- Decide which systems and processes you want to include in the assessment, and work closely with technical staff or a vendor to identify system details.
- Perform the assessment.
- Review the findings with your staff, and form an action plan around the next steps.
Repeat assessments on a regular cadence to measure your growth.
Learn more about security assessments
- CIS CSAT: A Free Tool for Assessing Implementation of CIS Controls
- CISA Election Infrastructure Security Resource Guide
- Start on Page 4, “Assessments”
Spotlights provide election officials with an overview of common cybersecurity topics, and how they relate to election infrastructure security. Please reach out to firstname.lastname@example.org to request a topic.