To help secure our elections, NIST has released Draft NISTIR 8310, Cybersecurity Framework Election Infrastructure Profile. This Profile provides a voluntary, risk-based approach for managing cybersecurity activities and reducing cyber risk to election infrastructure. The Profile is meant to supplement but not replace current cybersecurity standards and industry guidelines available to election officials.

This profile can be used in several ways, including the following: 

• To highlight and communicate high priority security expectations,
• To perform a self-assessment comparison of current risk management practices, or
• As a baseline profile or example profile to reference when developing one’s own.

We look forward to reviewing all of your comments. We’d also appreciate your feedback on the following:

• Does this profile meet your needs?
• Are there specific sections more/less helpful? 
• Share any thoughts about the separation of Mission Objective 1 into 1a and 1b (see Section 5).

A public comment period on this draft is open through May 14, 2021.  See the publication details to download a copy of the document and a comment template.

NOTE: A call for patent claims is included on page iv of this draft. For additional information, see the Information Technology Laboratory (ITL) Patent Policy--Inclusion of Patents in ITL Publications.