Date Published: March 2021
Comments Due: May 14, 2021 (public comment period is CLOSED)
Email Questions to: NISTIR-8310-comments@nist.gov

Author(s)

Mary Brady (NIST), Gema Howell (NIST), Christina Sames (MITRE), Marc Schneider (MITRE), Julie Snyder (MITRE), David Weitzel (MITRE), Joshua Franklin (The Turnout)

Announcement

To help secure our elections, NIST has released Draft NISTIR 8310, Cybersecurity Framework Election Infrastructure Profile. This Profile provides a voluntary, risk-based approach for managing cybersecurity activities and reducing cyber risk to election infrastructure. The Profile is meant to supplement but not replace current cybersecurity standards and industry guidelines available to election officials.

This profile can be used in several ways, including the following: 

• To highlight and communicate high priority security expectations,
• To perform a self-assessment comparison of current risk management practices, or
• As a baseline profile or example profile to reference when developing one’s own.

We look forward to reviewing all of your comments. We’d also appreciate your feedback on the following:

• Does this profile meet your needs?
• Are there specific sections more/less helpful? 
• Share any thoughts about the separation of Mission Objective 1 into 1a and 1b (see Section 5).

We encourage you to submit your comments by May 14th using our comment template.

NOTE: A call for patent claims is included on page iv of this draft. For additional information, see the Information Technology Laboratory (ITL) Patent Policy--Inclusion of Patents in ITL Publications.

Control Families

None selected