Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

NIST IR 8310 (Initial Public Draft)

Cybersecurity Framework Election Infrastructure Profile

Date Published: March 2021
Comments Due: May 14, 2021 (public comment period is CLOSED)
Email Questions to: NISTIR-8310-comments@nist.gov

Planning Note (02/26/2024):

This draft report references the NIST Cybersecurity Framework v1.1.


Author(s)

Mary Brady (NIST), Gema Howell (NIST), Christina Sames (MITRE), Marc Schneider (MITRE), Julie Snyder (MITRE), David Weitzel (MITRE), Joshua Franklin (The Turnout)

Announcement

To help secure our elections, NIST has released Draft NISTIR 8310, Cybersecurity Framework Election Infrastructure Profile. This Profile provides a voluntary, risk-based approach for managing cybersecurity activities and reducing cyber risk to election infrastructure. The Profile is meant to supplement but not replace current cybersecurity standards and industry guidelines available to election officials.

This profile can be used in several ways, including the following: 

  • To highlight and communicate high priority security expectations,
  • To perform a self-assessment comparison of current risk management practices, or
  • As a baseline profile or example profile to reference when developing one’s own.

We look forward to reviewing all of your comments. We’d also appreciate your feedback on the following:

  • Does this profile meet your needs?
  • Are there specific sections more/less helpful? 
  • Share any thoughts about the separation of Mission Objective 1 into 1a and 1b (see Section 5).

We encourage you to submit your comments by May 14th using our comment template.

NOTE: A call for patent claims is included on page iv of this draft. For additional information, see the Information Technology Laboratory (ITL) Patent Policy--Inclusion of Patents in ITL Publications.

Abstract

Keywords

Cybersecurity Framework (CSF); elections; risk management; security controls; voter registration; voting; voting systems
Control Families

None selected

Documentation

Publication:
https://doi.org/10.6028/NIST.IR.8310-draft
Download URL

Supplemental Material:
Comment template (xlsx)
NIST News article

Document History:
03/29/21: IR 8310 (Draft)

Topics

Security and Privacy

risk management

Applications

cybersecurity framework, voting