Update: The Secretary of State's office staff have completed security awareness training for the last two years.
All SOS public facing web application are being scanned for vulnerabilities. SOS servers are being scanned for OS and web vulnerabilities. Web application firewall rules and carbon black are in blocking mode. The SOS website has layers of security on WordPress: multifactor authentication, cloudflare, webARX (a WP specific firewall).
Objectives
-
Develop a System Security Plan
Update: The Secretary of State's office partnered with SITSD to develop system security plans for 2 of our most critical applications. 1. MT VOTES - Statewide Voter Registration system used by State and County employees to track and verify voter registration information across Montana. 2. eSERS - enterprise software solution used for the Montana Secretary of State Elections Division for the reporting of election results.
-
Fully Implement MultiFactor Authentication for State and County Employees
Update: Multifactor Authentication has been fully implemented for county election staff and all Secretary of State employees. In addition, the Secretary of States office has required security awareness training for all SOS staff and county election staff.
-
Protect Secretary of State Systems by leveraging partnerships established by MT-ISAC to enhance information sharing, outreach and risk awareness.
Update: The Secretary of State's office has utilized the information sharing from the MT-ISAC to inform and educate State staff, county election employees, and our vendors on existing vulnerabilities and the importance of securing our systems. The Secretary of State have taken opportunities provided by the MT-ISAC, MS-ISAC and EI-ISAC, such as the annual Table Top the Vote 2020. In addition, we have completed two Risk and Vulnerability tests through the Department of Homeland security.