Prioritizing Best Practices#

No one wants to suffer a cybersecurity incident. The intent to protect networks is universal, but resource limitations leave many organizations facing perhaps the most difficult question in all of cybersecurity: What do I do next?

This section prioritizes best practices by mapping each maturity level to the priority best practices that should be implemented by an election office at that maturity level.

Level 1 Maturity#

If you are at the Level 1 maturity, your first goal should be to commit to incrementally improving your maturity. This is about setting simple goals: complete one simple task a week, implement one best practice a month, and set aside a minimum set of resources dedicated to cybersecurity every quarter. Whatever helps you make progress.

Level 1 Maturity Baseline Priorities#

The following is the list of priority actions at the Level 1 maturity. If you are at the Level 1 maturity, we recommend starting with these to establish a baseline of cyber hygiene.


  1. Download and complete the worksheets for Level 1 maturity baseline. There are ten worksheets, all in one downloadable file.

    • Together, these fulfill all of the Level 1 baseline priorities. In the table below, the left column is the name of a Level 1 maturity worksheet described here. On that page you can download one file with all ten worksheets. The middle column gives the relevant best practice in this Guide for the worksheet tab, and the right columns lists the actions within that best practice that are fulfilled by completing the worksheet tab.


Best Practice (Actions from the Best Practice Adressed by the Worksheet)

  • Hardware Inventory

  • Software Inventory

  • Data Inventory

  • Service Provider Inventory

  • Account Inventory

Asset Management (Action #1)

Asset Protection

Account Security

User Management (All Actions under User Recommendations)

Backup & Recovery

Backups (Action #1)

Incident Response

Incident Response (Actions #1 and #4)

Cyber Education

Building and Managing Staff (Actions #2 and #3)

While the needed effort can vary greatly depending on the size of your office and number of assets (computers, software, etc.), each worksheet is built to take no more than four hours the first time around and as little as 15 minutes each subsequent time. A suggestion: set aside time to do one a week until you’ve got them all done; then they’re easy to repeat.

Level 1 Maturity Election Priorities#

In addition to the above, you should be implementing some measures of particular importance to the election community:

  1. Join the EI-ISAC.

  2. Protect your website with simple and free tools.

  3. Implement an endpoint protection program through a commercial provider or for free through the EI-ISAC.

  4. Implement the malicious domain blocking and reporting tool for free through the EI-ISAC.

  5. Manage your removable media.

Level 2 and Level 3 Maturities#

More mature organizations should take a more sophisticated approach to prioritizing best practice implementation.

The CIS Community Defense Model#

To help organizations determine where to invest their next dollar in cybersecurity, CIS developed the Community Defense Model (CDM). The CDM was created to help answer that and other questions about the value of the CIS Controls based on currently available threat data from industry reports. Ready more about the CIS Controls in the CIS Controls best practice.

Using authoritative data sources like the Verizon Data Breach Investigations Report, CIS identified the top attack types that enterprises should defend against.

For CDM 2.0, the top five attack types are:

  1. Malware

  2. Ransomware

  3. Web Application Hacking

  4. Insider and Privilege Misuse

  5. Targeted Intrusions

Certain techniques are used to execute each of these types of attacks. The CDM uses the MITRE ATT&CK framework to cateogize these techniques and sub-techniques. These are mapped to mitigations, such as the Safeguards contained with the CIS Controls and the actions within this Guide’s best practices, that protect against one or more sub-technique.

Using real world data, the CDM determines which Safeguards are the most efficient–the Safeguards that mitigate the most sub-techniques and thus, when implemented, are most likely to stop any given attack.

In the table below, we map the highest efficiency Safeguards from the CIS Controls to the best practices in this Guide to establish the priority best practices. For more details on the efficiency rankings, see Figure 13 of the CDM 2.0.

Mapping of the Most Efficient Safeguards to Priority Best Practices#



Safeguard Title

Essential Guide Best Practice



Establish and Maintain a Secure Configuration Process

Managing Infrastructure



Manage Default Accounts on Enterprise Assets and Software

Managing Infrastructure



Disable Dormant Accounts

User Management



Establish an Access Granting Process

User Management



Establish an Access Revoking Process

User Management



Restrict Administrator Privileges to Dedicated Administrator Accounts

Managing Infrastructure



Remediate Penetration Test Findings

[Coming in 2022Q3 update]



Perform Periodic Internal Penetration Tests

[Coming in 2022Q3 update]



Define and Maintain Role-Based Access Control

User Management



Uninstall or Disable Unnecessary Services on Enterprise Assets and Software

Managing Infrastructure



Segment Data Processing and Storage Based on Sensitivity

[Coming in 2022Q3 update]



Use Unique Passwords

User Management



Require MFA for Remote Network Access

Managing Remote Connections



Require MFA for Administrative Access

User Management



Maintain Dedicated Computing Resources for All Administrative Work

Managing Infrastructure



Address Unauthorized Software

Asset Management



Allowlist Authorized Software

Asset Management



Maintain a Secure Configuration Process for Network Infrastructure

Managing Infrastructure



Implement and Manage a Firewall on Servers

Firewalls and Port Restrictions



Require MFA for Externally-Exposed Applications

User Management

The best practices in the right column are listed as priority actions in the best practice index and should be implemented first for the Level 2 and Level 3 maturities.