Section 6805 of the FY2025 NDAA — signed by President Trump on December 18, 2025 — is titled "Requiring Penetration Testing as Part of the Testing and Certification of Voting Systems." It amends the Help America Vote Act of 2002 (HAVA) to formally require that voting system hardware and software undergo penetration testing conducted by an accredited laboratory as a condition of certification, decertification, and recertification.
The Election Systems Assurance & Verification Academy (ESAVA) provides professional training on election systems processes related to security, testing, verification, certification and the knowledge and skills to interpret cybersecurity testing and audit results correctly and support federal certification, oversight, and remediation processes. The program is designed for individuals who interact directly with election systems or election oversight, including:
- State and county election officials
- Election IT and security staff
- Independent auditors and compliance professionals
- Cybersecurity practitioners working in critical infrastructure
- Voting system vendors and integrators
- Attorneys, judges, and legislative oversight staff involved in election law
ESAVA curriculum is structured as a stacked certification program, progressing from foundational knowledge to applied verification. Key areas include:
- Election system architecture and governance (federal, state, county roles)
- Legal and regulatory frameworks governing election technology
- Voting system components, supply chains, and lifecycle management
- Cybersecurity fundamentals specific to election infrastructure
- System hardening, configuration management, and integrity verification
- Penetration testing and adversarial security assessment
- Certification, re-certification, and de-certification processes
- Audits, documentation standards, and evidentiary thresholds
- Transparency, public communication, and dispute resolution
Without professional education, these responsibilities fall to individuals who may lack the technical or legal background to interpret complex systems correctly. This Academy fills that gap.
Advanced certificates (Cert 5–7) extend the curriculum into post-quantum cryptography, zero-trust election networks with continuous attestation, and coordinated vulnerability disclosure — the technical and procedural domains that §6805 pen-test findings will surface in practice. A short Statute & Standards Primer grounds the program in the enrolled text of P.L. 119-60.
Professional services are available alongside the certificate pathway for jurisdictions and vendors that need hands-on support — pen testing, PQC migration, continuous attestation, CVD program setup, zero-trust architecture, and EAC submission packaging — anchored by a four-phase §6805 compliance engagement.
Capstone Certificate: Certified Election Systems Assurance Professional (CESAP)
Certificate 5: Post-Quantum Cryptography for Election Systems
Certificate 6: Zero-Trust Election Networks & Continuous Attestation
Certificate 7: Coordinated Vulnerability Disclosure for Election Systems
Statute & Standards Primer: §6805, HAVA, and VVSG 2.0
Certificate 4: Certification, Audit & Oversight Lifecycle
Certificate 3: Penetration Testing & Cyber Verification of Election Systems
Certificate 2: Election Infrastructure Security & Hardening
Certificate 1: Foundations of Election Systems & Governance
County Election Federal Certification Comprehension and Attestation
No products listed yet
This organization hasn't added any products to their catalog yet — check back soon.
No jobs currently posted
This organization hasn't posted any open roles yet — check back soon.