Administrative Rules of Montana
Department 44 - SECRETARY OF STATE
Chapter 44.3 - ELECTIONS
Subchapter 44.3.29 - Security
Rule 44.3.2902 - ANNUAL SECURITY ASSESSMENTS
Current through Register Vol. 6, March 22, 2024
(1) Election security practices performed at county election offices shall be annually assessed based on controls derived from one of the following frameworks that detail security best practices for mitigating security risks to an organization:
(2) Assessments shall be performed according to the following schedule:
(3) County election administrators shall maintain storage of security assessment results according to the local government records retention schedule.
(4) County election administrators shall provide the results of the third-party assessments to the Secretary of State in January of each calendar year. The results provided to the Secretary of State will include a management description detailing the controls assessed and the effectiveness of each control. The management description shall include the name and qualification of the assessor including their security credential's verification, certification, or identification number.
(5) Security assessments are considered confidential information as defined in 2-6-1002(1), MCA. Security assessment results and supporting security information are prohibited from disclosure to the public.
AUTH: 13-1-205, MCA; IMP: 13-1-205, MCA