County Election Federal Certification Comprehension and Attestation

CDT (America/Chicago) time zone.

This program provides election officials with a clear understanding of their state’s obligations under current election system security and certification requirements. Participants will learn how election infrastructure must be tested, hardened, documented, and verified in order to meet federal and state certification standards. The course walks through the full compliance lifecycle—from system testing and vulnerability remediation to documentation and verification procedures.

English

ESAVA Educator

Description

This course prepares election officials and oversight professionals to understand and respond to the new cybersecurity verification requirements introduced under Section 6805 of the FY 2026 National Defense Authorization Act (NDAA, Public Law 119-60, enacted December 18, 2025). This provision amends the Help America Vote Act (HAVA) to require penetration testing of voting system hardware and software as part of the federal certification, recertification, and decertification process overseen by the U.S. Election Assistance Commission.

Under Section 6805, voting systems must undergo adversarial cybersecurity testing conducted by accredited Voting System Test Laboratories (VSTLs) in order to identify exploitable vulnerabilities prior to system certification or approval for use. These requirements represent an important shift toward evidence-based cybersecurity verification for election infrastructure. Implementation of the updated certification framework is required within 180 days of enactment, placing new emphasis on system hardening, vulnerability remediation, and defensible documentation supporting election system security.

This program explains what these federal requirements mean in practice for state and county election officials. Participants will learn how penetration testing fits into the election system certification lifecycle, how federal certification standards interact with state approval processes, and what steps jurisdictions must take to ensure their systems meet applicable verification and documentation requirements.

The course concludes with a compliance attestation assessment, allowing participants to demonstrate that they understand the obligations associated with these updated certification standards and can attest that their jurisdiction has addressed the requirements necessary to maintain election infrastructure security and certification readiness.

Federal Grant Eligibility

This certificate supports compliance with NDAA FY2025 §6805, which amends the Help America Vote Act of 2002 (HAVA) to require penetration testing as part of federal voting-system certification. Tuition is an allowable use of HAVA Election Security Grant funds (Title I §101) when the learner is an election official, election IT staff member, auditor, or contractor supporting the certification or operation of voting systems.

Individual and group enrollment receipts include the line items, learner roster, and completion record most state EAC sub-grant offices require for reimbursement. State Homeland Security Grant Program (SHSGP) election-security set-asides and state-level election security grants are also commonly used to fund ESAVA enrollment.

Maps to HAVA §251 requirements payments where the state plan recognizes election-official training as a compliance activity. This is the final attestation cert in the §6805 compliance flowchart (Step 10) — completion produces the documented evidence of training your state may require alongside pen-test artifacts.

Need help routing payment through your state's HAVA pipeline? Use Request Grant-Funded Enrollment and we will provide a justification memo, scope-of-training letter, and W-9 sized to your state's reimbursement form.

Program Syllabus

Syllabus / Topics Covered

Module 1 – Election Infrastructure as Critical Systems

Overview of election infrastructure components
Voting systems, election management systems, and supporting technology
Why election systems are classified as critical infrastructure
Key security risks and threat models

Module 2 – Federal Certification Framework

Overview of national certification standards
Role of the federal certification process
Testing laboratories and evaluation procedures
What certification processes verify about election system hardware, firmware, and software

Module 3 – State-Level Election System Requirements

How states adopt or modify federal standards
State certification authorities and procedures
Variations in state compliance obligations
County responsibilities under state law

Module 4 – Cybersecurity Verification and System Hardening

System configuration and hardening practices
Vulnerability identification and remediation
Penetration testing and security evaluation
Evidence and documentation required for verification

Module 5 – Certification Lifecycle Management

Initial certification requirements
Software and firmware updates
Conditions that trigger re-certification
De-certification scenarios and mitigation

Module 6 – Documentation, Evidence, and Compliance Records

Maintaining defensible records of compliance
Test reports and remediation documentation
Chain-of-custody and system integrity verification
Preparing documentation for oversight review

Module 7 – County-Level Compliance Responsibilities

Responsibilities of county election officials
Coordination with vendors and state authorities
Ensuring required testing, hardening, and documentation procedures are completed
Identifying and addressing compliance gaps

Final Module – Compliance Attestation Assessment

Participants must complete a final assessment designed to verify that they can:

Identify the certification and security obligations that apply to their state
Understand the steps required for county-level compliance
Interpret verification and testing documentation
Attest that their jurisdiction understands and has addressed the applicable requirements necessary to maintain election infrastructure security and certification readiness