The department said this week that 17 states have gotten or soon will get so-called risk and vulnerability assessments of their election systems, a weekslong evaluation that is the government’s most thorough cybersecurity check. Before November 2016, only one state had been assessed.

The department conducts less intensive weekly “cyberhygiene” scans of election systems in 33 states. And it has granted federal security clearances to about 30 state election officials, removing at least some of the barriers to sharing information about future threats to election security.

Lawmakers also succeeded in getting $380 million in a large spending bill in March for grants to states to improve their election infrastructure and bolster election security.

The committee released a list of recommendations in late March to help secure American voting systems ahead of the midterm elections. Those recommendations included the adoption of voting machines with paper ballot backups to replace paperless or otherwise outdated ones, instituting routine vote audits and updating software systems. The senators also urged the Trump administration at the time to send a clearer message that it would not tolerate attacks on any election systems or the democratic process.

In a public hearing the next day, senators pressed homeland security officials to move faster in enforcing key security measures such as the granting of security clearances to state election officials.

The senators also sounded concerns on Tuesday about the shrinking number of voting-machine makers. The three largest vendors of voting equipment dominate the industry, and both the companies and their subcontractors that serve local election agencies are largely unregulated. That makes them and other vendors “an enticing target for malicious cyberactors,” the Intelligence Committee wrote.

A National Security Agency analysis leaked last June concluded that Russian military intelligence launched a cyberattack on at least one maker of electronic voting equipment during the 2016 campaign, and sent so-called spear-phishing emails days before the general election to 122 local government officials, apparently customers of the manufacturer. The emails concealed a computer script that, when clicked on, “very likely” downloaded a program from an external server that gave the intruders prolonged access to election computers or allowed them to search for valuable data.