|
House Bill 1830 |
House Author: Corte et al. |
|
Effective: 9-1-09 |
Senate Sponsor: Ellis |
House Bill 1830 amends the Government Code to authorize the Department of Information Resources (DIR) to obtain from the Department of Public Safety or the identification division of the Federal Bureau of Investigation the criminal history record information of a person who provides network security services and who is an employee, applicant for employment, contractor, subcontractor, intern, or other volunteer with the DIR or with a contractor or subcontractor for the DIR. The bill sets forth the circumstances under which the information can be released or obtained and when information is required to be destroyed. The DIR is added to the list of state entities to which a criminal justice agency may disclose criminal history record information that is subject to an order of nondisclosure. The DIR may not obtain criminal history record information under these provisions unless it adopts policies and procedures that meet certain criteria relating to the use of the information in hiring decisions.
House Bill 1830 provides that the law pertaining to open meetings does not require the governing board of the DIR to conduct an open meeting to deliberate security assessments or deployments relating to information resource technology, network security information, or the deployment, or specific occasions for implementation, of security personnel, critical infrastructure, or security devices.
House Bill 1830 expands the items of confidential network security information that are exempt from public access. The bill authorizes information of a confidential nature described in the bill to be disclosed to a bidder if the governmental body determines that providing the information is necessary for the bidder to provide an accurate bid.
House Bill 1830 authorizes the information resources manager of a state agency to prepare or have prepared an executive summary of the findings of a report assessing the extent to which an interface to a computer system, among other electronic devices, is vulnerable to unauthorized access or harm, including the extent to which the agency's or contractor's electronically stored information is vulnerable to inappropriate use. The bill lists the individuals and departments to which an electronic copy of the vulnerability report is to be provided upon its completion. Previous law required the report to be provided on request.
House Bill 1830 requires the DIR to adopt rules requiring, in state agency contracts for network hardware and software, a statement by the vendor certifying that the network hardware or software, as applicable, has undergone independent certification testing for known and relevant vulnerabilities.