Arizona 2022 Regular Session

Arizona Senate Bill SB1642 Compare Versions

Version 1 (Old)

Version 2 (New)

Old	New		Differences
1		-	~~Senate Engrossed~~ election management systems; security State of Arizona Senate Fifty-fifth Legislature Second Regular Session 2022 ~~SENATE BILL~~ 1642 An Act amending title 16, chapter 4, article 4, Arizona Revised Statutes, by adding section 16-453; relating to conduct of elections. (TEXT OF BILL BEGINS ON NEXT PAGE)
	1	+	REFERENCE TITLE: election management systems; security State of Arizona Senate Fifty-fifth Legislature Second Regular Session 2022 SB 1642 Introduced by Senator Fann AN ACT amending title 16, chapter 4, article 4, Arizona Revised Statutes, by adding section 16-453; relating to conduct of elections. (TEXT OF BILL BEGINS ON NEXT PAGE)
2	2
3	3
4	4
5	5
6	6
7	7
8	8
9		-	~~Senate Engrossed~~ election management systems; security
	9	+	REFERENCE TITLE: election management systems; security
10	10		State of Arizona Senate Fifty-fifth Legislature Second Regular Session 2022
11		-	SENATE BILL 1642
	11	+	SB 1642
	12	+	Introduced by Senator Fann
12	13
13		-	Senate Engrossed
14		-
15		-
16		-
17		-	election management systems; security
	14	+	REFERENCE TITLE: election management systems; security
18	15
19	16
20	17
21	18
22	19
23	20
24	21
25	22
26	23
27	24		State of Arizona
28	25
29	26		Senate
30	27
31	28		Fifty-fifth Legislature
32	29
33	30		Second Regular Session
34	31
35	32		2022
36	33
37	34
38	35
39	36
40	37
41	38
42	39
43		-	SENATE BILL 1642
	40	+	SB 1642
	41	+
	42	+
	43	+
	44	+	Introduced by
	45	+
	46	+	Senator Fann
44	47
45	48
46	49
47	50
48	51
49	52		AN ACT
50	53
51	54
52	55
53	56		amending title 16, chapter 4, article 4, Arizona Revised Statutes, by adding section 16-453; relating to conduct of elections.
54	57
55	58
56	59
57	60
58	61
59	62		(TEXT OF BILL BEGINS ON NEXT PAGE)
60	63
61	64
62	65
63	66		Be it enacted by the Legislature of the State of Arizona: Section 1. Title 16, chapter 4, article 4, Arizona Revised Statutes, is amended by adding section 16-453, to read: START_STATUTE16-453. Election management systems; gateway computer standards A. Not later than the 2022 primary election, a county recorder or other officer in charge of elections must have a dedicated special purpose election management system gateway computer that may be used only when necessary to do the following: 1. Download data from an internet-connected system, including downloading ballot language or ballot files, onto a memory stick or other removable electronic storage device for uploading to the election management system gateway computer. 2. Download data, including election results files, from the election management system gateway computer to a memory stick or other similar device for uploading to an internet-connected system. B. The election management system gateway computer shall serve as the internet-connected system for the purposes prescribed by this section. No other computer except for the designated election management system gateway computer may be used for these purposes and the designated election management system gateway computer shall not be used for any other purpose. C. The following security protocols apply to the election management system gateway computer: 1. The computer shall only be connected to a network when necessary, such as to upload to or download from the internet or to install necessary software updates. The computer shall be disconnected from the network before any transfer of data to or from the memory stick or other device that was or will be connected to the election management system gateway computer. 2. The computer shall not be used for any purpose other than moving necessary election data in to or out of the computer. 3. The computer's operating system, browser and endpoint protection software shall have the most recent updates and security patches installed. 4. The computer shall have endpoint protection software that protects the computer from malware, viruses, ransomware, incursions and other cybersecurity risks, with scanning capability installed. 5. The computer shall not have any software installed other than endpoint protection and a web browser. 6. Security shall be the most important criteria when selecting a browser. 7. A firewall applicable to the operating system shall be enabled with the following restrictions: (a) Incoming connections are prohibited. (b) Unnecessary outbound ports are prohibited. (c) Use of an unsecured hypertext transfer protocol is prohibited. (d) Connections are allowed only to specified internet protocol addresses such as the election management system vendor download site and the secretary of state's site used for election night reporting. 8. If present, all wireless connections and functions and cellular functions shall be disabled. 9. A wireless mouse or wireless keyboard is prohibited. 10. The computer shall be physically secured by the officer in charge of elections or the officer's designee in compliance with the requirements applicable to other election equipment. 11. The default administrator account shall be disabled and customized administrator accounts with specific powers and privileges must be created, providing to persons with administrator access only those powers and privileges necessary for the person's specific job duties. 12. Normal operation of the computer, such as when not conducting system configuration or maintenance that requires administrator access, shall be conducted without administrator rights to ensure that nonadministrators cannot install unauthorized software or otherwise have access to the operating system or internal file structures. 13. Any physical port, plug, door or other method of physical or electronic access to the computer shall be secured in a manner to prevent unauthorized access to the computer. END_STATUTE
64	67
65	68		Be it enacted by the Legislature of the State of Arizona:
66	69
67	70		Section 1. Title 16, chapter 4, article 4, Arizona Revised Statutes, is amended by adding section 16-453, to read:
68	71
69	72		START_STATUTE16-453. Election management systems; gateway computer standards
70	73
71	74		A. Not later than the 2022 primary election, a county recorder or other officer in charge of elections must have a dedicated special purpose election management system gateway computer that may be used only when necessary to do the following:
72	75
73	76		1. Download data from an internet-connected system, including downloading ballot language or ballot files, onto a memory stick or other removable electronic storage device for uploading to the election management system gateway computer.
74	77
75	78		2. Download data, including election results files, from the election management system gateway computer to a memory stick or other similar device for uploading to an internet-connected system.
76	79
77	80		B. The election management system gateway computer shall serve as the internet-connected system for the purposes prescribed by this section.
78	81
79	82		No other computer except for the designated election management system gateway computer may be used for these purposes and the designated election management system gateway computer shall not be used for any other purpose.
80	83
81	84		C. The following security protocols apply to the election management system gateway computer:
82	85
83	86		1. The computer shall only be connected to a network when necessary, such as to upload to or download from the internet or to install necessary software updates. The computer shall be disconnected from the network before any transfer of data to or from the memory stick or other device that was or will be connected to the election management system gateway computer.
84	87
85	88		2. The computer shall not be used for any purpose other than moving necessary election data in to or out of the computer.
86	89
87	90		3. The computer's operating system, browser and endpoint protection software shall have the most recent updates and security patches installed.
88	91
89	92		4. The computer shall have endpoint protection software that protects the computer from malware, viruses, ransomware, incursions and other cybersecurity risks, with scanning capability installed.
90	93
91	94		5. The computer shall not have any software installed other than endpoint protection and a web browser.
92	95
93	96		6. Security shall be the most important criteria when selecting a browser.
94	97
95	98		7. A firewall applicable to the operating system shall be enabled with the following restrictions:
96	99
97	100		(a) Incoming connections are prohibited.
98	101
99	102		(b) Unnecessary outbound ports are prohibited.
100	103
101	104		(c) Use of an unsecured hypertext transfer protocol is prohibited.
102	105
103	106		(d) Connections are allowed only to specified internet protocol addresses such as the election management system vendor download site and the secretary of state's site used for election night reporting.
104	107
105	108		8. If present, all wireless connections and functions and cellular functions shall be disabled.
106	109
107	110		9. A wireless mouse or wireless keyboard is prohibited.
108	111
109	112		10. The computer shall be physically secured by the officer in charge of elections or the officer's designee in compliance with the requirements applicable to other election equipment.
110	113
111	114		11. The default administrator account shall be disabled and customized administrator accounts with specific powers and privileges must be created, providing to persons with administrator access only those powers and privileges necessary for the person's specific job duties.
112	115
113	116		12. Normal operation of the computer, such as when not conducting system configuration or maintenance that requires administrator access, shall be conducted without administrator rights to ensure that nonadministrators cannot install unauthorized software or otherwise have access to the operating system or internal file structures.
114	117
115	118		13. Any physical port, plug, door or other method of physical or electronic access to the computer shall be secured in a manner to prevent unauthorized access to the computer. END_STATUTE