Template #2Item No. Due Date Directive Requirement Solution
being Implemented Status
(Select from Drop-Down List)Expected Completion
Time Frame
Who is Performing Implementation;(Select from Drop-Down
List)
If Vendor, Name of VendorVendor Contact Information(Name of
Contact, Phone number, & Address)
Comments
DHS Services:
Physical Security Assessment
Risk and Vulnerability Assessment
Remote Penetration Testing
Validated Architectural Design Review
Cyber Threat Hunt
Cyber Hygiene Scans
Phishing Campaign Assessment
Under Workstation and Server Hardening / Patching: Workstations
upgraded to Windows 10 enterprise edition
Under Workstation and Server Hardening / Patching: Upgrade
Servers Running Windows Server 2008 R2 or older to Windows Server
2016
3 January 31, 2020 Board of Election Electronic Mail
4 January 31, 2020Websites to ".gov" or ".us" addresses
5 January 31, 2020 Network Protection
6 January 31, 2020 Network Scanning
[Choose Board of Elections from Dropdown List]
1 July 19, 2019
January 13, 20202
BOE Progress
[Choose Board of Elections from Dropdown List]
Item No.Due DateDirective Requirement Solution being
ImplementedStatus(Select from Drop-Down List)Expected Completion
Time FrameWho is Performing Implementation;(Select from Drop-Down
List)If Vendor, Name of VendorVendor Contact Information(Name of
Contact, Phone number, & Address)Comments
1July 19, 2019DHS Services:
Physical Security Assessment
Risk and Vulnerability Assessment
Remote Penetration Testing
Validated Architectural Design Review
Cyber Threat Hunt
Cyber Hygiene Scans
Phishing Campaign Assessment
2January 13, 2020Under Workstation and Server Hardening /
Patching: Workstations upgraded to Windows 10 enterprise
edition
Under Workstation and Server Hardening / Patching: Upgrade
Servers Running Windows Server 2008 R2 or older to Windows Server
2016
3January 31, 2020Board of Election Electronic Mail
4January 31, 2020Websites to ".gov" or ".us" addresses
5January 31, 2020Network Protection
6January 31, 2020Network Scanning
7January 31, 2020Network Segmentation
8January 31, 2020Device Whitelisting
9January 31, 2020Access Control
10January 31, 2020Strong Passwords and MFA
11January 31, 2020Wireless Device Security
12January 31, 2020Vulnerability Scanning
13January 31, 2020Network Intrusion Detection
14January 31, 2020Asset Management
15January 31, 2020Application Whitelisting
16January 31, 2020Data Encryption
17January 31, 2020Secure Channels for Remote Access
18January 31, 2020Security Information and Event Management
(SIEM)
19January 31, 2020Secure Storage of Baseline Configurations
20January 31, 2020Criminal Background Checks
21January 31, 2020USB Hygiene
22January 31, 2020Security Awareness Training
23January 31, 2020Malware Management
24January 31, 2020Workstation and Server Hardening /
Patching
25January 31, 2020Physical Security for Election IT
Equipment
26January 31, 2020Requirements for Elections Infrastructure
Vendors
27January 31, 2020Backups of VR InformationPlease provide
information detailing how Voter Registration data is backed up and
state if the back up is stored on site or at an offsite
location.
&"-,Bold"&14Security Directive Implemetation Progress
Report
Example Information
Franklin County Board of Elections
Item No.Due DateDirective Requirement Solution being
ImplementedStatus(Select from Drop-Down List)Expected Completion
Time FrameWho is Performing Implementation;(Select from Drop-Down
List)If Vendor, Name of VendorVendor Contact Information(Name of
Contact, Phone number, & Address)Comments
1July 19, 2019DHS Services:Signed up for this service with
DHSCompleteJuly 19, 2019
Physical Security AssessmentSigned up for this service with
DHSCompleteJuly 19, 2019
Risk and Vulnerability AssessmentSigned up for this service with
DHSCompleteJuly 19, 2019
Remote Penetration TestingSigned up for this service with
DHSCompleteJuly 19, 2019
Validated Architectural Design ReviewSigned up for this service
with DHSCompleteJuly 19, 2019
Cyber Threat HuntSigned up for this service with DHSCompleteJuly
19, 2019
Cyber Hygiene ScansSigned up for this service with
DHSCompleteJuly 19, 2019
Phishing Campaign AssessmentSigned up for this service with
DHSCompleteJuly 19, 2019
2January 13, 2020Under Workstation and Server Hardening /
Patching: Workstations upgraded to Windows 10 enterprise
editionUpgrading existing Win 10 Pro workstations to Win 10
enterprise.Will replace 3 Windows 7 workstations that are too old
to upgrade to Windows 10 enterprise.In ProcessEnd
SeptemberVendorComputers Inc.Michael Computer: 513-444-444465 Vine
St. Cincinnati OH 45221
Under Workstation and Server Hardening / Patching: Upgrade
Servers Running Windows Server 2008 R2 or older to Windows Server
2016Servers are running Windows 2012 R2CompleteN/AN/AN/A
3January 31, 2020Board of Election Electronic MailCounty BOE
email is being migrated to a ".gov" domain. In ProcessEnd October
2019County ITN/A
4January 31, 2020Websites to ".gov" or ".us" addressesBOE
website is being migrated to ".gov" domainNot
StartedTBDVendorWebsites LLCLisa Website: 614 333-333315 Broad St.
Columbus OH 43215
5January 31, 2020Network ProtectionInstalling Sophos XG125WIn
ProcessEnd August 2019VendorABC Network CompanyDave Network:
614-555-555565 East 1st St. Columbus OH 43215
6January 31, 2020Network ScanningSIEM Sensor (NUC) and SIEM
Software AlienVault Anywhere Scan network weekly and review scanNot
StartedTBDSecretary of State's OfficeN/A
7January 31, 2020Network SegmentationInstallling and configuring
Sophos XG125W and HP Aruba POE Managed SwitchIn ProcessEnd August
2019VendorABC Network CompanyDave Network: 614-555-555565 East 1st
St. Columbus OH 43215
8January 31, 2020Device WhitelistingInstalling an HP Aruba POE
Managed Switch - 24 portIn ProcessEnd August 2019ABC Network
CompanyDave Network: 614-555-555565 East 1st St. Columbus OH
43215
9January 31, 2020Access ControlImplementing a domain controller,
group policies, and remote access via VPN with MFAIn
ProcessBeginning Sept 2019VendorABC Network CompanyDave Network:
614-555-555565 East 1st St. Columbus OH 43215
10January 31, 2020Strong Passwords and MFAAll BOE email and
official social media accounts are changing to 15 characters or
more passphrases using upper and lower case letters as well as
numbers. MFA is being impmlemented for remote access and admin
accounts, accounts accessing or modifying voter registration data
and election systems, and board of elections email using Google
AuthenticatorIn ProcessBeginning Sept 2019VendorABC Network
Company
11January 31, 2020Wireless Device SecurityWireless network uses
WPA2 with AES encryption and the network name does not identify
what it is uses for (i.e. it is not "PollPad".Passwords are changed
every 90 days and are 15 characters using using upper and lower
case letters, numbers and special characters.CompleteN/AN/A
12January 31, 2020Vulnerability ScanningRegularly run a
SCAP-compliant vulnerability scanner with AlientVault Anywhere and
ensure reviewedNot StartedTBDSecretary of State's OfficeN/A
13January 31, 2020Network Intrusion DetectionInstall MS-ISAC
Albert sensorNot StartedTBDSecretary of State's OfficeN/A
14January 31, 2020Asset ManagementMaintain detailed maintenance
record of all system componentsIn ProcessBeginning Sept 2019
15January 31, 2020Application WhitelistingConfiguring in Sophos
firewallIn ProcessEnd August 2019VendorABC Network CompanyDave
Network: 614-555-555565 East 1st St. Columbus OH 43215
16January 31, 2020Data EncryptionAll Personally identifiable
information (PII) such as SSN and drivers license numbers are
encrypted at all times and all data transfer is done via a secure
FTP.
17January 31, 2020Secure Channels for Remote AccessSecure
protocols for all remote connections to the system (TLS, IPSEC)
will be implementedIn ProcessEnd August 2019VendorABC Network
CompanyDave Network: 614-555-555565 East 1st St. Columbus OH
43215
18January 31, 2020Security Information and Event Management
(SIEM)SIEM Sensor (NUC) and SIEM Software AlienVault Anywhere -
MonitoringNot StartedTBDSecretary of State's OfficeN/A
19January 31, 2020Secure Storage of Baseline ConfigurationsWill
store secure baseline configurations on approved USB device and
securely deploy baseline configurations
20January 31, 2020Criminal Background ChecksIn ProcessEnd
OctoberLocal Police DepartmentN/A
21January 31, 2020USB HygieneWill utilize approved USB devices
from Secretary of State OfficeNot StartedTBD
22January 31, 2020Security Awareness TrainingWill request and
take KnowBe4 Training through Secretary of State's OfficeNot
StartedEnd OctoberSecretary of State's Office
23January 31, 2020Malware ManagementInstalling Sophos EndPoint
protection SW on workstations and serverIn ProcessEarly
SeptemberVendorComputers Inc.Michael Computer: 513-444-444465 Vine
St. Cincinnati OH 45221
24January 31, 2020Workstation and Server Hardening /
Patching:All workstations and servers have been hardened per CIS
standards. Workstations are running Windows 10 enterprise edition
and updated automatically. Servers are running Windows Server 2016
and are patched monthly.In ProcessEarly OctoberVendorComputers
Inc.Michael Computer: 513-444-444465 Vine St. Cincinnati OH
45221
25January 31, 2020Physical Security for Election IT EquipmentThe
voter registration server will not be a workstation going forward.
A separate workstation will be purchased.The voter registration
server, network equipment, and any other related election
equipment, other than individual workstations will be moved to a
physically secure/locked room and will not be used for email or
internet.In ProcessEnd SeptemberCounty IT and VendorComputers
Inc.Michael Computer: 513-444-444465 Vine St. Cincinnati OH
45221
26January 31, 2020Requirements for Elections Infrastructure
VendorsWe will work with the voter registration vendor and any
vendors with remote access to ensure they are compliantNot
StartedEnd SeptemberVendorVR Vendor:Computers Inc.Michael Computer:
513-444-444465 Vine St. Cincinnati OH 45221
27January 31, 2020Backups of VR InformationAutomatically backed
up nightly by VR vendor and stored off siteCompleteN/AVendorPlease
provide information detailing how Voter Registration data is backed
up and state if the back up is stored on site or at an offsite
location.
&"-,Bold"&14Security Directive Implemetation Progress
Report
Source Lists
[Choose Board of Elections from Dropdown List]Not StartedBoard
IT
Adams County Board of ElectionsIn ProgressCounty IT
Allen County Board of ElectionsCompleteVendor
Ashland County Board of ElectionsSecretary of State's Office
Ashtabula County Board of Elections
Athens County Board of Elections
Auglaize County Board of Elections
Belmont County Board of Elections
Brown County Board of Elections
Butler County Board of Elections
Carroll County Board of Elections
Champaign County Board of Elections
Clark County Board of Elections
Clermont County Board of Elections
Clinton County Board of Elections
Columbiana County Board of Elections
Coshocton County Board of Elections
Crawford County Board of Elections
Cuyahoga County Board of Elections
Darke County Board of Elections
Defiance County Board of Elections
Delaware County Board of Elections
Erie County Board of Elections
Fairfield County Board of Elections
Fayette County Board of Elections
Franklin County Board of Elections
Fulton County Board of Elections
Gallia County Board of Elections
Geauga County Board of Elections
Greene County Board of Elections
Guernsey County Board of Elections
Hamilton County Board of Elections
Hancock County Board of Elections
Hardin County Board of Elections
Harrison County Board of Elections
Henry County Board of Elections
Highland County Board of Elections
Hocking County Board of Elections
Holmes County Board of Elections
Huron County Board of Elections
Jackson County Board of Elections
Jefferson County Board of Elections
Knox County Board of Elections
Lake County Board of Elections
Lawrence County Board of Elections
Licking County Board of Elections
Logan County Board of Elections
Lorain County Board of Elections
Lucas County Board of Elections
Madison County Board of Elections
Mahoning County Board of Elections
Marion County Board of Elections
Medina County Board of Elections
Meigs County Board of Elections
Mercer County Board of Elections
Miami County Board of Elections
Monroe County Board of Elections
Montgomery County Board of Elections
Morgan County Board of Elections
Morrow County Board of Elections
Muskingum County Board of Elections
Noble County Board of Elections
Ottawa County Board of Elections
Paulding County Board of Elections
Perry County Board of Elections
Pickaway County Board of Elections
Pike County Board of Elections
Portage County Board of Elections
Preble County Board of Elections
Putnam County Board of Elections
Richland County Board of Elections
Ross County Board of Elections
Sandusky County Board of Elections
Scioto County Board of Elections
Seneca County Board of Elections
Shelby County Board of Elections
Stark County Board of Elections
Summit County Board of Elections
Trumbull County Board of Elections
Tuscarawas County Board of Elections
Union County Board of Elections
Vanwert County Board of Elections
Vinton County Board of Elections
Warren County Board of Elections
Washington County Board of Elections
Wayne County Board of Elections
Williams County Board of Elections
Wood County Board of Elections
Wyandot County Board of Elections
