Standards > Cybersecurity

Cybersecurity

Running elections that voters trust requires preparing for emergencies and ensuring security to safeguard critical infrastructure. Robust emergency planning, physical security, and cybersecurity demonstrate a commitment to safeguarding the people, places, materials, and data involved in running secure and transparent elections. This is one of three standards that define excellence in emergencies and security. This draft standard will be updated based on feedback from the election community.

Standard

Your election office ensures the integrity and operation of your digital infrastructure. To achieve this standard:

  • You have a designated security partner inside or outside your office to coordinate and advise on your cybersecurity practices.
  • You use strategies to limit, control, and monitor access to digital systems including any online platform your office uses.
  • Your publicly available, online election information is available on an accessible website that uses security techniques to protect against security breaches and tampering.  
  • Your policies govern acceptable use of official systems and networks including appropriate access controls, incident notification procedures, and basic cybersecurity safety for users.
  • Your office receives periodic cybersecurity awareness training and ensures all staff understand their responsibilities as active contributors to security.
  • Your cybersecurity practices are regularly assessed against industry best practices to identify opportunities for improvement.
  • You have a backup process that can be accessed in the case of a system failure, and you regularly back up your data.  
  • You inform the public about the cybersecurity measures taken by your office.

Why this standard matters

It is important that we are explicit about the underlying why for each standard. While not attached to measurements, the intended impact of an election department achieving this standard is that:

  • Election departments will protect the integrity and confidentiality of administrative and core election systems.
  • Election departments will be resilient and mitigate risk of disruption from cyberattacks.
  • Voters have increased confidence when they can access trusted and secure information from government websites.

Let us know what you think

Share feedback