Election Security Resource Library

CISA’s election security resource library provides voluntary, no-cost informational resources for use by state, local, tribal and territorial (SLTT) governments; private sector election infrastructure partners; and the public. These resources are designed to enhance the security and resilience of election infrastructure by helping stakeholders understand and mitigate risks to elections.

Physical Security

Physical Security Checklist for Election Offices

This checklist provides questions designed to help election officials identify areas to enhance physical security at election infrastructure facilities and take action to implement low- or no-cost options in the short term.

Physical Security Checklist for Polling Locations

This resource assists election officials with improving physical security by reviewing existing security practices—and helping to identify areas for improvement—through an easy-to-use questionnaire.

Physical Security of Voting Locations and Election Facilities

A general guide with resources and actionable steps to connect, plan, train, and report for election officials to improve their physical security posture and enhance resilience of election operations in their jurisdiction.

Election Infrastructure Insider Threat Mitigation Guide

This resource offers guidance on understanding and mitigating the risk of insider threats to elections, highlights risk relevant to elections, and offers direction for establishing an insider threat mitigation program.

Ballot Drop Box Security Best Practices for Incendiary Devices

The following information is intended as best practice considerations for election officials in states where voting is already underway, and resource intensive adjustments to drop box locations are not feasible.

Ballot Drop Box Resource Document

SLTT guidance on how to administer and secure election ballot drop box infrastructure. General guidance around number of boxes needed and good locations, as well as security considerations and resources are outlined.

Swatting Prevention and Response Guidance for Election Workers and Law Enforcement

Guidance document provides an overview of swatting and recommended practices for preventing and responding to swatting incidents for both election workers and law enforcement.

2024 U.S. Federal Elections: The Insider Threat

CISA, FBI, DHS, and EAC jointly prepared this overview to help election infrastructure stakeholders defend against insider threats to elections.

Cybersecurity

No Downtime in Elections: A Guide to Mitigating Risks of Denial of Service

This guide helps election officials think through how systems may be impacted by denial-of-service (DoS) incidents, how to coordinate with service providers, and how to incorporate DoS incidents into incident response planning.

Election Security Navigator Guidebook

States considering a navigator program can refer to this guide to learn about the navigator concept, areas navigators support, funding and resource considerations, and the different navigator program models.

Hyper Text Transfer Protocol Secure (HTTPS)

This fact sheet provides an overview of how and why HTTPS is used to encrypt and secure information transmitted between a user's web browser and website. Encryption is especially important for online voter registration.

Securing Voter Registration Data

An overview of threats to voter registration databases and recommended preventative measures, including steps to take after unauthorized access to voter registration data, relevant recourses, and points of contact.

Domain-Based Message Authentication, Reporting, and Conformance (DMARC)

A fact sheet on DMARC - the email authentication policy that protects against fake emails disguised to look like legitimate emails from trusted sources, instructions for handling a fraudulent email, and how to adopt DMARC.

Multi-Factor Authentication (MFA)

This fact sheet describes how MFA, a security approach requiring two or more credentials at login, reduces the risk of adversaries gaining access to the targeted physical space, computing device, network, or database.

Ransomware Fact Sheet

A fact sheet that includes best practices to protect your systems and data against ransomware, planning for a ransomware incident, recovering from a ransomware attack, and CISA services and support.

Actions to Counter Email-Based Attacks on Election-Related Entities

A fact sheet on how to counter or prevent email-based attacks, including best practices to reduce potential email-based cybersecurity threats, ways to secure user accounts, and take advantage of security measures offered by email providers.

Cyber Incident Detection and Notification Planning Guide for Election Security

This guide helps jurisdictions effectively recognize and respond to potential cyber incidents. Election offices can use this as a basic cyber incident response plan or integrate it into a broader plan.

Campaign Checklist for Securing Your Cyber Infrastructure

A checklist for political campaigns to protect against malicious actors via a variety of recommended cybersecurity measures. The checklist notes general steps to take along with explanations of the security benefits they afford.

Risk Management for Electronic Ballot Delivery, Marking, and Return

In this 2020 document, we identify risks and considerations for election administrators seeking to use electronic ballot delivery, electronic ballot marking, and/or electronic return of marked ballots.

Transitioning to .GOV: Helping Mitigate Election Office Cybersecurity and Impersonation Risks

This guide encourages election offices to adopt a .gov domain to help them and other state, local, tribal, and territorial (SLTT) government entities mitigate impersonation and cybersecurity risks.

Operational Risk

Overview of the 2024 Presidential Election Post-Election Process

This infographic provides an approximate timeline of post-election processes for the 2024 Presidential Election from the close of polls on Election Day, November 5, 2024 to Inauguration Day on January 20, 2025.

Election Results Reporting Infographic

This infographic helps viewers understand election results. Election night results are unofficial. Official results take time; it is normal for unofficial results to evolve. Security measures help ensure the integrity of results.

How Priority Telecommunications Services (PTS) Assist in Election Security

This page details the three CISA Priority Telecommunications Services and how they can assist in election security.

2024 General Election: Cross-Sector Checklist to Support Elections

This checklist provides a series of questions to help critical infrastructure owners identify actions they can take to support elections.

Guide to Operations Security for Election Officials

This essential guide aims to enhance the security of election operations by providing a thorough overview of operations security (OPSEC) within the election context, highlighting potential risks and offering practical mitigation strategies.

Election Mail Handling Procedures to Protect Against Hazardous Materials

This guide provides an overview for election officials on preparing to handle mail safely, identifying potentially suspicious mail, and responding to potential hazardous materials exposure from handling mail.

Mail-in Voting Risk Assessment Infographic

This infographic assists the election community and federal partners in understanding and managing risk to critical elections systems. The risk assessment evaluates specific risks to mail-in voting.

CISA Insights: Chain of Custody and Critical Infrastructure Systems

An overview of chain of custody, the risks resulting from a broken chain of custody, and an initial framework with five actionable steps for critical infrastructure owners and operators to secure chain of custody.

U.S. Electoral Process Infographic

This infographic outlines the risks with results reporting systems and how to mitigate and manage both static (risks to systems from cyber actors) and dynamic (risks to information over time) risks.

Enhancing Election Security Through Public Communications

This guide helps election officials apply communication best practices to election processes.

Foreign Influence Operations and Disinformation

Securing Election Infrastructure Against the Tactics of Foreign Malign Influence Operations

This guide offers actionable steps to combat the evolving tactics of foreign malign influence operations.

Rumor vs. Reality

Rumor vs. Reality provides accurate and reliable information that relate broadly to the security of election infrastructure and related processes. It informs voters and helps them build resilience against disinformation narratives.

Tactics of Disinformation

This publication helps readers understand disinformation tactics, increase preparedness, and promote resilience when faced with disinformation. The guide includes a general overview of disinformation tactics, ways to combat them.

CISA Insights: Preparing for and Mitigating Foreign Influence Operations Targeting Critical Infrastructure

This CISA Insights makes critical infrastructure owners and operators aware of the risks of influence operations leveraging social media and online platforms. Organizations can take steps to ensure swift information sharing.

Contextualizing Deepfake Threats to Organizations

An overview of synthetic media threats, techniques, and trends. Threats from synthetic media, such as deepfakes, have exponentially increased—presenting a growing challenge to include for national critical infrastructure owners and operators.

Risk in Focus: Generative A.I. and the 2024 Election Cycle

An overview of generative AI-enabled capabilities relevant to election security, how these capabilities can be used to target the security and integrity of election infrastructure, and basic mitigations to counter these risks.

Election Infrastructure Subsector

Halftone dot illustration of open mail, a laptop, and cellphone

Supply Chain Risks to Election Infrastructure Subsector Infographic (SCC)

Securing the complex supply chains serving our election infrastructure is mission critical, and comprehensive risk analysis is an important component of this process. This infographic provides some key considerations and recommendations.

DHS Election Infrastructure Security Funding Consideration (GCC)

This report provides the election community possible considerations, both short- and long-term, for the use of 2018 Congressionally appropriated election funding, as well as support for procurement decisions regarding use of the funding.

Election Infrastructure Subsector Specific Plan (Joint GCC-SCC)

This Plan combines the mission, goals, and priorities of public and private sector partners to help foster ongoing collaboration. It outlines the Subsector’s strategic direction for enhancing election infrastructure security.

Rumor Control Webpage Start-Up Guide (Joint GCC-SCC)

This guide is for organizations, SLTT government officials, and private sector partners seeking to dispel specific MDM narratives through transparent and authoritative information.

Joint Releases with Federal Partners

CISA and USPIS Election Mail Security Resources

CISA and the United States Postal Inspection Service (USPIS) have released an Election Mail Security Public Service Announcement (PSA) and a specialized training video for election officials.

2024 PSA: Just So You Know: Foreign Threat Actors Likely to Use a Variety of Tactics to Develop and Spread Disinformation During 2024 U.S. General Election Cycle

The FBI and CISA are issuing this public service announcement (PSA) to raise awareness of the efforts posed by foreign threat actors to spread disinformation in the lead up to, and likely in the days following, the 2024 U.S. general election.

2024 PSA: FBI and CISA Release Joint PSA, Just So You Know: False Claims of Hacked Voter Information Likely Intended to Sow Distrust of U.S. Elections

This PSA raises awareness of attempts to undermine public confidence in the security of U.S. election infrastructure through the spread of disinformation falsely claiming that cyberattacks compromised U.S. voter registration databases.

2024 PSA: Just So You Know: Ransomware Disruptions During Voting Periods Will Not Impact the Security and Resilience of Vote Casting or Counting

This PSA informs the public that while ransomware attacks against state or local government networks or election infrastructure could cause localized delays, they will not compromise the security or accuracy of vote casting or counting processes.

2024 PSA: Just So You Know: DDoS Attacks Could Hinder Access to Election Information, Would Not Prevent Voting

The FBI and CISA are issuing this announcement to raise awareness that DDoS attacks on election infrastructure could hinder public access to election information but would not impact the security or integrity of election processes.

Federal Executive Branch Agencies Roles and Responsibilities in United States Elections

This fact sheet provides state and local officials with vital information and resources to securely conduct election functions.

2022: Foreign Actors Likely to Use Information Manipulation Tactics for 2022 Midterm Elections

Informs the public that foreign actors may intensify efforts to influence the outcome of the 2022 midterm elections.

2022: Malicious Cyber Activity Against Election Infrastructure Unlikely to Disrupt or Prevent Voting

Informs the public that attempts by cyber actors to compromise election infrastructure are unlikely to result in large-scale disruptions or prevent voting.