How we secure Arizona's elections
-
System Access
Only authorized state and county elections officials have access to the Arizona Voter Information Database (AVID), and all authorized users are required to log in using multi-factor authentication (MFA).
-
Protective Controls
AVID is hosted on secured servers that provide 24/7 monitoring and threat mitigation against attacks such as DDoS, SQL injections, unauthorized access attempts, and brute force attacks. Data is protected in transit using TLS encryption and is encrypted upon receipt and storage.
-
Environment and Hosting
The Azure Government Cloud offers Distributed Denial of Service (DDoS) protection with Always-On Traffic Monitoring and Real Time threat mitigation. All of AVID is monitored using advanced security threat detection that protects against SQL injections, unusual location access, and brute force attacks. Further, data is protected in transit using TLS encryption as well as being encrypted when the data is at rest.
-
Logging and Monitoring of All Database Traffic
Any changes made to voter registration records in AVID are logged for auditing purposes.
-
Disaster Prevention and Recovery
We maintain frequent backups of our voter registration database to ensure that we can maintain continuity of operations with no loss of data. All our systems are regularly scanned for any vulnerabilities.
-
Adherence to Industry Standards
AVID was designed to meet the National Institute of Standards and Technology (NIST) security controls and associated assessment procedures defined in NIST SP 800-53 Revision 5 Recommended Security Controls for Federal Information Systems and Organizations.
-
Security Awareness Training for County Users
Election staff receive security awareness training through the Secretary of State's election security training exercises and monthly meetings to ensure that they are aware of emergent threats and are prepared to respond appropriately.
-
AZSOS Websites
Our websites are behind web application firewalls, which protect us from DDoS and other attacks. We use secure coding techniques and host most of our election-related web content in the cloud to further boost redundancy and availability.
-
AZSOS Office Networks
We use industry standard technology to secure our networks, and our security is continually assessed and enhanced with help from the Arizona Department of Administration, the U.S. and Arizona Department of Homeland Security, Cybersecurity & Infrastructure Security Agency, Arizona National Guard and private sector security companies. Our staff is well-trained in cybersecurity awareness and phishing email detection.
Uniformed and Overseas Citizens can transmit their Federal Post Card Applications (FPCA) and Federal Write-In Absentee Ballots (FWAB) to the County Recorders using a secure portal. Our UOCAVA systems are on secured servers that provide 24/7 monitoring and threat mitigation against attacks such as DDoS, SQL injections, unauthorized access attempts, and brute force attacks. Ballots are securely transmitted using TLS encryption.
-
Certification Requirements
All equipment used in Arizona must be certified by both the US Election Assistance Commission (EAC) and the Secretary of State's Equipment Certification Advisory Committee to ensure that it meets both federal and state-specific requirements.
-
Decentralization = No Single Point of Access
In Arizona, elections are conducted independently by each of the 15 counties and overseen by the AZ Secretary of State. Election systems in each county are designed to meet the county's individual needs, which means that our election systems are unique and decentralized and cannot be compromised by a single point of access.
-
Logic and Accuracy Testing
Before voting starts, county election officials conduct logic and accuracy testing on each piece of voting equipment to make sure that ballots will be marked and counted correctly. In addition, the Secretary of State's Office also performs a logic and accuracy test of a sample of voting and tabulation equipment at each county before each election.
-
Paper Ballots
In Arizona, no matter how one votes, there will be a piece of paper to visually verify holds the correct vote.
-
Isolated Election Systems
In Arizona, election systems (computerized systems that program elections and count votes) are air-gapped, meaning that they are never connected to other networks, such as the internet or office networks.
-
Logic and Accuracy Testing (L&A)
L&A tests ensure that all marks on a ballot are read correctly by the tabulation equipment. County officials test each piece of voting equipment that will be used in their jurisdiction before and after the election. The Arizona Secretary of State's office conducts a separate L&A test on a statistically significant sample of voting equipment in each county. L&A tests are observed by representatives of the recognized political parties in Arizona. Only equipment that passes will be certified and used in the election.
-
Paper Ballots
No matter what method of voting is used, Arizona voters cast paper ballots. Using paper ballots ensures that there is a verifiable and auditable record of votes cast in each election in Arizona.
-
Contingency Planning
If something happens on or near election day, county election officials have emergency operations plans (EOP) in place to ensure eligible voters can still cast a ballot and that ballots can still be counted.
-
Post-Election Hand Count Audits
County election officials perform a random, post-election audit on selected races to validate results. Recognized political parties typically observe and participate in these audits.
-
Cyber and Physical Fortification
Arizona uses a variety of federal and state grants to continuously improve state and county election security. These grants have been used to acquire state-of-the-art cybersecurity and threat assessment tools, improve physical security at election facilities, and assist with statewide training opportunities for election officials. The Statewide Cyber Readiness Program from the Arizona Department of Homeland Security also provides counties with free cybersecurity assistance, trainings, and phishing testing services.
-
Election Officer Certification
Arizona election staff are required to be certified by the Secretary of State's Office to run elections. The initial certification is a week-long intensive program that trains elections staff on election law, procedures, and best practices and staff are required to renew their certification prior to each election cycle.
-
Chain of Custody and Logging
Federal and state law requires Arizona counties to maintain chain of custody for election equipment and materials, including ballots. These items are stored in secure facilities in accordance with statute and there are multiple security controls to ensure these items remain secure.
-
Audit Procedures
Arizona adopts a multi-layered approach to protecting Elections. The auditing procedures adopted by all 15 counties are one such layer. Examples of audits utilized in Arizona's elections include: verification that the county election program hasn't been altered or corrupted during transmission or storage, individual Logic and Accuracy tests conducted by the State and the County, signature verification to ensure each voter is a qualified elector and only votes once in each election, auditing boards made up of Election Administrators who ensure poll worker calculations match machine totals, serialized tamper-evident seals that are placed on Elections equipment and verified on delivery, return, and throughout election day, and Hand Count procedures that include party representatives verifying machine vote totals. Although each county may adopt additional auditing processes, a comprehensive accounting of the required auditing processes in Arizona may be found in the Arizona Elections Procedures Manual.
-
Filing Election Programs with AZ SOS
The AZ SOS maintains election backups for each county, which can be used to restore operations.
It is vitally important that we help candidates and other political entities to protect themselves. The Secretary of State's Office has produced a guide titled "Cybersecurity tips for candidates, parties and PACs" that gives cybersecurity guidance specifically targeted for these entities.
-
Tamper Evident Envelopes and Ballot Tracking
In Arizona, counties utilize tamper evident envelopes for mailed ballots. Voters can verify whether their mail ballot has been sent to them and whether it has been accepted by the county after it has been mailed back through the Arizona.Vote portal.
-
Security of Ballot Drop-Off Locations and Drop-Boxes
Ballot drop-off locations and drop-boxes must comply with security requirements and procedures outlined in the Elections Procedures Manual.
-
Signature Verification
Every ballot-by-mail is authenticated through a rigorous signature verification process conduct by trained election staff.
-
Criminal Penalties for Misconduct
Arizona law imposes severe criminal penalties for ballot tampering, vote buying, or discarding someone else's ballot.
-
Building Strong Relationships
Fostering trust, collaboration, and communication between the many stakeholders in Arizona's election community helps keep the voting jurisdictions within the state up-to-date, prepared, and cohesive. All 15 counties in Arizona are members of the Election Infrastructure Information Sharing and Analysis Center (EI-ISAC) and receive alerts, guidance, and security services from federal agencies.
-
Security Training and Exercises
The Secretary of State's Office provides cybersecurity and election security training for our county partners and hosts election security preparedness exercises.
-
Incident Response and Communication Plan
The Secretary of State's Office has worked with representatives from the counties to draft an election incident response plan that can be implemented by every county.
-
AZSOS Public Education Campaign
Our largest threat to fair and secure elections today is "information operations", a term that means presenting misinformation about candidates, issues, election officials, or election processes in an attempt to influence election outcomes or public perception about the accuracy of elections themselves. In 2024, we will be investing time and resources to inform Arizonans to be aware of how to spot and report mis-, dis- and malinformation, including information created by Generative AI such as deepfakes, false images, and audio manipulation. The increasing accessibility of generative AI is going to increase the quality, quantity, and urgency of MDM available to bad actors.
-
Verified Social Media Accounts
AZSOS maintains official social media accounts on Twitter/X, Facebook, and Instagram, and each account has been officially verified by the platforms. AZSOS does not have official accounts on other platforms. Verifications on the platform help ensure that voters are getting information from official sources and not malicious actors. We are also working with county election officials to verify their official social media accounts and ensure all accounts are protected by multi-factor authentication (MFA).
-
Social Media Response Plans
The primary goals of a social media plan should be to distribute accessible, correct information, and at the same time challenge and correct misinformation.
-
Coordinating with Civic Engagement Organizations
Civic engagement organizations often work directly with voters. Developing strong relationships with groups in the time leading up to an election is crucial to establishing credibility and communication.
-
Update/Confirm Voter Registration Status
Voters can verify the accuracy of their voter registration record and make any necessary updates by visiting www.arizona.vote and/or contacting the Secretary of State or their County Recorder.
-
Understanding the Right to Vote
The best response to attempts to disrupt our elections or spread misinformation that discourages voting is for voters to continue to register and exercise their right to vote. Voters have a right to a ballot, even if its provisional, have a right to vote if they are in line by the close of polls, and can request and receive assistance to support them in exercising their right to vote.
-
Know Trusted Sources for Election Information
It is important to always get information about when and how to vote from trusted sources. Voters can find accurate information on voting from Arizona.Vote, the AZSOS and their local county election offices.
-
Being Ballot Aware
Voters should be aware of relevant laws related to returning of ballots, as well as deadlines for returning ballots by mail or dropping it off in-person.
-
Beware of Sensationalist News Stories
Get your information about elections from impartial, reliable news sources. Mis-, dis-, and malinformation about elections will be shared about the 2024 election and it is important to make sure that you have access to accurate information about how and where to vote. Generative AI will make this content more difficult to recognize, so here are some things to consider when evaluating information and new stories:
- When was it published?
- Does the article or information seem plausible?
- Who is the author and where are they getting their information?
- Is the information available from multiple reliable and impartial sources?
- Do the images, videos, or audio included seem manipulated in any way?
If you choose to share information or articles about the 2024 election, make sure you're sharing information from reputable sources.
_________
Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat.
Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat.
Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat.
Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat.
Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat.
Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat.
Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat.
Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat.
Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat.