Oct 18, 2019 SOURCE: PR NewsWire

Center for Internet Security, Inc. (CIS®) Launches Security Best Practices for Non-Voting Election Technology

EAST GREENBUSH, N.Y., Oct. 18, 2019 /PRNewswire/ -- The Center for Internet Security (CIS) recently released the Security Best Practices for Non-Voting Election Technology Guide. This fact sheet highlights some of the key takeaways from the guide, which is designed to assist elections officials with non-voting technology security.

What is it?

The latest guide to be released by CIS(®) is the CIS Security Best Practices for Non-Voting Election Technology. Non-voting election technology includes electronic pollbooks, electronic ballot delivery, election night reporting, and voter registration portals. These new best practices for securing U.S. election infrastructure are heavily informed by our CIS Benchmarks((TM) )and CIS Controls(®).

Background

The release of CIS Security Best Practices for Non-Voting Election Technology rounds out the trilogy of guides that continue to help elections officials.

Earlier this year, CIS unveiled A Guide for Ensuring Security in Election Technology Procurements to help election officials understand and navigate the complex election procurement process.

A Handbook for Elections Infrastructure Security, which CIS released in 2018, provides best practices to help elections officials better understand what to focus on, how to prioritize, and how to parse the enormous amount of guidance available on protecting information technology (IT) systems. The Handbook recommends 88 best practices to secure the overall election infrastructure.

Why did CIS develop these documents?

CIS is recognized as a cybersecurity best practice provider, and is home to the Multi-State Information Sharing and Analysis Center(®) (MS-ISAC(®)). The MS-ISAC is the go-to resource for cyber threat prevention, protection, response, and recovery for U.S. State, Local, Tribal, and Territorial (SLTT) government entities, and the Elections Infrastructure Information Sharing and Analysis Center(®) (EI-ISAC(®)). The latter was established by the Elections Government Sector Coordinating Council to support the cybersecurity needs of the elections subsector. The EI-ISAC is an operational threat sharing environment for all voting issues that continually supports SLTT elections officials in their efforts to secure U.S. elections. Election agencies gain access to an elections-focused cyber defense suite, including sector-specific threat intelligence products, incident response and remediation, threat and vulnerability monitoring, cybersecurity awareness and training products, and tools for implementing security best practices from the EI-ISAC.

Who are these documents intended for?

Elections officials, manufacturers, owners, and operators of elections systems and their associated IT components.

How did CIS create the content this guide?

CIS created these guides by working with election technology providers, state and local election technologists, and other community stakeholders to create consensus based best practices. These elections experts decided to create a guide that covers best practices in five areas: Networking and architecture, servers and workstations, software applications, data, and administration. The authors created 20 security controls with 160 best practices, including those that help mitigate attacks such as denial of service, ransomware, spear phishing, and exploitation of software vulnerabilities.

Why did CIS develop the second guide focused on Internet-connected election technology?

As follow-on work to the A Handbook for Elections Infrastructure Security, this guide focuses on a subsection of the overall election infrastructure to provide more specific guidance on internet-connected services. Due to their connection to the Internet, these services are the most at-risk components of the election infrastructure. Implementing the recommendations in CIS Security Best Practices for Non-Voting Election Technology can significantly reduce the risk of Internet-connected election technologies being compromised and adversely impacting Election Day operations.

Where can these guides be accessed?

These guides can be downloaded for free at: www.cisecurity.org/elections-resources

For additional information please contact CIS Media Relations: Email 226572@email4pr.com or call: (518) 266-3460 and ask for a member of the CIS Media Team.

View original content to download multimedia:http://www.prnewswire.com/news-releases/center-for-internet-security-inc-cis-launches-security-best-practices-for-non-voting-election-technology-300940978.html

SOURCE Center for Internet Security

Related News

CyberSecure IPS And Databank Partner To Bring Enhanced Physical Security To DataBank's National Data Center Footprint

Manufacturing Information Sharing and Analysis Center (MFG-ISAC) Partners With MISI DreamPort to Advance the Security of the Manufacturing Sector

Former Citigroup Global Head of Information Security Joins IntSights Advisory Board

Verve Security Center Unveils Version 8.0 to Enhance Ease of Use, Depth of Insight and Speed to Remediation for ICS Cyber Security

Keysight’s Automotive Cybersecurity Test System Selected by Eastern Michigan University’s School of Information Security & Applied Computing

Center for Internet Security Funds No-Cost Service to Help Protect all U.S. Private Hospitals Against Ransomware

PsiQuantum publishes paper projecting a 700x reduction in the computational resource requirements for breaking Elliptic Curve Cryptography using a fault tolerant quantum computer

Fortress Information Security Adds New Partner In Securing U.S. Power Grid

View all News

Related Procurements

Deadline: Dec 31, 2069

59--CIRCUIT CARD ASSEMB

Totcal cancellation no FY20 funding

Deadline: Oct 1, 2024

Microelectronics Innovation for Next-generation System Advancement and Validation (MINSAV) Advanced Research Announcement (ARA) with Calls

This is to post questions and answers and OSD Briefing from Industry Day.

Deadline: Oct 31, 2024

Air Superiority Technology Broad Agency Annoucement

This Broad Agency Announcement (BAA) is for the Air Force Research Laboratory Munitions directorate (AFRL/RW) in support of Air Superiority Technolgoy. Operations Security (OPSEC): General OPSEC procedures,...

View all Procurementsp