EI-ISAC Charter
I. Overview and Mission
The Elections Infrastructure Information Sharing and Analysis Center (EI-ISAC), as established by the Election Infrastructure Subsector Government Coordinating Council (GCC) in partnership with the U.S. Cybersecurity and Infrastructure Security Agency (CISA), is a critical resource for cyber threat prevention, protection, response and recovery for the nation’s state, local, territorial, and tribal (SLTT) election offices. The EI-ISAC is operated by the Center for Internet Security, Inc.
The mission of the EI-ISAC is to advance the security of critical election infrastructure through an innovative and supportive community. The vision of the EI-ISAC is to have a resilient community equipped to identify and combat threats to democracy.
II. Definitions
- Member: refers to any organization that is either an EI-ISAC Member or Supporting Member, as such membership categories are further defined herein below.
- Primary Contact: the designated individual point of contact (POC) for a Member.
- EI-ISAC Executive Committee Member: an elected EI-ISAC contact chosen to assist in governance for the EI-ISAC.
- EI-ISAC Chairperson and Vice-Chairperson: individuals elected from among the EI-ISAC Executive Committee members to direct the functions of the EI-ISAC Executive Committee. One (1) Chairperson and one (1) Vice-Chairperson representing state members and local members. The EI-ISAC Chairperson and Vice-Chairperson must represent a non-partisan office or be of different political parties. The Chairperson and Vice-Chairperson cannot both represent state members or local members. The EI-ISAC Chairperson and Vice-Chairperson roles and responsibilities include the following:
- Create an environment of objectivity, ensuring attention to all EI-ISAC member organizations;
- Help guide the Executive Committee in providing input to the EI-ISAC strategy;
- To call and preside over Executive Committee meetings;
- To approve Executive Committee meeting agendas;
- Create Executive Committee sub-committees to research/ investigate and make recommendations to the Executive Committee on behalf of the EI-ISAC Membership.
- EI-ISAC Executive Committee Secretariat(s): A senior leader within the Center for Internet Security (CIS) department that is responsible for the EI-ISAC operations shall serve as the EI-ISAC Executive Committee Secretariat(s) duties include the following:
- Executive Committee topic prioritization and outcome scoping;
- Committee agenda development;
- Meeting scheduling, minutes capture, and other meeting record management;
- Provide members with reports, correspondence, and other key artifact development;
- Committee management governance (elections, vacancies, and charter revision);
- Formal vote: refers to an official vote for which it is announced in advance that votes will be counted. Votes may occur during a meeting, via email, or other another form of electronic balloting.
- Data: the information shared by either EI-ISAC or any Member per the terms of this Charter and any additional terms and conditions established by the EI-ISAC, as necessary.
III. Principles of Conduct
- The EI-ISAC is operationally focused and actions will be achieved through:
- Coordination
- Collaboration
- Communication
- Cooperation
- As part of the membership in the EI-ISAC, to achieve a higher state of readiness and resilience to help protect our election infrastructure, each Member will:
- Agree to the above-stated common mission;
- Agree to the EI-ISAC’s philosophy of coordination, collaboration, communication, and cooperation and work collaboratively with all entities within their organization to further promote the collective mission of the EI-ISAC;
- Agree to share appropriate information between and among the Members to the greatest extent possible;
- Agree to collaborate and share across each of the critical sectors to reduce barriers to foster our collective mission;
- Agree to recognize the sensitivity and confidentiality of the information shared and received;
- Agree to protect all sensitive and confidential information received from other Members by taking all necessary steps, which should be at least as great as the precautions each Member takes to protect its confidential information;
- Agree to transmit sensitive data to other Members through the use of agreed-upon secure methods;
- Agree to take all appropriate steps to help protect our election infrastructure.
IV. Membership
There shall be two categories of EI-ISAC membership. An organization shall be eligible for EI-ISAC membership provided the organization meets the following requirements for a category:
- EI-ISAC Member
- Is an SLTT election office or a not-for-profit association whose membership is comprised of representatives of SLTT election offices; and
- The organization has accepted the EI-ISAC Membership Terms and Conditions.
- EI-ISAC Supporting Member
- Is a contractor/vendor hired to directly support the operations and/or maintenance of a SLTT election office IT systems; or
- Is a contractor or other organization whose activities are election-related and is sponsored by a current EI-ISAC SLTT member. EI-ISAC members sponsoring a Supporting Member will be surveyed annually to confirm the continuing relationship; and
- The organization executes the EI-ISAC Supporting Membership Agreement.
- As a Supporting Member, the organization will receive information distributed to all members including: educational materials, event notifications, and cyber alerts. Supporting Members are not entitled to EI-ISAC member services, including, without limitation, incident response services (unless requested by a SLTT entity), federally funded products and services, and member requested research.
- Supporting Members shall be non-voting members of the EI-ISAC.
- Membership of any non-SLTT election office that meets the requirements of either category of membership will be at the discretion of the Executive Committee.
V. Member Representation and Meetings
- Each EI-ISAC Member may appoint up to three (3) Primary Contacts to officially represent them on the EI-ISAC. Up to two (2) of these Primary Contacts must be the chief election official or designated person identified as being responsible for election administration. The other Primary Contact must be the Chief Information Security Officer or designated person identified as being responsible for cyber security duties for the SLTT election office.
- In the event an EI-ISAC Member uses an outside entity to provide IT support, a representative of that external entity may serve as the second Primary Contact to represent the EI-ISAC Member.
- Each Supporting Member may appoint up to two (2) Primary Contacts to officially represent them on the EI-ISAC. One of these Primary Contacts must be directly responsible for providing services or systems to SLTT election offices.
- Members may designate as many individual contacts as they would like to attend and participate in EI-ISAC meetings and functions as appropriate. Contacts for Supporting Members must serve in executive leadership for the Supporting Member or serve in roles that directly support the operations and/or maintenance of SLTT election office IT systems.
- A roster of Members will be maintained by the EI-ISAC and each Primary Contact will keep the information pertaining to their Member organization updated.
- Member Meetings.
- The EI-ISAC shall meet at least four (4) times per year and may meet more often as needed.
- EI-ISAC meetings are open to all members. Members may recommend and with the EI-ISAC Secretariat(s)’ approval, invite guests to attend EI-ISAC meetings.
- Meetings may be held by teleconference, video conference, or a similar medium.
- Recommendations of items to be considered by the EI-ISAC Executive Committee Secretariat(s) or the Executive Committee may be presented by EI-ISAC members at any meeting. A reasonable effort shall be made by those making recommendations to provide any necessary background information associated with the recommendation available to EI-ISAC members prior to the meeting if possible.
- The EI-ISAC will maintain minutes or otherwise record all EI-ISAC meetings; the EI-ISAC Chairperson in consultation with CIS Legal and the EI-ISAC Executive Committee Secretariat(s), meeting minutes and other EI-ISAC developed documents may be released beyond the EI-ISAC membership.
VI. EI-ISAC Executive Committee
- Membership of EI-ISAC Executive Committee
- There shall be an Executive Committee comprised of thirteen (13) voting members. A contact for any SLTT EI-ISAC Member may be nominated to serve on the Executive Committee. There may only be one contact per Member elected to the Executive Committee. The Executive Committee will consist of the following:
- The EI-ISAC Chairperson and Vice Chairperson (elected from the executive committee)
- Six (6) of the committee members shall represent state election officials
- two (2) committee members shall be Secretaries of State or Lieutenant Governors;
- two (2) committee members shall be Senior State/Territorial Election Officials; and
- two (2) committee members shall be IT security leads from the information technology department of state/territorial election offices.
- Seven (7) committee members shall represent local election officials
- five (5) committee members shall be local election officials; and
- two (2) committee members shall be representatives from the information technology department of local election offices.
- The term of Executive Committee members will be two (2) years, and may be renewed for up to three (3) consecutive two (2) year terms. After three (3) consecutive terms, a period of one (1) term must pass before a candidate may run for election. The duties of the EI-ISAC Chair and Vice-chair will be one (1) year.
- There shall be an Executive Committee comprised of thirteen (13) voting members. A contact for any SLTT EI-ISAC Member may be nominated to serve on the Executive Committee. There may only be one contact per Member elected to the Executive Committee. The Executive Committee will consist of the following:
- Election of Executive Committee Members
- Executive Committee members will be voted upon annually by the EI-ISAC members by member survey, in accordance with the following:
- EI-ISAC state and territorial Primary Contacts only will vote for state and territorial Executive Committee positions.
- EI-ISAC local Primary Contacts only will vote for local government Executive Committee positions.
- Candidates with the most votes will be selected for the Executive Committee. In the case of a tie, the current EI-ISAC Secretariat(s) will make the selection.
- Executive Committee Vacancy
- If an Executive Committee member’s employment, election, or appointment to a position changes before the end of their term and no longer meet the requirements for their elected category of Executive Committee membership, or
- an Executive Committee Member otherwise departs the Executive Committee before the end of their term, the seat will be appointed by the Executive Committee from a list of candidates provided by the EI-ISAC Executive Committee Secretariat(s).
- Executive Committee members will be voted upon annually by the EI-ISAC members by member survey, in accordance with the following:
- Observers
- The following organizations may send one (1) designated representative to attend any EI-ISAC Executive Committee meeting as an observer. The organizations must provide contact information for designated representatives to the EI-ISAC Secretariat(s) prior to each meeting.
- US Department of Homeland Security
- Cybersecurity and Infrastructure Security Agency
- U.S. Election Assistance Commission
- National Association of Secretaries of State
- National Association of State Election Directors
- Election Center
- International Association of Government Officials
- National Association of Counties
- National Conference of State Legislators
- Election Infrastructure Subsector Coordinating Council
- Election Infrastructure Subsector Government Coordinating Council
- All observer organizations wishing to attend Executive Committee meetings shall designate a specific representative to attend meetings, but may identify an alternate attendee prior to the meeting.
- The Executive Committee may extend an offer to extend the number of observers at their discretion.
- The following organizations may send one (1) designated representative to attend any EI-ISAC Executive Committee meeting as an observer. The organizations must provide contact information for designated representatives to the EI-ISAC Secretariat(s) prior to each meeting.
- Activities of the Executive Committee
- The Executive Committee will vote on matters brought to its attention by the EI-ISAC Executive Committee Secretariat(s), workgroups, or the membership at large. Each Executive Committee member will have one (1) vote on matters presented for a vote by the Executive Committee. A simple majority will be sufficient to carry the vote.
- The Executive Committee will meet by phone/webcast or in person. Only Executive Committee members, designated observers, assigned EI-ISAC staff, and invited guests are allowed to attend Executive Committee meetings. Attendance or invitations for Executive Committee meetings cannot be delegated to another individual.
- Members of the Executive Committee are expected to be ambassadors for the EI-ISAC by promoting and supporting its mission, by participating in reporting and other activities of the EI-ISAC, and by encouraging other Members to participate in the activities of the organization.
- Executive Committee membership requires active participation to oversee the EI-ISAC mission and support the EI-ISAC membership. Executive Committee members must maintain personal and active participation in Executive Committee meetings and in correspondence requirement review and response. Executive Committee Members may be subject to removal from their position by the EI-ISAC Executive Committee Secretariat in coordination with the EI-ISAC Co-Chairperson if a member misses three meetings during a calendar year.
- The Executive Committee will help to develop and approve the goals of all workgroups.
- The Executive Committee will be responsible for developing policies and procedures for the operations of the EI-ISAC as necessary, including, without limitation, identifying the scope of services provided by the EI-ISAC.
- The Executive Committee will be responsible for advising the EI-ISAC Chair and Vice-chair and EI-ISAC Executive Committee Secretariat(s) on the strategic direction of the EI-ISAC.
- Executive Session
- Any Executive Committee Member or Secretariat(s) may call an executive session during Executive Committee Meetings. At this time, all Non-Executive Committee members, excluding Secretariat(s), must exit the meeting.
- Workgroups
- The Executive Committee may appoint workgroups or subcommittees to deal with specific matters. At least the Chair or the Vice-Chair of the workgroup will be an Executive Committee member. Participants in the workgroup may include subject matter experts from entities that are not Members.
VII. Information Sharing Protocol for EI-ISAC Members
- All Data provided by any Member or the EI-ISAC shall include an information sharing designation in accordance with the CISA Traffic Light Protocol (TLP). In the event that Data is shared by the Member or EI-ISAC and such Data does not include a TLP designation, it shall be considered as having been designated TLP Red unless and until subsequently, the entity sharing the Data changes the designation.
- Notwithstanding the foregoing, all Data provided by Members may be shared with EI-ISAC’s federal partners (including, without limitation, the U.S. Department of Homeland Security), and may be shared with other Members provided that the Data is anonymized and not attributable to any individual Member.
VIII. Amendment to the Charter; Dissolution
- Any changes made to this Charter must be approved by a majority vote of the Executive Committee members voting, provided that at least five (5) days’ notice of such change shall be given to each Executive Committee member before the meeting at which such change shall be considered.
- Upon the recommendation of the Executive Committee, the EI-ISAC may be dissolved by a vote of a majority of the EI-ISAC Members voting on the resolution, provided that at least twenty (20) days’ advance notice of such vote shall be given to Members before the date of the scheduled vote.
Document Management
- Original Charter Adopted February 2019
- Updated Version Adopted January 2020
- Updated Version Draft November 2021