System Availability Requirements

Maturity Level 1

Ensure Regular Automated Backups

Ensure that all system data is automatically backed up on a regular basis.

Backups of election data should be done on a nightly basis. There may be applications which need to back up data at even higher frequencies during critical election periods.

Applies to: Hosted components

Reference: CIS Security Best Practices for Non-Voting Election Technology 1.4.1

Backup and Failover capabilities

Ensure application and data storage components have fail over options in the event of a service degradation for primary component.

Maturity Level 2

Backup data should be restorable

Verify backup data is restorable by performing a data restoration.

This is important to do once per election or more frequently for some systems.

Applies to: Hosted components

Reference: CIS Security Best Practices for Non-Voting Election Technology 1.4.3

Maturity Level 3

Establish DDoS Mitigation Services With a Third-Party DDoS Mitigation Provider

Obtain third-party DDoS mitigation services.

A number of DDoS protection services have made their offerings available to election jurisdictions. Whether free or at a cost, these services can be very helpful to protect the most critical internet-connected election functions.

Applies to: Hosted components

Reference: CIS Security Best Practices for Non-Voting Election Technology 1.5.6