NxtAssets for compliance
Election administrators operate under a layered regulatory framework that mandates strict chain of custody, tamper-evident seal management, real-time tracking, and immutable records. Here's how NxtAssets maps to each obligation — citation by citation.
The frameworks NxtAssets addresses
- Texas Election Code — Chapters 66 (precinct records), 125 (equipment prep, polling-place security, closeout), 127 (ballot-box seals, tabulation, CCS program), and 129 (electronic voting system security, access control, seal/test material security).
- Texas Secretary of State — Advisory 2019-23 (secure storage, seal checks during voting, recovery plans) and Advisory 2012-03 (electronic voting system procedures).
- EAC — Chain of Custody Best Practices (2021), Best Practices for Election Technology (Physical Security), and Equipment Disposal Guidance.
- CISA — Chain of Custody and Critical Infrastructure Systems (2021), mapped to the NIST Cybersecurity Framework's five functions: Identify, Protect, Detect, Respond, Recover.
- NIST — CSF alignment across all five functions.
Selected compliance crosswalk
A sample of mandate-to-capability mappings. The full matrix is in the compliance page and the downloadable Compliance Matrix PDF.
| Citation | What it requires | How NxtAssets addresses it |
|---|---|---|
| TEC §129.051(a) | Maintain inventory of all electronic information storage media. | Central asset registry with multiple identifier types per asset. Scales to tens of thousands of assets per county. |
| TEC §129.051(b) | Track custody from storage through coding, election, return. Two or more individuals at each transfer. | Chain-of-custody module with dual-signature capture, GPS, timestamps, and tamper-proof logging. |
| TEC §129.024(a) | Seal test materials; custodian and two board members sign. | Workflow-enforced seal application with multi-party sign-off. Seal serial numbers captured per container. |
| TEC §127.064 | Ballot box seals must be serially numbered. | Serialized seal registry with barcode scanning. |
| TEC §66.058 | Preserve precinct records for 22 months. | Tamper-proof records with configurable retention aligned to statutory minimums; retention can't be shortened. |
| EAC Chain of Custody (2021) | At least two signatures on each custody transfer. Detailed description, date/time, location, signatures. | All EAC-recommended data points captured automatically; dual-party requirement enforced by workflow. |
| CISA CoC — Identify | Inventory all systems, devices, software, data, people. Log transactions and access. | Multi-identifier inventory, continuous activity logging, dashboards surface gaps in real time. |
| CISA CoC — Detect | Develop activities to identify chain-of-custody breaches. | Geo-fence alerts, seal-break detection, work order discrepancy alerts, anomaly dashboards. |
What "workflow-enforced" means for an audit
The usual compliance question is "did the procedure happen?" NxtAssets answers a different question: "could the procedure not happen?" Because the seal application step, the dual-signature step, the chain-of-custody event — these are not suggestions or checklist items. They are states in a workflow that cannot advance without them. A voting machine does not reach "Ready for Delivery" until its seal is applied and logged. A handoff is not marked complete until both parties have signed.
That distinction matters during audits. The record does not show a procedure followed despite an opportunity to skip it. It shows there was no opportunity to skip it.
NxtAssets produces predefined customizable reports exportable as CSV, document-formatted reports via Word templates, and a natural-language query tool for ad-hoc reporting. The underlying records are tamper-proof — configurable retention keeps them available through the required preservation period, and they cannot be quietly edited in the interim.