System Availability Requirements#
Maturity Level 1#
Ensure Regular Automated Backups#
Ensure that all system data is automatically backed up on a regular basis.
Backups of election data should be done on a nightly basis. There may be applications which need to back up data at even higher frequencies during critical election periods.
Applies to: Hosted components
Reference: CIS Security Best Practices for Non-Voting Election Technology 1.4.1
Backup and Failover capabilities#
Ensure application and data storage components have fail over options in the event of a service degradation for primary component.
Maturity Level 2#
Backup data should be restorable#
Verify backup data is restorable by performing a data restoration.
This is important to do once per election or more frequently for some systems.
Applies to: Hosted components
Reference: CIS Security Best Practices for Non-Voting Election Technology 1.4.3
Maturity Level 3#
Establish DDoS Mitigation Services With a Third-Party DDoS Mitigation Provider#
Obtain third-party DDoS mitigation services.
A number of DDoS protection services have made their offerings available to election jurisdictions. Whether free or at a cost, these services can be very helpful to protect the most critical internet-connected election functions.
Applies to: Hosted components
Reference: CIS Security Best Practices for Non-Voting Election Technology 1.5.6