1-1 AN ACT
1-2 relating to reports on the extent to which the computer technology
1-3 and electronically stored information of a state agency or a state
1-4 contractor are vulnerable to unauthorized access or harm.
1-5 BE IT ENACTED BY THE LEGISLATURE OF THE STATE OF TEXAS:
1-6 SECTION 1. Subchapter D, Chapter 2054, Government Code, is
1-7 amended by adding Section 2054.077 to read as follows:
1-8 Sec. 2054.077. VULNERABILITY REPORTS. (a) In this section,
1-9 a term defined by Section 33.01, Penal Code, has the meaning
1-10 assigned by that section.
1-11 (b) The information resources manager of a state agency may
1-12 prepare or have prepared a report assessing the extent to which a
1-13 computer, a computer program, a computer network, a computer
1-14 system, computer software, or data processing of the agency or of a
1-15 contractor of the agency is vulnerable to unauthorized access or
1-16 harm, including the extent to which the agency's or contractor's
1-17 electronically stored information is vulnerable to alteration,
1-18 damage, or erasure.
1-19 (c) Except as provided by this section, a vulnerability
1-20 report and any information or communication prepared or maintained
1-21 for use in the preparation of a vulnerability report is
1-22 confidential and is not subject to disclosure under Chapter 552.
1-23 (d) On request, the information resources manager shall
1-24 provide a copy of the vulnerability report to:
2-1 (1) the department;
2-2 (2) the state auditor; and
2-3 (3) any other information technology security
2-4 oversight group specifically authorized by the legislature to
2-5 receive the report.
2-6 (e) A state agency whose information resources manager has
2-7 prepared or has had prepared a vulnerability report shall prepare a
2-8 summary of the report that does not contain any information the
2-9 release of which might compromise the security of the state
2-10 agency's or state agency contractor's computers, computer programs,
2-11 computer networks, computer systems, computer software, data
2-12 processing, or electronically stored information. The summary is
2-13 available to the public on request.
2-14 SECTION 2. Section 2054.006(a), Government Code, is amended
2-15 to read as follows:
2-16 (a) Except as specifically provided by this chapter, this
2-17 [This] chapter does not affect laws, rules, or decisions relating
2-18 to the confidentiality or privileged status of categories of
2-19 information or communications.
2-20 SECTION 3. This Act takes effect immediately if it receives
2-21 a vote of two-thirds of all the members elected to each house, as
2-22 provided by Section 39, Article III, Texas Constitution. If this
2-23 Act does not receive the vote necessary for immediate effect, this
2-24 Act takes effect September 1, 2001.
_______________________________ _______________________________
President of the Senate Speaker of the House
I certify that H.B. No. 249 was passed by the House on May 4,
2001, by the following vote: Yeas 128, Nays 0, 1 present, not
voting.
_______________________________
Chief Clerk of the House
I certify that H.B. No. 249 was passed by the Senate on May
22, 2001, by the following vote: Yeas 30, Nays 0, 1 present, not
voting.
_______________________________
Secretary of the Senate
APPROVED: __________________________
Date
__________________________
Governor