The secretary of state is responsible for maintaining the security system for the computerized voter registration file and shall implement:
- (1) A stateful layer 3 and 7 firewall at the perimeter to block malicious traffic and experienced personnel to operate and maintain the rules and underlying software and firmware on which the firewall system operates;
- (2) Anti-malware solutions that ensure that any underlying operating system maintains its intended function and integrity. Exclusive ownership of the anti-malware solutions remains with the governing body that maintains the anti-malware solutions;
- (3) Continuous vulnerability evaluation of the software code, libraries, and included packages throughout the software development lifecycle using automated, trusted tools to ensure erroneous code, unauthenticated access, or potential privilege escalation vehicles are not introduced;
- (4) Trusted white hat vulnerability analysis for protected systems to evaluate, identify, and document risks within the application which are then provided to development and management personnel to appropriately mitigate any potential findings on a scheduled and reoccurring basis; and
- (5) Personnel background checks to ensure that only personnel dedicated to a secure election process, who act in good faith to deliver quality, well-guarded code and application infrastructure, have access to restricted systems within the application development lifecycle.
Source: 50 SDR 12, effective August 8, 2023 .
General Authority: SDCL 12-1-9 (1), 12-4-37 .
Law Implemented: SDCL 12-4-37 .