1.  Any records of the Secretary of State or a county or city clerk that relate to the security of an information system used for elections are confidential and are not public records pursuant to chapter 239 of NRS. Such records include, without limitation:

(a) Risk assessments;

(b) Vulnerability assessments; and

(c) Any other information that identifies the preparation for or prevention of a threat or attack on an information system used for elections.

2.  The Secretary of State or a county or city clerk shall not disclose any records that are confidential pursuant to this section, except that such records may be provided confidentially to:

(a) Any state agency or local government;

(b) A cybersecurity incident response team appointed pursuant to NRS 480.928; or

(c) Appropriate law enforcement officers or prosecuting attorneys, but only for the purpose of preparing for and mitigating risks to or otherwise protecting the security of elections or as part of a criminal investigation.