The National Institute of Standards and Technology (NIST) on Monday released a draft framework for a voluntary, risk-based approach to cyber security for the election infrastructure community.
The new draft guidance, Cybersecurity Framework Election Infrastructure Profile (Draft NISTIR 8310), is targeted at election officials, developers and manufacturers of voting systems, and other stakeholders, including the public.
The draft framework is derived from the original NIST Cybersecurity Framework, which was published in 2014 through a partnership between the public and private sector to provide basic standards and best practices for entities to voluntarily adopt.
“This is the first time we have looked at the entire election infrastructure and put together a cybersecurity playbook,” NIST’s Gema Howell, one of the authors of the new draft, said in a statement. “We start by helping you think about the election objectives you want to accomplish. Then we help you think through how to prioritize your cybersecurity needs based on those objectives. Once you’re there, we provide informative resources to mitigate your cybersecurity risks.”