Regulatory mapping

NxtAssets for compliance

Election administrators operate under a layered regulatory framework that mandates strict chain of custody, tamper-evident seal management, real-time tracking, and immutable records. Here's how NxtAssets maps to each obligation — citation by citation.

The frameworks NxtAssets addresses

Selected compliance crosswalk

A sample of mandate-to-capability mappings. The full matrix is in the compliance page and the downloadable Compliance Matrix PDF.

CitationWhat it requiresHow NxtAssets addresses it
TEC §129.051(a) Maintain inventory of all electronic information storage media. Central asset registry with multiple identifier types per asset. Scales to tens of thousands of assets per county.
TEC §129.051(b) Track custody from storage through coding, election, return. Two or more individuals at each transfer. Chain-of-custody module with dual-signature capture, GPS, timestamps, and tamper-proof logging.
TEC §129.024(a) Seal test materials; custodian and two board members sign. Workflow-enforced seal application with multi-party sign-off. Seal serial numbers captured per container.
TEC §127.064 Ballot box seals must be serially numbered. Serialized seal registry with barcode scanning.
TEC §66.058 Preserve precinct records for 22 months. Tamper-proof records with configurable retention aligned to statutory minimums; retention can't be shortened.
EAC Chain of Custody (2021) At least two signatures on each custody transfer. Detailed description, date/time, location, signatures. All EAC-recommended data points captured automatically; dual-party requirement enforced by workflow.
CISA CoC — Identify Inventory all systems, devices, software, data, people. Log transactions and access. Multi-identifier inventory, continuous activity logging, dashboards surface gaps in real time.
CISA CoC — Detect Develop activities to identify chain-of-custody breaches. Geo-fence alerts, seal-break detection, work order discrepancy alerts, anomaly dashboards.

See the full matrix →

What "workflow-enforced" means for an audit

The usual compliance question is "did the procedure happen?" NxtAssets answers a different question: "could the procedure not happen?" Because the seal application step, the dual-signature step, the chain-of-custody event — these are not suggestions or checklist items. They are states in a workflow that cannot advance without them. A voting machine does not reach "Ready for Delivery" until its seal is applied and logged. A handoff is not marked complete until both parties have signed.

That distinction matters during audits. The record does not show a procedure followed despite an opportunity to skip it. It shows there was no opportunity to skip it.

Public records posture

NxtAssets produces predefined customizable reports exportable as CSV, document-formatted reports via Word templates, and a natural-language query tool for ad-hoc reporting. The underlying records are tamper-proof — configurable retention keeps them available through the required preservation period, and they cannot be quietly edited in the interim.

Next step