Why CIS Solutions Join CIS Resources
CIS WorkBench Sign-in CIS WorkBench Sign In CIS Hardened Images CIS Hardened Images Support CIS Support


Who We Are

CIS is an independent, nonprofit organization with a mission to create confidence in the connected world

About Us Leadership Principles Testimonials


secure your organization
Secure Your Organization

secure specific platforms
Secure Specific Platforms

cis securesuite CIS SecureSuite® Learn More      Apply Now  
u s state local tribal and territorial governments
U.S. State, Local, Tribal & Territorial Governments

View All Products & Services  

Join CIS

Get Involved

Join CIS as a member, partner, or volunteer - or explore our career opportunities

CIS SecureSuite® Membership Multi-State ISAC (MS-ISAC®) Elections Infrastructure ISAC (EI-ISAC®) CIS CyberMarket® Vendors CIS Communities Careers




filter by topic
Filter by Topic

View All Resources  
CIS Logo Show Search Expand Menu

Election Security Spotlight – Why Election Offices Should Perform Security Assessments

A security assessment is a thorough, proactive study of an organization’s systems that helps identify security challenges and implement solutions. It is a benefit to election offices as they can use assessments to prevent cyberattacks, meet national standards, and gain voter trust.

How you can benefit

  • Identify and prevent security issues before they become a problem and cause potential damage.
  • Use assessment results to justify a budget, procure security resources, tools, and services.
  • Gain public trust through adherence to a recognized risk assessment framework, like the CIS Controls or NIST Framework. These were developed collaboratively by organizations with deep experience, allowing you to leverage their work and show voters they can have confidence in your organization’s security.

How you can get started

  • Review the CISA Resource Hub, where you can read about the different types of security assessments.
    • Determine the appropriate assessment type for your goals. You may be able to combine elements from several assessments to meet requirements.
    • Third parties can be hired to conduct impartial security assessments or if there is limited technical staff available.
  • Decide which systems and processes you want to include in the assessment, and work closely with technical staff or a vendor to identify system details.
  • Perform the assessment.
  • Review the findings with your staff, and form an action plan around the next steps.

Repeat assessments on a regular cadence to measure your growth.

Learn more about security assessments

Spotlights provide election officials with an overview of common cybersecurity topics, and how they relate to election infrastructure security. Please reach out to elections@cisecurity.org to request a topic.