As used in this subchapter, unless the context clearly indicates otherwise, the following definitions apply:
(1) "Election security" means the process of implementing and maintaining protective measures that preserve the confidentiality, integrity, and availability of the election process. This includes network and information security as well as physical security.
(2) "Endpoint detection and response tool(s)" or "EDR tool(s)" means a software that continually monitors end-user devices to detect and respond to cyber threats.
(3) "Qualified assessor" means a security professional who, at the time of engagement, is certified and in good standing with at least of one of the following security credentials which require passing an exam covering related security subject matter and possessing the required amount of relevant information security work experience (based on certification requirements in effect on April 15, 2022):
(a) Certified Authorization Professional (CAP). The requirements to obtain a CAP credential can be found at https://www.isc2.org;
(b) Certified Information Security Manager (CISM). The requirements to obtain a CISM credential can be found at https://www.isaca.org;
(c) Certified Information Systems Auditor (CISA). The requirements to obtain a CISA credential can be found at https://www.isaca.org;
(d) Certified Information Systems Security Professional (CISSP). The requirements to obtain a CISSP credential can be found at https://www.isc2.org;
(e) Certified in Risk and Information Systems Control (CRISC). The requirements to obtain a CRISC credential can be found at https://www.isaca.org;
(f) GIAC Critical Controls Certification (GCCC). The requirements to obtain a GCCC credential can be found at https://www.giac.org;
(g) GIAC Security Leadership Certification (GSLC). The requirements to obtain a GSLC credential can be found at https://www.giac.org; or
(h) GIAC Systems and Network Auditor (GSNA). The requirements to obtain a GSNA credential can be found at https://www.giac.org.