EI-ISAC™ Services

The SitRoom is an online platform designed to facilitate information sharing and reporting of incidents between election offices. The room’s main feature is a chat function which allows election offices to share suspicious activity with others. EI-ISAC analysts maintain a constant presence in the room to assist members with any reported activity.

EDR offers device-level protection and response to strengthen an organization’s cybersecurity program. EDR protects endpoints by providing active defense against cybersecurity threats, blocking both known (signature-based) and unknown (behavior-based) malicious activity, and strengthening endpoint cybersecurity through effective defense against encrypted malicious traffic.
EDR does more than block malicious activity; it can stop an attack in its tracks. EDR takes an active role in mitigating and remediating malware and killing or quarantining files. EDR also tracks actions that resulted in system compromise, empowering organizations to learn how the attack happened to help mitigate future incidents.

EDR is a federally funded cybersecurity solution available to election offices to help secure their endpoints. For more information, contact [email protected].

CIS SecureSuite/CIS WorkBench is available to all members at no cost. It can assist members with enhancing security through system configuration, finding policy templates, and discussing technical questions with other members. Free CIS SecureSuite/CIS WorkBench contains numerous important features designed to help you better secure your environment.

A Vulnerability Disclosure Program (VDP) is a formalized process to receive, validate, remediate, and communicate vulnerability information on specific technology systems from external security researchers. A VDP gives permission to security researchers to ethically find and report vulnerabilities in an organization's public-facing systems such as websites and voter registration databases.

The VDP incorporates the EI-ISAC as a facilitator between security researchers and election offices to help get a VDP started. 

The Cybersecurity Advisory Services Program is a transformative initiative strengthening cybersecurity for the cyber-underserved SLTT organizations managing IT infrastructure in CISA-designated high-priority sectors, including: elections, healthcare, K-12, and water and wastewater systems. Receive tailored advisory services at no cost, addressing your unique challenges. Empower your organization strategically with enhanced cybersecurity posture and maturity.

The CIS Red Team (CRT) aims to proactively identify, validate, and report vulnerabilities and exploits impacting U.S. SLTTs, election offices, and critical infrastructure. With decades of combined experience across multiple industries, CRT provides comprehensive penetration testing services, internal and external network vulnerability assessments, and support through the Vulnerability Disclosure Program.

The Malicious Domain Blocking and Reporting (MDBR) service is offered to EI-ISAC members in partnership with the Cybersecurity and Infrastructure Security Agency (CISA) and Akamai. This service is a protective DNS service (PDNS) that provides an additional layer of cybersecurity protection that is proven, effective, and easy to deploy. MDBR technology prevents IT systems from connecting to harmful web domains, helping limit infections related to known malware, ransomware, phishing, and other cyber threats. This capability can block the vast majority of ransomware infections just by preventing the initial outreach to a ransomware delivery domain.

One of our most popular services is the network monitoring solution known as Albert. Albert is an instrusion detection system (IDS) sensor that monitors network data and sends it to the EI-ISAC for analysis.

The CIS CyberMarket helps SLTT entities improve their cybersecurity posture through expert guidance and cost-effective procurement. It builds public and private partnerships and works to enhance collaboration that improves the nation’s cybersecurity posture. The CIS CyberMarket makes cybersecurity purchasing effective, easy, and economical by providing discounts on training, software, and consulting services.

Through a best practices approach, we aim to help organizations involved in elections better understand what to focus on, know how to prioritize and parse the enormous amount of guidance available on protecting IT-related systems, and engage in additional collaboration to address common threats to this critical aspect of democracy. 

The "Guide for Ensuring Security in Election Technology Procurements” provides a roadmap for election officials and all parties through the procurement process. This guide was first published in 2019 but has been updated in a new format and with updated content. Election officials must procure computer hardware, software, and services necessary to conduct and support elections. 

Experiencing a cybersecurity incident? Even if your elections organization is not yet part of the EI-ISAC, you can reach out to us for help. Learn more about our incident response services.The Incident Response Checklist can help you learn how to identify, respond to, and communicate information about a breach.

DHS Initiatives

On behalf of our EI-ISAC members, CIS coordinates a variety of DHS programs and initiatives:

• Nationwide Cyber Security Review (NCSR), an annual survey that helps SLTTs analyze their cybersecurity posture
• Cyber Resilience Review, Fed VTE, NCATS, Stop.Think.Connect, and more via US-CERT

Homeland Security Information Network Portal

Through the Homeland Security Information Network (HSIN), EI-ISAC members can access a library of cybersecurity resources. This portal also provides contact information and allows for secure email and document sharing.

Election Security Spotlight

A short non-technical explanation of a common cybersecurity term or practice, and its application to elections infrastructure.

Quarterly Threat Report

A summary of event-related data that may be of interest to elections officials, derived from the EI-ISAC’s network monitoring services, information reported by trusted partners, gathered from open sources, and incidents responded to by the EI-ISAC. This report is intended to provide situational awareness of the elections community cyber risk landscape and should be used to assist election officials and their IT staff in their own analysis of the active information security threats facing their organizations.