Election Security Resource Library
CISA’s election security resource library provides voluntary, no-cost informational resources for use by state, local, tribal and territorial (SLTT) governments; private sector election infrastructure partners; and the public. These resources are designed to enhance the security and resilience of election infrastructure by helping stakeholders understand and mitigate risks to elections.
Physical Security
Physical Security Checklist for Polling Locations
This resource assists election officials with improving physical security by reviewing existing security practices—and helping to identify areas for improvement—through an easy-to-use questionnaire.
Physical Security of Voting Locations and Election Facilities
A general guide with resources and actionable steps to connect, plan, train, and report for election officials to improve their physical security posture and enhance resilience of election operations in their jurisdiction.
Election Infrastructure Insider Threat Mitigation Guide
This resource offers guidance on understanding and mitigating the risk of insider threats to elections, highlights risk relevant to elections, and offers direction for establishing an insider threat mitigation program.
Ballot Drop Box Resource Document
SLTT guidance on how to administer and secure election ballot drop box infrastructure. General guidance around number of boxes needed and good locations, as well as security considerations and resources are outlined.
Cybersecurity
No Downtime in Elections: A Guide to Mitigating Risks of Denial of Service
This guide helps election officials think through how systems may be impacted by denial-of-service (DoS) incidents, how to coordinate with service providers, and how to incorporate DoS incidents into incident response planning. Spanish Version
Election Security Navigator Guidebook
States considering a navigator program can refer to this guide to learn about the navigator concept, areas navigators support, funding and resource considerations, and the different navigator program models.
Hyper Text Transfer Protocol Secure (HTTPS)
This fact sheet provides an overview of how and why HTTPS is used to encrypt and secure information transmitted between a user's web browser and website. Encryption is especially important for online voter registration.
Securing Voter Registration Data
An overview of threats to voter registration databases and recommended preventative measures, including steps to take after unauthorized access to voter registration data, relevant recourses, and points of contact.
Domain-Based Message Authentication, Reporting, and Conformance (DMARC)
A fact sheet on DMARC - the email authentication policy that protects against fake emails disguised to look like legitimate emails from trusted sources, instructions for handling a fraudulent email, and how to adopt DMARC. Spanish Version
Multi-Factor Authentication (MFA)
This fact sheet describes how MFA, a security approach requiring two or more credentials at login, reduces the risk of adversaries gaining access to the targeted physical space, computing device, network, or database.
Ransomware Fact Sheet
A fact sheet that includes best practices to protect your systems and data against ransomware, planning for a ransomware incident, recovering from a ransomware attack, and CISA services and support.
Actions to Counter Email-Based Attacks on Election-Related Entities
A fact sheet on how to counter or prevent email-based attacks, including best practices to reduce potential email-based cybersecurity threats, ways to secure user accounts, and take advantage of security measures offered by email providers.
Cyber Incident Detection and Notification Planning Guide for Election Security
This guide helps jurisdictions effectively recognize and respond to potential cyber incidents. Election offices can use this as a basic cyber incident response plan or integrate it into a broader plan.
Campaign Checklist for Securing Your Cyber Infrastructure
A checklist for political campaigns to protect against malicious actors via a variety of recommended cybersecurity measures. The checklist includes general steps to take along with explanations of the security benefits they afford.
Risk Management for Electronic Ballot Delivery, Marking, and Return
In this 2020 document, we identify risks and considerations for election administrators seeking to use electronic ballot delivery, electronic ballot marking, and/or electronic return of marked ballots.
Transitioning to .GOV: Helping Mitigate Election Office Cybersecurity and Impersonation Risks
This guide encourages election offices to adopt a .gov domain to help them and other state, local, tribal, and territorial (SLTT) government entities mitigate impersonation and cybersecurity risks.
Operational Risk
Election Mail Handling Procedures to Protect Against Hazardous Materials
This guide provides an overview for election officials on preparing to handle mail safely, identifying potentially suspicious mail, and responding to potential hazardous materials exposure from handling mail.
Mail-in Voting Risk Assessment Infographic
This infographic assists the election community and federal partners in understanding and managing risk to critical elections systems. The risk assessment evaluates specific risks to mail-in voting.
CISA Insights: Chain of Custody and Critical Infrastructure Systems
An overview of chain of custody, the risks resulting from a broken chain of custody, and an initial framework with five actionable steps for critical infrastructure owners and operators to secure chain of custody.
U.S. Electoral Process Infographic
This infographic outlines the risks with results reporting systems and how to mitigate and manage both static (risks to systems from cyber actors) and dynamic (risks to information over time) risks.
Foreign Influence Operations and Disinformation
Securing Election Infrastructure Against the Tactics of Foreign Malign Influence Operations
This guide offers actionable steps to combat the evolving tactics of foreign malign influence operations.
Rumor vs. Reality
Rumor vs. Reality provides accurate and reliable information that relate broadly to the security of election infrastructure and related processes. It informs voters and helps them build resilience against disinformation narratives.
Tactics of Disinformation
This publication helps readers understand disinformation tactics, increase preparedness, and promote resilience when faced with disinformation. The guide includes a general overview of disinformation tactics, ways to combat them.
CISA Insights: Preparing for and Mitigating Foreign Influence Operations Targeting Critical Infrastructure
This CISA Insights makes critical infrastructure owners and operators aware of the risks of influence operations leveraging social media and online platforms. Organizations can take steps to ensure swift information sharing.
Contextualizing Deepfake Threats to Organizations
An overview of synthetic media threats, techniques, and trends. Threats from synthetic media, such as deepfakes, have exponentially increased—presenting a growing challenge to include for national critical infrastructure owners and operators.
Risk in Focus: Generative A.I. and the 2024 Election Cycle
An overview of generative AI-enabled capabilities relevant to election security, how these capabilities can be used by malicious actors to target the security and integrity of election infrastructure, and basic mitigations to counter these risks.
Election Infrastructure Subsector
Supply Chain Risks to Election Infrastructure Subsector Infographic (SCC)
Securing the complex supply chains serving our election infrastructure is mission critical, and comprehensive risk analysis is an important component of this process. This infographic provides some key considerations and recommendations.
DHS Election Infrastructure Security Funding Consideration (GCC)
This report provides the election community possible considerations, both short- and long-term, for the use of 2018 Congressionally appropriated election funding, as well as support for procurement decisions regarding use of the funding.
Election Infrastructure Subsector Specific Plan (Joint GCC-SCC)
This Plan combines the mission, goals, and priorities of its public and private sector partners to help foster ongoing collaboration. It also outlines the Subsector’s strategic direction for enhancing election infrastructure security.
Rumor Control Webpage Start-Up Guide (Joint GCC-SCC)
This guide is for organizations, SLTT government officials, and private sector partners seeking to dispel specific MDM narratives through transparent and authoritative information.
Joint Releases with Federal Partners
Federal Executive Branch Agencies Roles and Responsibilities in United States Elections
This fact sheet provides state and local officials with vital information and resources to securely conduct election functions.
2022: Foreign Actors Likely to Use Information Manipulation Tactics for 2022 Midterm Elections
Informs the public that foreign actors may intensify efforts to influence the outcome of the 2022 midterm elections.
2022: Malicious Cyber Activity Against Election Infrastructure Unlikely to Disrupt or Prevent Voting
Informs the public that attempts by cyber actors to compromise election infrastructure are unlikely to result in large-scale disruptions or prevent voting.
Election Security Services
Interagency Security Resource for the Election Sector
A summary of resources available to assist SLTT election officials and their private sector partners in responding to threats to personnel and guidance on assessing and mitigating risks to their physical assets.
Cybersecurity Toolkit to Protect Elections
A compiled toolkit of free services and tools intended to help state and local government officials, election officials, and vendors enhance the cybersecurity and cyber resilience of U.S. election infrastructure.
Elections Cyber Tabletop in a Box
This package includes exercise objectives, scenarios, and discussion questions, as well as a collection of cybersecurity references and resources. Use the exercise package to initiate discussions about addressing threats to election infrastructure.
Sign up for a .gov Domain
A fact sheet explaining the importance of a .gov domain to combat false and misleading election information. CISA provides .gov domains for election offices to help the public quickly identify accurate election information.