TextSearch
https://www.cisa.gov/rumorcontrol

Rumor Control | CISA

Looking for information on state-specific election security efforts or additional FAQs? Check out the #TrustedInfo2022 page from the National Association of Secretaries of State (NASS) and the Election FAQs page from the National Association of State Election Directors (NASED). Last Updated: Novem…

· archived 5/18/2026, 12:39:11 AMscreenshotcached html
Rumor Control | CISA Skip to main content An official website of the United States government Here's how you know REPORT SUBSCRIBE CONTACT SITE MAP Official websites use .gov A .gov website belongs to an official government organization in the United States. Secure .gov websites use HTTPS A lock () or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites. ×search  Toggle navigation ×search  CISA Navigation National Risk Management    > Election Security    > Rumor Control Election Security Election Cybersecurity Toolkit Crossfeed Election Risk Profile Tool Election Security Library MDM Resource Library Mis-, Dis-, Malinformation Resilience Series Graphic Novels Rumor Control Election Security Rumor vs. Reality Looking for information on state-specific election security efforts or additional FAQs? Check out the #TrustedInfo2022 page from the National Association of Secretaries of State (NASS) and the Election FAQs page from the National Association of State Election Directors (NASED).   Last Updated: November 8, 2022 State, local, and territorial election officials work year-round to prepare for and administer elections, implementing a wide range of security measures and serving as authoritative sources of official government information on elections for their voters. While important commonalities exist across and within states, each state, local, and territorial election jurisdiction administers its elections under a unique legal and procedural framework using varying systems and infrastructure. The differences and complexity introduced by this decentralization can lead to uncertainty in the minds of voters; uncertainty that can be exploited by malicious actors. Complementing election officials’ voter education and civic literacy efforts, this page seeks to inform voters and help them build resilience against mis-, dis- and mal-information (MDM) narratives about election infrastructure. Rumor vs. Reality is designed to provide accurate and reliable information related to common MDM narratives and themes that relate broadly to the security of election infrastructure and related processes. It is not intended to address jurisdiction-specific claims. Instead, this resource addresses election security rumors by describing common and generally applicable protective processes, security measures, and legal requirements designed to deter, detect, and protect against significant security threats related to election infrastructure and processes. November 4, 2022: El material de CISA "Rumor vs. Realidad" está ahora disponible en español. Encuéntrelo en @CISAgov y compártalo en Twitter para crear conciencia acerca de la información electoral exacta y de las narrativas electorales comunes de MDM.  November 4, 2022: CISA’s Rumor vs. Reality webpage is now available in Spanish. Check it out. The resource provides accurate and reliable information related to common MDM narratives and themes that relate broadly to the security of election infrastructure and related processes.   You can learn more about CISA’s work to build resilience to MDM by visiting the MDM Resource Library. Click an icon below to go directly to that section. New Rumor vs Reality Pre-Election Election Day Post-Election New Rumor Vs. Reality  Reality: The use of paper ballots and other redundancy measures ensure that votes can be counted when a ballot scanner malfunctions or cannot scan ballots for other reasons.  Rumor: Problems with ballot scanners at my voting site mean that my ballot won’t be counted. Get the Facts: Like all digital systems, ballot scanners can malfunction. Similarly, properly functioning ballot scanners may be unable to scan ballots that are damaged, misprinted, or have ambiguous markings. When a ballot cannot be read by a scanner at a voting site, election officials apply procedures to securely store the ballots until they can be counted at a later time. Because the paper ballot itself is the official record of the votes, there is no impact on the accuracy or integrity of election results. Useful Sources Voluntary Voting System Guidelines, EAC Voting Equipment, NCSL Your local or state election officials EAC state-by-state directory. Link directly to this entry by using: https://www.cisa.gov/rumorcontrol#rumor28  Reality: Election officials regularly update voter registration lists in accordance with legal protections against the removal of eligible registrants.  Rumor: Election officials don’t clean the voter rolls. Get the Facts: Election officials regularly update their voter registration lists based on voter requests and data from varying sources that may indicate that a voter has died, moved, registered elsewhere, changed their name, or become otherwise ineligible. These data sources include motor vehicle licensing agencies, entities that maintain death records, confirmation notices mailed to voters, and interstate data exchanges. This helps election officials identify and merge duplicate records, and remove records for individuals who are no longer eligible. Federal and state laws protect against the removal of eligible registrants from the voter rolls. These include federal prohibitions, applicable in most states, against removing some registrants in the 90 days prior to a federal election and removing registrants solely due to their failure to vote. Unless an election official has first-hand information that a registrant has moved, processes used for removing records for those who may have moved can take longer than two years due to protections to prevent registrants from being removed incorrectly. Such legal protections and the timing of data sharing can result in a lag time between a person becoming ineligible and the removal of their record. This can lead to some official election mail, including mail-in ballots in some states, being delivered to addresses of those who have moved or may be otherwise ineligible. Election officials often encourage people to notify the election office if they receive election mail for individuals who no longer reside at the address. State and federal laws prohibit voter impersonation, including voting on behalf of an individual who has died, moved, or otherwise become ineligible yet whose record remains temporarily on the voter rolls. Additional election integrity safeguards, including signature matching and verification of other personal data, protect against people casting ballots on behalf of others. The voter registration practices described in this entry do not apply to North Dakota, where voter registration does not occur. Useful Sources 18 U.S.C. § 1708 52 U.S.C. §§ 10307(c), 20507, 20511(2), 21083(a)(2)(A) Mail-in Voting Integrity Safeguards Infographic, CISA The National Voter Registration Act of 1993: Questions and Answers, DOJ Election Crimes, FBI Election Mail Information Center(link is external), USPS Your local or state election officials. EAC state-by-state directory Maintenance of State Voter Registration Lists, NASS Voter List Accuracy, NCSL Election FAQs, NASED Link directly to this entry by using: https://www.cisa.gov/rumorcontrol#rumor27  Reality: The existence of a vulnerability in election technology is not evidence that the vulnerability has been exploited or that the results of an election have been impacted. Technology has vulnerabilities. Identifying and mitigating vulnerabilities is an important security practice.  Rumor: Vulnerabilities in election technology mean that elections have been hacked and hackers are able to change election results. Get the Facts: Like all digital systems, the technologies used to administer elections have vulnerabilities. Election officials use varying technological, physical, and procedural controls to help safeguard these systems and the integrity of the election processes they support. Identified vulnerabilities should be taken seriously and mitigations implemented in a timely manner. Identifying and mitigating vulnerabilities is a key part of ordinary cybersecurity practices. Mitigations include installing software patches, implementing physical and procedural safeguards, and applying compensating technical controls. These safeguards and compensating controls include measures that seek to identify and mitigate vulnerabilities prior to potential exploitation as well as those that help detect and recover from a malfunction or an actual or attempted exploitation of known or zero-day vulnerabilities. It’s important to note that there is no indication that cyber vulnerabilities have contributed to any voting system deleting, losing, or changing votes. Useful Sources Intelligence Community Assessment on Foreign Threats to the 2020 U.S. Federal Elections, ODNI Key Findings and Recommendations: Foreign Interference Related to the 2020 US Federal Elections, DHS and DOJ CISA Insights: Chain of Custody and Critical Infrastructure Systems, CISA Chain of Custody Best Practices, EAC Voting Testing and Certification Program, EAC Voting System Standards, Testing and Certification, NCSL Post-Election Audits, NCSL Your local or state election officials. EAC state-by-state directory Link directly to this entry by using: https://www.cisa.gov/rumorcontrol#rumor26 Pre-Election  Reality: Safeguards protect the integrity of the mail-in/absentee ballot process, including relating to the use of mail-in/absentee ballot request forms.  Rumor: People can easily violate the integrity of the mail-in/absentee ballot request process to receive and cast unauthorized mail-in/absentee ballots, or prevent authorized voters from voting successfully in person. Get the Facts: Election officials utilize various security measures to protect the integrity of the mail-in/absentee voting process, including those that protect against the unauthorized use of ballot request forms, in states where such forms are used, the submission of mail-in/absentee ballots by ineligible individuals, and eligible in-person voters being erroneously precluded from being able to vote due to being listed in the poll book as having received a mail-in/absentee ballot. Mail-in/absentee ballot request forms typically require applicants to sign the form and affirm their eligibility to cast a mail-in/absentee ballot under penalty of law. Upon receipt of a mail-in/absentee ballot request form, election officials implement varying procedures to verify the identity and eligibility of the applicant prior to sending the applicant a mail-in/absentee ballot. Such procedures include checking the signature and information submitted on the form against the corresponding voter registration record, as well as ensuring that multiple mail-in/absentee ballots are not sent in response to applications using the same voter’s information. Election officials further implement varying procedures to verify the identity and eligibility of those who submit mail-in/absentee ballots. Those who submit mail-in/absentee ballots are required to sign the mail-in/absentee ballot envelope. In some states, a notarized signature, the signature of a witness or witnesses, and/or a copy of valid identification is also required. Upon receipt of a mail-in/absentee ballot, election officials verify the signature on the mail-in/absentee ballot envelope and/or that the mail-in/absentee ballot has been otherwise properly submitted prior to retrieving the ballot from its envelope and submitting it for counting. Some states notify the voter if there is a discrepancy or missing signature, affording the voter an opportunity to correct the issue. State policies vary on how to handle an in-person voter who is listed in the poll book as having been sent a mail-in/absentee ballot. In most states, the voter would be required to cast a provisional ballot that could be later reviewed by election officials. In others, the voter may cast a regular ballot and any corresponding mail-in/absentee ballot returned in the name of that voter would be rejected. In all such cases, instances of potential double voting or voter impersonation could be directed to appropriate authorities for investigation. Useful Sources Mail-in Voting in 2020 Infrastructure Risk Assessment, CISA Mail-in Voting in 2020 Infrastructure Risk Infographic, CISA Mail-in Voting Integrity Safeguards Infographic, CISA USPS Election Mail Information Center(link is external), USPS How States Verify Absentee Ballot Applications, NCSL How States Verify Voted Absentee Ballots, NCSL States That Permit Voters to Correct Signature Discrepancies, NCSL 52 U.S.C. § 21082 Provisional Ballots, NCSL State Policies on Voting In-Person or Changing Vote After Requesting a Mail/Absentee Ballot, NASS Election FAQs, NASED Your local or state election officials. EAC state-by-state directory Link directly to this entry by using: https://www.cisa.gov/rumorcontrol#rumor25    Reality: Robust safeguards protect against tampering with ballots returned via drop box.  Rumor: Drop boxes used by election officials to collect returned mail-in/absentee ballots can be easily tampered with, stolen, or destroyed. Get the Facts: Election officials utilize various safeguards to protect ballots returned by voters via drop boxes from being tampered with, stolen, or destroyed. Drop boxes located outdoors are typically made of heavy and high-grade metal, bolted to the ground, and include security features such as locks, tamper-evident seals, minimally sized ballot insertion slots, and fire and water-damage prevention features. Drop boxes located indoors are typically staffed and protected by existing building security measures. Many election offices monitor their drop boxes via 24-hour video surveillance. Ballots returned via drop box are retrieved by election officials or designated individuals, often in bi-partisan teams, at frequent intervals. Useful Sources Ballot Drop Box, Election Infrastructure Subsector’s Government Coordinating Council and Sector Coordinating Council Joint COVID-19 Working Group Ballot Drop Box Definitions, Design Features, Location, and Number, NCSL Voting Outside the Polling Place: Absentee, All-Mail and other Voting at Home Options, NCSL Election FAQs, NASED Your local or state election officials. EAC state-by-state directory Link directly to this entry by using: https://www.cisa.gov/rumorcontrol#rumor24    Reality: Voting system hardware and software undergo testing from federal, state, and/or local election authorities.  Rumor: Voting system software is not reviewed or tested and can be easily manipulated. Get the Facts:  State and local election officials implement varying testing practices to help ensure voting system hardware and software function as intended. These practices include federal and state testing and certification, testing prior to procurement, acceptance testing, and/or pre- and post-election logic and accuracy testing. Such testing helps detect and protect against malicious or anomalous software issues.   Under federal and state certification programs, voting system manufacturers submit systems to undergo testing and review by an accredited laboratory or state testers. This testing is designed to check that systems function as designed and meet applicable state and/or federal requirements or standards for accuracy, privacy, and accessibility, such as the Voluntary Voting System Guidelines set by the U.S. Election Assistance Commission. Certification testing usually includes a review of a system’s source code as well as environmental, security and functional testing. Varying by state, this testing may be conducted by a state-certified laboratory, a partner university, and/or a federally certified testing laboratory. Useful Sources 52 U.S.C. §§ 20971, 21081 Voting System Certification Process, EAC Voting System Security Measures, EAC Election Infrastructure Security, CISA Election Infrastructure Cyber Risk Assessment and Infographic, CISA Voting System Standards, Testing and Certification, NCSL Post-Election Audits, NCSL Election FAQs, NASED Your local or state election officials. EAC state-by-state directory Link directly to this entry by using: https://www.cisa.gov/rumorcontrol#rumor23    Reality: Voter registration list maintenance and other election integrity measures protect against voting illegally on behalf of deceased individuals.  Rumor: Votes are being cast on behalf of dead people and these votes are being counted. Get the Facts: State and federal laws prohibit voter impersonation, including casting a ballot on behalf of a deceased individual. Election officials regularly update their voter registration lists, removing voter records for those who have died, moved, registered elsewhere, or became otherwise ineligible. Removal of deceased individuals is based on death records shared by state vital statistics agencies and the Social Security Administration. While there can be lag time between a person’s death and their removal from the voter registration list, which can lead to some official election mail, including mail-in ballots being delivered to addresses of deceased individuals, death records provide a strong audit trail to identify any attempts to cast ballots on behalf of deceased individuals. Additional election integrity safeguards, including signature matching and information checks, further protect against voter impersonation and voting by ineligible persons. In some instances, living persons may return mail-in ballots or vote early in-person, and then die before Election Day. Some states permit such voters’ ballots to be counted, while others disallow such ballots and follow procedures to identify and reject them during processing. Taken out of context, some voter registration information may appear to suggest suspicious activity, but is actually the result of an innocuous clerical error or intended data practices. For example, in rare instances when a registrant’s birth date is not known (e.g., a voter who legally registered prior to modern voter registration practices), election officials may use temporary placeholder data (e.g., 1/1/1900) until the registrant’s birth date can be updated. In other instances, a voting-age child with the same name and address as their deceased parent could be misinterpreted as a deceased voter or contribute to clerical errors. Useful Sources 18 U.S.C. § 1708 52 U.S.C. §§ 10307(c), 20507, 20511(2), 21083(a)(2)(A) Mail-in Voting Integrity Safeguards Infographic, CISA Election Infrastructure Cyber Risk Assessment and Infographic, CISA Election Infrastructure Security, CISA Election Security, DHS The National Voter Registration Act of 1993: Questions and Answers, DOJ Election Crimes, FBI Election Mail Information Center(link is external), USPS Your local or state election officials. EAC state-by-state directory Maintenance of State Voter Registration Lists, NASS What If an Absentee Voter Dies Before Election Day?, NCSL Voter List Accuracy, NCSL Election FAQs, NASED Link directly to this entry by using: https://www.cisa.gov/rumorcontrol#rumor21    Reality: Some voter registration data is publicly available.   Rumor: Someone possessing or posting voter registration data means voter registration databases have been hacked. Get the Facts: Some voter registration information is public information and is available to political campaigns, researchers, and often members of the public, frequently for purchase. According to a joint FBI and CISA public service announcement, cyber actors may make false claims of “hacked” voter information to undermine confidence in U.S. democratic institutions. Useful Sources Availability of State Voter File and Confidential Information, EAC FBI-CISA Public Service Announcement: False Claims of Hacke

… truncated (32,839 more characters in archive)