U.S. flag   An official website of the United States government

NISTIR 8310 (Draft)

Cybersecurity Framework Election Infrastructure Profile

Date Published: March 2021
Comments Due: May 14, 2021
Email Comments to: NISTIR-8310-comments@nist.gov

Author(s)

Mary Brady (NIST), Gema Howell (NIST), Christina Sames (MITRE), Marc Schneider (MITRE), Julie Snyder (MITRE), David Weitzel (MITRE), Joshua Franklin (The Turnout)

Announcement

To help secure our elections, NIST has released Draft NISTIR 8310, Cybersecurity Framework Election Infrastructure Profile. This Profile provides a voluntary, risk-based approach for managing cybersecurity activities and reducing cyber risk to election infrastructure. The Profile is meant to supplement but not replace current cybersecurity standards and industry guidelines available to election officials.

This profile can be used in several ways, including the following: 

  • To highlight and communicate high priority security expectations,
  • To perform a self-assessment comparison of current risk management practices, or
  • As a baseline profile or example profile to reference when developing one’s own.

We look forward to reviewing all of your comments. We’d also appreciate your feedback on the following:

  • Does this profile meet your needs?
  • Are there specific sections more/less helpful? 
  • Share any thoughts about the separation of Mission Objective 1 into 1a and 1b (see Section 5).

We encourage you to submit your comments by May 14th using our comment template.

NOTE: A call for patent claims is included on page iv of this draft. For additional information, see the Information Technology Laboratory (ITL) Patent Policy--Inclusion of Patents in ITL Publications.

Abstract

Keywords

Cybersecurity Framework (CSF); elections; risk management; security controls; voter registration; voting; voting systems
Control Families

None selected

Documentation

Publication:
NISTIR 8310 (Draft) (DOI)
Local Download

Supplemental Material:
Comment template (xls)
NIST News article (web)

Document History:
03/29/21: NISTIR 8310 (Draft)

Topics

Security and Privacy
risk management

Applications
cybersecurity framework; voting