[Pages S3329-S3332]
From the Congressional Record Online through the Government Publishing Office [www.gpo.gov]

  SA 2427. Mr. LANKFORD (for himself, Ms. Klobuchar, Ms. Collins, Ms. 
Harris, Mr. Burr, Mr. Warner, Mr. Graham, and Mr. Heinrich) submitted 
an amendment intended to be proposed to amendment SA 2282 submitted by 
Mr. Inhofe (for himself and Mr. McCain) and intended to be proposed to 
the bill H.R. 5515, to authorize appropriations for fiscal year 2019 
for military activities of the Department of Defense, for military 
construction, and for defense activities of the Department of Energy, 
to prescribe military personnel strengths for such fiscal year, and for 
other purposes; which was ordered to lie on the table; as follows:

       At the end of title X, add the following:

                     Subtitle __--Election Security

     SEC. ____1. SHORT TITLE.

       This subtitle may be cited as the ``Secure Elections Act''.

     SEC. ___2. DEFINITIONS.

       In this subtitle:
       (1) Appropriate congressional committees.--The term 
     ``appropriate congressional committees'' means--
       (A) the Committee on Rules and Administration, the 
     Committee on Armed Services, the Committee on Homeland 
     Security and Governmental Affairs, the Committee on 
     Appropriations, the Select Committee on Intelligence, the 
     majority leader, and the minority leader of the Senate; and
       (B) the Committee on House Administration, the Committee on 
     Armed Services, the Committee on Homeland Security, the 
     Committee on Appropriations, the Permanent Select Committee 
     on Intelligence, the Speaker, and the minority leader of the 
     House of Representatives.
       (2) Appropriate federal entities.--The term ``appropriate 
     Federal entities'' means--
       (A) the Department of Commerce, including the National 
     Institute of Standards and Technology;
       (B) the Department of Defense;
       (C) the Department, including the component of the 
     Department that reports to the Under Secretary responsible 
     for overseeing critical infrastructure protection, 
     cybersecurity, and other related programs of the Department;
       (D) the Department of Justice, including the Federal Bureau 
     of Investigation;
       (E) the Commission; and
       (F) the Office of the Director of National Intelligence, 
     the National Security Agency, and such other elements of the 
     intelligence community (as defined in section 3 of the 
     National Security Act of 1947 (50 U.S.C. 3003)) as the 
     Director of National Intelligence determines are appropriate.
       (3) Chairman.--The term ``Chairman'' means the Chairman of 
     the Election Assistance Commission.
       (4) Commission.--The term ``Commission'' means the Election 
     Assistance Commission.
       (5) Department.--The term ``Department'' means the 
     Department of Homeland Security.
       (6) Election agency.--The term ``election agency'' means 
     any component of a State or any component of a county, 
     municipality, or other subdivision of a State that is 
     responsible for administering Federal elections.
       (7) Election cybersecurity incident.--The term ``election 
     cybersecurity incident'' means any incident involving an 
     election system.
       (8) Election cybersecurity threat.--The term ``election 
     cybersecurity threat'' means any cybersecurity threat (as 
     defined in section 102 of the Cybersecurity Information 
     Sharing Act of 2015 (6 U.S.C. 1501)) to an election system.
       (9) Election cybersecurity vulnerability.--The term 
     ``election cybersecurity vulnerability'' means any security 
     vulnerability (as defined in section 102 of the Cybersecurity 
     Information Sharing Act of 2015 (6 U.S.C. 1501)) that affects 
     an election system.
       (10) Election service provider.--The term ``election 
     service provider'' means any person providing, supporting, or 
     maintaining an election system on behalf of an election 
     agency, such as a contractor or vendor.
       (11) Election system.--The term ``election system'' means a 
     voting system, an election management system, a voter 
     registration website or database, an electronic pollbook, a 
     system for tabulating or reporting election results, an 
     election agency communications system, or any other 
     information system (as defined in section 3502 of title 44, 
     United States Code) that the Secretary identifies as central 
     to the management, support, or administration of a Federal 
     election.
       (12) Federal election.--The term ``Federal election'' means 
     any election (as defined in section 301(1) of the Federal 
     Election Campaign Act of 1971 (52 U.S.C. 30101(1)) for 
     Federal office (as defined in section 301(3) of the Federal 
     Election Campaign Act of 1971 (52 U.S.C. 30101(3)).
       (13) Federal entity.--The term ``Federal entity'' means any 
     agency (as defined in section 551 of title 5, United States 
     Code).
       (14) Incident.--The term ``incident'' has the meaning given 
     the term in section 227(a) of the Homeland Security Act of 
     2002 (6 U.S.C. 148(a)).
       (15) Secretary.--The term ``Secretary'' means the Secretary 
     of Homeland Security.
       (16) State.--The term ``State'' means each of the several 
     States of the United States, the District of Columbia, the 
     Commonwealth of Puerto Rico, Guam, American Samoa, the 
     Commonwealth of Northern Mariana Islands, and the United 
     States Virgin Islands.
       (17) State election official.--The term ``State election 
     official'' means--
       (A) the chief State election official of a State designated 
     under section 10 of the National Voter Registration Act of 
     1993 (52 U.S.C. 20509); or
       (B) in the Commonwealth of Puerto Rico, Guam, American 
     Samoa, the Commonwealth of Northern Mariana Islands, and the 
     United States Virgin Islands, a chief State election official 
     designated by the State for purposes of this Act.
       (18) State law enforcement officer.--The term ``State law 
     enforcement officer'' means the head of a State law 
     enforcement agency, such as an attorney general.
       (19) Voting system.--The term ``voting system'' has the 
     meaning given the term in section 301(b) of the Help America 
     Vote Act of 2002 (52 U.S.C. 21081(b)).

     SEC. ____3. INFORMATION SHARING.

       (a) Designation of Responsible Federal Entity.--The 
     Secretary shall have primary responsibility within the 
     Federal Government for sharing information about election 
     cybersecurity incidents, threats, and vulnerabilities with 
     Federal entities and with election agencies.
       (b) Presumption of Federal Information Sharing to the 
     Department.--If a Federal entity receives information about 
     an election cybersecurity incident, threat, or vulnerability, 
     the Federal entity shall promptly share that information with 
     the Department, unless the head of the entity (or a Senate-
     confirmed official designated by the head) makes a specific 
     determination in writing that there is good cause to withhold 
     the particular information.
       (c) Presumption of Federal and State Information Sharing 
     From the Department.--If the Department receives information 
     about an election cybersecurity incident, threat, or 
     vulnerability, the Department shall promptly share that 
     information with--
       (1) the appropriate Federal entities;
       (2) all State election agencies;
       (3) to the maximum extent practicable, all election 
     agencies that have requested ongoing updates on election 
     cybersecurity incidents, threats, or vulnerabilities; and
       (4) to the maximum extent practicable, all election 
     agencies that may be affected by the risks associated with 
     the particular election cybersecurity incident, threat, or 
     vulnerability.
       (d) Technical Resources for Election Agencies.--In sharing 
     information about election cybersecurity incidents, threats, 
     and vulnerabilities with election agencies under this 
     section, the Department shall, to the maximum extent 
     practicable--
       (1) provide cyber threat indicators and defensive measures 
     (as such terms are defined in section 102 of the 
     Cybersecurity Information Sharing Act of 2015 (6 U.S.C. 
     1501)), such as recommended technical instructions, that 
     assist with preventing, mitigating, and detecting threats or 
     vulnerabilities;
       (2) identify resources available for protecting against, 
     detecting, responding to, and recovering from associated 
     risks, including technical capabilities of the Department; 
     and
       (3) provide guidance about further sharing of the 
     information.
       (e) Declassification Review.--If the Department receives 
     classified information about an election cybersecurity 
     incident, threat, or vulnerability--
       (1) the Secretary shall promptly submit a request for 
     expedited declassification review to the head of a Federal 
     entity with authority to conduct the review, consistent with 
     Executive Order 13526 or any successor order, unless the 
     Secretary determines that such a

[[Page S3330]]

     request would be harmful to national security; and
       (2) the head of the Federal entity described in paragraph 
     (1) shall promptly conduct the review.
       (f) Role of Non-Federal Entities.--The Department may share 
     information about election cybersecurity incidents, threats, 
     and vulnerabilities through a non-Federal entity.
       (g) Protection of Personal and Confidential Information.--
       (1) In general.--If a Federal entity shares information 
     relating to an election cybersecurity incident, threat, or 
     vulnerability, the Federal entity shall, within Federal 
     information systems (as defined in section 3502 of title 44, 
     United States Code) of the entity--
       (A) minimize the acquisition, use, and disclosure of 
     personal information of voters, except as necessary to 
     identify, protect against, detect, respond to, or recover 
     from election cybersecurity incidents, threats, and 
     vulnerabilities;
       (B) notwithstanding any other provision of law, prohibit 
     the retention of personal information of voters, such as--
       (i) voter registration information, including physical 
     address, email address, and telephone number;
       (ii) political party affiliation or registration 
     information; and
       (iii) voter history, including registration status or 
     election participation; and
       (C) protect confidential Federal and State information from 
     unauthorized disclosure.
       (2) Exemption from disclosure.--Information relating to an 
     election cybersecurity incident, threat, or vulnerability, 
     such as personally identifiable information of reporting 
     persons or individuals affected by such incident, threat, or 
     vulnerability, shared by or with the Federal Government shall 
     be--
       (A) deemed voluntarily shared information and exempt from 
     disclosure under section 552 of title 5, United States Code, 
     and any State, tribal, or local provision of law requiring 
     disclosure of information or records; and
       (B) withheld, without discretion, from the public under 
     section 552(b)(3)(B) of title 5, United States Code, and any 
     State, tribal, or local provision of law requiring disclosure 
     of information or records.
       (h) Duty To Assess Possible Cybersecurity Incidents.--
       (1) Election agencies.--If an election agency becomes aware 
     of the possibility of an election cybersecurity incident, the 
     election agency shall promptly assess whether an election 
     cybersecurity incident occurred and notify the State election 
     official.
       (2) Election service providers.--If an election service 
     provider becomes aware of the possibility of an election 
     cybersecurity incident, the election service provider shall 
     promptly assess whether an election cybersecurity incident 
     occurred and notify the relevant election agencies consistent 
     with subsection (j).
       (i) Information Sharing About Cybersecurity Incidents by 
     Election Agencies.--If an election agency has reason to 
     believe that an election cybersecurity incident has occurred 
     with respect to an election system owned, operated, or 
     maintained by or on behalf of the election agency, the 
     election agency shall, in the most expedient time possible 
     and without unreasonable delay, provide notification of the 
     election cybersecurity incident to the Department.
       (j) Information Sharing About Cybersecurity Incidents by 
     Election Service Providers.--If an election service provider 
     has reason to believe that an election cybersecurity incident 
     may have occurred, or that an incident related to the role of 
     the provider as an election service provider may have 
     occurred, the election service provider shall--
       (1) notify the relevant election agencies in the most 
     expedient time possible and without unreasonable delay; and
       (2) cooperate with the election agencies in providing the 
     notifications required under subsections (h)(1) and (i).
       (k) Content of Notification by Election Agencies.--The 
     notifications required under subsections (h)(1) and (i)--
       (1) shall include an initial assessment of--
       (A) the date, time, and duration of the election 
     cybersecurity incident;
       (B) the circumstances of the election cybersecurity 
     incident, including the specific election systems believed to 
     have been accessed and information acquired; and
       (C) planned and implemented technical measures to respond 
     to and recover from the incident; and
       (2) shall be updated with additional material information, 
     including technical data, as it becomes available.
       (l) Security Clearance.--Not later than 30 days after the 
     date of enactment of this Act, the Secretary--
       (1) shall establish an expedited process for providing 
     appropriate security clearance to State election officials 
     and designated technical personnel employed by State election 
     agencies;
       (2) shall establish an expedited process for providing 
     appropriate security clearance to members of the Commission 
     and designated technical personnel employed by the 
     Commission; and
       (3) shall establish a process for providing appropriate 
     security clearance to personnel at other election agencies.
       (m) Protection From Liability.--Nothing in this subtitle 
     may be construed to provide a cause of action against a 
     State, unit of local government, or an election service 
     provider.
       (n) Assessment of Inter-state Information Sharing About 
     Election Cybersecurity.--
       (1) In general.--The Secretary and the Chairman, in 
     coordination with the heads of the appropriate Federal 
     entities and appropriate officials of State and local 
     governments, shall conduct an assessment of--
       (A) the structure and functioning of the Multi-State 
     Information Sharing and Analysis Center for purposes of 
     election cybersecurity; and
       (B) other mechanisms for inter-state information sharing 
     about election cybersecurity.
       (2) Comment from election agencies.--In carrying out the 
     assessment required under paragraph (1), the Secretary and 
     the Chairman shall solicit and consider comments from all 
     State election agencies.
       (3) Distribution.--The Secretary and the Chairman shall 
     jointly issue the assessment required under paragraph (1) 
     to--
       (A) all election agencies known to the Department and the 
     Commission; and
       (B) the appropriate congressional committees.
       (o) Congressional Notification.--
       (1) In general.--If an appropriate Federal entity has 
     reason to believe that a significant election cybersecurity 
     incident has occurred, the entity shall--
       (A) not later than 7 calendar days after the date on which 
     there is a reasonable basis to conclude that the significant 
     incident has occurred, provide notification of the incident 
     to the appropriate congressional committees; and
       (B) update the initial notification under paragraph (1) 
     within a reasonable period of time after additional 
     information relating to the incident is discovered.
       (2) Reporting threshold.--The Secretary shall--
       (A) promulgate a uniform definition of a ``significant 
     election cybersecurity incident''; and
       (B) shall submit the definition promulgated under 
     subparagraph (A) to the appropriate congressional committees.

     SEC. ____4. ELECTION SECURITY AND ELECTION AUDIT GUIDELINES.

       (a) Development by Technical Advisory Board.--
       (1) In general.--
       (A) Additional duties.--Section 221(b)(1) of the Help 
     America Vote Act of 2002 (52 U.S.C. 20961(b)(2)) is amended 
     by striking ``in the development of the voluntary voting 
     system guidelines'' and inserting ``in the development of--
       ``(A) the voluntary voting system guidelines;
       ``(B) the election security guidelines in accordance with 
     paragraph (3); and
       ``(C) the election audit guidelines in accordance with 
     paragraph (4).''.
       (B) Conforming amendments.--Sections 202(1) and 207(3) of 
     the Help America Vote Act of 2002 (52 U.S.C. 20922(1) and 
     20927(3)) are each amended by striking ``voting system''.
       (2) Additional membership and renaming of technical 
     guidelines development committee.--
       (A) Additional membership.--Section 221(c)(1) of the Help 
     America Vote Act of 2002 (52 U.S.C. 20961(c)(1)) is amended--
       (i) by striking ``14'' and inserting ``18''; and
       (ii) by redesignating subparagraph (E) as subparagraph (I) 
     and by inserting after subparagraph (D) the following new 
     subparagraphs:
       ``(E) A representative of the Department of Homeland 
     Security.
       ``(F) A representative of the Election Infrastructure 
     Information Sharing and Analysis Center.
       ``(G) A representative of the National Association of State 
     Chief Information Officers.
       ``(H) A representative of State election information 
     technology directors selected by the National Association of 
     Secretaries of State.''.
       (B) Renaming of committee.--
       (i) In general.--Section 221(a) of the Help America Vote 
     Act of 2002 (52 U.S.C. 20961(a)) is amended by striking 
     ``Technical Guidelines Development Committee (hereafter in 
     this part referred to as the `Development Committee')'' and 
     inserting ``Technical Advisory Board''.
       (ii) Conforming amendments.--

       (I) Section 201 of such Act (52 U.S.C. 20921) is amended by 
     striking ``Technical Guidelines Development Committee'' and 
     inserting ``Technical Advisory Board''.
       (II) Section 221 of such Act (52 U.S.C. 20921) is amended 
     by striking ``Development Committee'' each place it appears 
     and inserting ``Technical Advisory Board''.
       (III) Section 222(b) of such Act (52 U.S.C. 20962(b)) is 
     amended--

       (aa) by striking ``Technical Guidelines Development 
     Committee'' in paragraph (1) and inserting ``Technical 
     Advisory Board'',
       (bb) by striking ``Development Committee'' in the heading 
     and inserting ``Technical Advisory Board'', and

       (IV) Section 271(e) of such Act (52 U.S.C. 21041(e)) is 
     amended by striking ``Technical Guidelines Development 
     Committee'' and inserting ``Technical Advisory Board''.
       (V) Section 281(d) of such Act (52 U.S.C. 21051(d)) is 
     amended by striking ``Technical Guidelines Development 
     Committee'' and inserting ``Technical Advisory Board''.
       (VI) The heading for section 221 of such Act (52 U.S.C. 
     20961) is amended by striking ``technical guidelines 
     development committee'' and inserting ``technical advisory 
     board''.

[[Page S3331]]

       (VII) The heading for part 3 of subtitle A of title II of 
     such Act is amended by striking ``technical guidelines 
     development committee'' and inserting ``technical advisory 
     board''.
       (VIII) The items relating to section 221 and part 3 of 
     title II in the table of contents of such Act are each 
     amended by striking ``Technical Guidelines Development 
     Committee'' and inserting ``Technical Advisory Board''.

       (b) Guidelines.--
       (1) Election security guidelines.--Section 221(b) of the 
     Help America Vote Act of 2002 (52 U.S.C. 20961(b)) is amended 
     by adding at the end the following new paragraph:
       ``(3) Election security guidelines.--
       ``(A) In general.--The election security guidelines shall 
     contain guidelines for election cybersecurity, including 
     standards for procuring, maintaining, testing, operating, and 
     updating election systems.
       ``(B) Requirements.--In developing the guidelines, the 
     Technical Advisory Board shall--
       ``(i) identify the top risks to election systems;
       ``(ii) describe how specific technology choices can 
     increase or decrease those risks; and
       ``(iii) provide recommended policies, best practices, and 
     overall security strategies for identifying, protecting 
     against, detecting, responding to, and recovering from the 
     risks identified under subparagraph (A).
       ``(C) Issues considered.--
       ``(i) In general.--In developing the election security 
     guidelines, the Technical Advisory Board shall consider--

       ``(I) applying established cybersecurity best practices to 
     Federal election administration by States and local 
     governments, including appropriate technologies, procedures, 
     and personnel for identifying, protecting against, detecting, 
     responding to, and recovering from cybersecurity events;
       ``(II) providing actionable guidance to election agencies 
     that seek to implement additional cybersecurity protections; 
     and
       ``(III) any other factors that the Technical Advisory Board 
     determines to be relevant.

       ``(D) Relationship to voluntary voting system guidelines 
     and national institute of standards and technology 
     cybersecurity guidance.--In developing the election security 
     guidelines, the Technical Advisory Board shall consider--
       ``(i) the voluntary voting system guidelines; and
       ``(ii) cybersecurity standards and best practices developed 
     by the National Institute of Standards and Technology, 
     including frameworks, consistent with section 2(c) of the 
     National Institute of Standards and Technology Act (15 U.S.C. 
     272(c)).''.
       (2) Audit guidelines.--Section 221(b) of such Act (52 
     U.S.C. 20961(b)), as amended by paragraph (1), is amended by 
     adding at the end the following new paragraph:
       ``(4) Election audit guidelines.--
       ``(A) In general.--The election audit guidelines shall 
     include provisions regarding voting systems and statistical 
     audits for Federal elections, including that--
       ``(i) each vote is cast using a voting system that allows 
     the voter an opportunity to inspect and confirm the marked 
     ballot before casting it (consistent with accessibility 
     requirements); and
       ``(ii) each election result is determined by tabulating 
     marked ballots (by hand or device), and prior to the date on 
     which the winning Federal candidate in the election is sworn 
     into office, election agencies within the State inspect (by 
     hand and not by device) a random sample of the marked ballots 
     and thereby establish high statistical confidence in the 
     election result.
       ``(B) Issues considered.--In developing the election audit 
     guidelines, the Technical Advisory Board shall consider--
       ``(i) specific types of election audits, including 
     procedures and shortcomings for such audits;
       ``(ii) mechanisms to verify that election systems 
     accurately tabulate ballots, report results, and identify a 
     winner for each election for Federal office, even if there is 
     an error or fault in the voting system;
       ``(iii) durational requirements needed to facilitate 
     election audits in a timely manner that allows for confidence 
     in the outcome of the election prior to the swearing-in of a 
     Federal candidate, including variations in the acceptance of 
     postal ballots, time allowed to cure provisional ballots, and 
     election certification deadlines;
       ``(iv) how the guidelines could assist other components of 
     State and local governments; and
       ``(v) any other factors that the Technical Advisory Board 
     to be relevant.''.
       (3) Deadlines.--Section 221(b)(2) of such Act (52 U.S.C. 
     20961(b)(2)) is amended--
       (A) by striking ``The Development'' and inserting the 
     following:
       ``(A) Voluntary voting system guidelines.--The 
     Development'';
       (B) by striking ``this section'' and inserting ``paragraph 
     (1)(A)''; and
       (C) by adding at the end the following new subparagraph:
       ``(B) Election security and election audit guidelines.--
       ``(i) Initial guidelines.--The Technical Advisory Board 
     shall provide its initial set of recommendations under 
     subparagraphs (B) and (C) of paragraph (1) to the Executive 
     Director not later than 180 days after the date of the 
     enactment of the Secure Elections Act.
       ``(ii) Periodic review.--Not later than January 31, 2020, 
     and once every 2 years thereafter, the Technical Advisory 
     Board shall review and update the guidelines described in 
     subparagraphs (B) and (C) of paragraph (1).''.
       (c) Process for Adoption.--
       (1) Publication of recommendations.--Section 221(f) of the 
     Help America Vote Act of 2002 (52 U.S.C. 20961(f)) is 
     amended--
       (A) by striking ``At the time the Commission'' and 
     inserting the following:
       ``(1) Voluntary voting system guidelines.--At the time the 
     Commission''; and.
       (B) by adding at the end the following new paragraph:
       ``(2) Election security and election audit guidelines.--The 
     Technical Advisory Board shall--
       ``(A) provide a reasonable opportunity for public comment, 
     including through Commission publication in the Federal 
     Register, on the guidelines required under subparagraphs (B) 
     and (C) of subsection (b)(1), including a 45-day opportunity 
     for public comment on a draft of the guidelines before they 
     are submitted to Congress under section 223(a), which shall, 
     to the extent practicable, occur concurrently with the other 
     activities of the Technical Advisory Board under this section 
     with respect to such guidelines; and
       ``(B) consider the public comments in developing the 
     guidelines.''.
       (2) Adoption.--
       (A) In general.--Part 3 of subtitle A of title II of the 
     Help America Vote Act of 2002 (52 U.S.C. 20961 et seq.) is 
     amended--
       (i) by inserting ``of voluntary voting guidelines'' after 
     ``adoption'' in the heading of section 222; and
       (ii) by adding at the end the following new section:

     ``SEC. 223. PROCESS FOR ADOPTION OF ELECTION SECURITY AND 
                   ELECTION AUDIT GUIDELINES.

       ``(a) Submission to Congress.--
       ``(1) In general.--Not later than 14 calendar days after 
     the date on which the Commission receives recommendations for 
     the guidelines required described in subparagraphs (B) and 
     (C) of section 221(b)(1), the Commission shall submit the 
     guidelines to the appropriate congressional committees.
       ``(2) Modification.--The Commission may modify the 
     guidelines in advance of submission to Congress if--
       ``(A) the Commission determines that there is good cause to 
     modify the guidelines, consistent with the considerations 
     established in paragraphs (3) or (4) of section 221(b) (as 
     the case may be) and notwithstanding the recommendation of 
     the Technical Advisory Board; and
       ``(B) the Commission submits a written justification of the 
     modification to the Technical Advisory Board and the 
     appropriate congressional committees.
       ``(b) Distribution to Election Agencies.--The Commission 
     shall distribute the guidelines described in subparagraphs 
     (B) and (C) of section 221(b)(1) (b) to all election agencies 
     known to the Commission.
       ``(c) Publication.--The Commission shall make the 
     guidelines described in subparagraphs (B) and (C) of section 
     221(b)(1) (b) available on the public website of the 
     Commission.
       ``(d) Appropriate Congressional Committees.--For purposes 
     of this section, the term `appropriate congressional 
     committees' means--
       ``(1) the Committee on Rules and Administration, the 
     Committee on Armed Services, the Committee on Homeland 
     Security and Governmental Affairs, the Committee on 
     Appropriations, the Select Committee on Intelligence, the 
     majority leader, and the minority leader of the Senate; and
       ``(2) the Committee on House Administration, the Committee 
     on Armed Services, the Committee on Homeland Security, the 
     Committee on Appropriations, the Permanent Select Committee 
     on Intelligence, the Speaker, and the minority leader of the 
     House of Representatives.
       ``(e) Rule of Construction.--Nothing in this section shall 
     be construed to subject the process for developing the 
     guidelines described in subparagraphs (B) and (C) of section 
     221(b)(1) to subchapter II of chapter 5, and chapter 7, of 
     title 5, United States Code (commonly known as the 
     `Administrative Procedure Act').''.
       (B) Clerical amendment.--The table of contents of such Act 
     is amended by inserting after the item relating to section 
     222 the following new item:

``Sec. 223. Process for adoption of election security and election 
              audit guidelines.''.

     SEC. ____5. REQUIREMENT TO CONDUCT POST-ELECTION AUDITS.

       (a) Requirement.--
       (1) In general.--Subtitle A of title III of the Help 
     America Vote Act of 2002 (52 U.S.C. 21081 et seq.) is 
     amended--
       (A) by redesignating sections 304 and 305 as sections 305 
     and 306, respectively; and
       (B) by inserting after section 303 the following new 
     section:

     ``SEC. 304. POST-ELECTION AUDITS.

       ``(a) In General.--Each State and jurisdiction shall--
       ``(1) conduct a post-election audit of each election for 
     Federal office through the inspection of a random sample of 
     marked ballots of sufficient quantity to establish high 
     statistical confidence in the election result; and
       ``(2) provide reports to the Election Assistance Commission 
     on the details of the audits conducted under paragraph (1).
       ``(b) Time for Completing Audit.--The audit required by 
     subsection (a) shall be

[[Page S3332]]

     completed in a timely manner to ensure confiedence in the 
     outcome of the election and before the date on which the 
     winning candidate in the election is sworn into office.
       ``(c) Effective Date.--
       ``(1) In general.--Except as provided in subparagraph (B), 
     each State and jurisdiction shall be required to comply with 
     the requirements of this section for the regularly scheduled 
     general election for Federal office held in November 2020, 
     and each subsequent election for Federal office.
       ``(2) Waiver.--If a State or jurisdiction certifies to the 
     Commission not later than November 1, 2020, that the State or 
     jurisdiction will not meet the deadline described in 
     subparagraph (A) for good cause and includes in the 
     certification the reasons for the failure to meet such 
     deadline, subparagraph (A) shall apply to the State or 
     jurisdiction as if the reference in such subparagraph to 
     `November 2020' were a reference to `November 2022'.''.
       (2) Clerical amendment.--The table of contents of such Act 
     is amended--
       (A) by redesignating the items relating to sections 304 and 
     305 as relating to sections 305 and 306, respectively; and
       (B) by inserting after the item relating to section 303 the 
     following new item:

``Sec. 304. Post-election audits.''.

       (b) Reporting.--The Election Assistance Commission shall 
     submit reports to Congress on the information provided to the 
     Commission under section 304(a)(2) of the Help America Vote 
     Act of 2002, as added by subsection (a). Such reports shall 
     be submitted concurrently with the reports required under 
     section 9(a)(3) of the National Voter Registration Act of 
     1993.

     SEC. ____6. REPORTS TO CONGRESS ON FOREIGN THREATS TO 
                   ELECTIONS.

       (a) In General.--Not later than 30 days after the date of 
     enactment of this Act, and 30 days after the end of each 
     fiscal year thereafter, the Secretary and the Director of 
     National Intelligence, in coordination with the heads of the 
     appropriate Federal entities, shall submit a joint report to 
     the appropriate congressional committees on foreign threats 
     to elections in the United States, including physical and 
     cybersecurity threats.
       (b) Voluntary Participation by States.--The Secretary shall 
     solicit and consider comments from all State election 
     agencies. Participation by an election agency in the report 
     under this subsection shall be voluntary and at the 
     discretion of the State.
                                 ______