Certificate 6: Zero-Trust Election Networks & Continuous Attestation
Apply NIST SP 800-207 zero-trust principles and TPM-anchored continuous attestation to election-day networks and devices.
You'll be notified when this class opens for registration.
Program Features
- Online
- Interactive LMS Content
- Blockchain-based Certificate
Program Features
- Online
- Interactive LMS Content
- Blockchain-based Certificate
Description
Purpose Close the lateral-movement and drift-after-certification paths that adversarial assessments routinely surface in election-day networks, pollbooks, tabulators, central counts, and state reporting.
Who It’s For
- State and county network architects and CISOs
- Voting system vendor platform engineers
- Internal auditors validating election-day controls
- EAC reviewers assessing post-certification integrity
What You Will Learn
- NIST SP 800-207 zero-trust architecture and OMB M-22-09 federal alignment
- Per-device PIV / FIDO2 identity and YubiKey-anchored administrative access
- Microsegmentation by election function (pollbook, tabulator, central count, reporting)
- Out-of-band reporting channels and air-gapped audit paths
- TPM-anchored measured boot and runtime integrity verification (NIST SP 800-193)
- Tamper-evident audit logging and real-time anomaly correlation
- Designing networks that satisfy CISA Election Goals and EAC re-test requirements
Outcome Practitioners can design, document, and defend a zero-trust election network that remains continuously attested between certification cycles.
Federal Grant Eligibility
This certificate supports compliance with NDAA FY2025 §6805, which amends the Help America Vote Act of 2002 (HAVA) to require penetration testing as part of federal voting-system certification. Tuition is an allowable use of HAVA Election Security Grant funds (Title I §101) when the learner is an election official, election IT staff member, auditor, or contractor supporting the certification or operation of voting systems.
Individual and group enrollment receipts include the line items, learner roster, and completion record most state EAC sub-grant offices require for reimbursement. State Homeland Security Grant Program (SHSGP) election-security set-asides and state-level election security grants are also commonly used to fund ESAVA enrollment.
Eligible under HAVA §101 cybersecurity allowable uses; pair with state SHSGP set-aside if available.
Need help routing payment through your state's HAVA pipeline? Use Request Grant-Funded Enrollment and we will provide a justification memo, scope-of-training letter, and W-9 sized to your state's reimbursement form.
Program Syllabus
Syllabus / Topics Covered
Module 1 – Zero-Trust Foundations
- NIST SP 800-207 architectural principles
- OMB M-22-09 federal zero-trust strategy
- Why zero-trust matters for election-day networks
- Common failure modes a static pen test does not catch
Module 2 – Election Network Topology and Attack Surface
- Pollbooks, ballot-marking devices, tabulators, central count, and state reporting
- Lateral-movement paths and chain-of-custody risk
- Mapping CISA Election Goals to network design decisions
Module 3 – Identity and Access
- Per-device identity with PIV and FIDO2
- YubiKey-anchored administrative access
- Just-in-time elevation and break-glass procedures
Module 4 – Microsegmentation by Election Function
- Segmentation boundaries: pollbook, tabulator, central count, reporting
- East-west traffic policy and continuous verification
- Out-of-band reporting and air-gapped audit paths
Module 5 – Hardware Roots of Trust and Measured Boot
- TPM-anchored measured boot
- NIST SP 800-193 platform firmware resiliency
- Runtime integrity verification and tamper-evident logs
Module 6 – Continuous Attestation Operations
- Real-time anomaly correlation and alerting
- Maintaining the EAC-certified state between elections
- Documentation that survives EAC re-test and CISA review