88R11862 YDB-D
	By: Parker	S.B. No. 2358

	A BILL TO BE ENTITLED
	AN ACT
	relating to security procedures for digital applications that pose
	a network security risk to state agencies.
	BE IT ENACTED BY THE LEGISLATURE OF THE STATE OF TEXAS:
	SECTION 1.  Chapter 2054, Government Code, is amended by
	adding Subchapter S to read as follows:
	SUBCHAPTER S. DIGITAL APPLICATION SECURITY PROCEDURES
	Sec. 2054.621.  DEFINITIONS. In this subchapter:
	(1)  "Digital application" means an Internet website or
	application that is open to the public, allows a user to create an
	account, and enables a user to communicate with other users by
	posting information, comments, messages, images, or video. The
	term does not include:
	(A)  an Internet service provider, as defined by
	Section 324.055, Business & Commerce Code;
	(B)  e-mail; or
	(C)  an online service, application, or Internet
	website:
	(i)  that consists primarily of news,
	sports, entertainment, or other content preselected by the provider
	that is not user generated; and
	(ii)  for which any chat, comment, or
	interactive functionality is incidental to, directly related to, or
	dependent on provision of the content described by Subparagraph
	(i).
	(2)  "Network security" has the meaning assigned by
	Section 2059.001.
	(3)  "User" means a person who posts, uploads,
	transmits, shares, or otherwise publishes or receives content
	through a digital application.
	Sec. 2054.622.  DIGITAL APPLICATION SECURITY RISK LIST. The
	department shall:
	(1)  compile, maintain, and annually update a list of
	digital applications that create a network security risk to state
	agencies;
	(2)  limit or prohibit the placement and use of digital
	applications on the list under Subdivision (1) on:
	(A)  state-owned cell phones, computers, and
	other communication devices; and
	(B)  personal communication devices of state
	agency employees that are used in the agency's office or other
	workplace; and
	(3)  post the list under Subdivision (1) on a publicly
	accessible web page on the department's Internet website.
	Sec. 2054.623.  DIGITAL APPLICATION SECURITY MODEL POLICY
	FOR STATE AGENCIES. The department shall develop, maintain, and
	periodically update a model policy for state agencies to use under
	Section 2054.624 in limiting or prohibiting the placement and use
	on communication devices of the digital applications included on
	the list compiled under Section 2054.622.
	Sec. 2054.624.  STATE AGENCY DIGITAL APPLICATION SECURITY
	POLICY. (a) Each state agency shall develop, implement, and
	periodically update a policy limiting or prohibiting the placement
	and use of digital applications included on the list compiled under
	Section 2054.622 on:
	(1)  state-owned cell phones, computers, and other
	communication devices; and
	(2)  personal communication devices of state agency
	employees that are used in the agency's office or other workplace.
	(b)  Each state agency shall submit to the department a copy
	of the policy required under Subsection (a) and updates to the
	policy.
	(c)  The department:
	(1)  may offer recommendations for improvements to
	submitted policies;
	(2)  shall retain each copy and update submitted under
	Subsection (b); and
	(3)  shall notify each member of the legislature and
	the governor when a state agency submits a policy or update.
	Sec. 2054.625.  DISCLOSURE EXEMPTION. The model policy and
	state agency policies developed under this subchapter are exempt
	from disclosure under Chapter 552.
	Sec. 2054.626.  RULEMAKING AUTHORITY. The department may
	adopt rules to implement this subchapter.
	SECTION 2.  (a) As soon as practicable after the effective
	date of this Act, but not later than January 1, 2024, the Department
	of Information Resources shall develop the digital application
	security risk list and model policy as required by Subchapter S,
	Chapter 2054, Government Code, as added by this Act.
	(b)  A state agency is not required to comply with Section
	2054.624, Government Code, as added by this Act, until May 1, 2024.
	SECTION 3.  This Act takes effect September 1, 2023.