The bill would amend Government Code Sec. 2054.068, requiring the Department of Information Resources (DIR) to rate the security maturity of state agencies. It would also authorize DIR to audit agencies with certain ratings and make recommendations for improvements.
The bill would amend Government Code Sec. 2054.0594 to allow, but not require, DIR to establish an interstate information sharing and analysis organization (ISAO) to provide a forum for states to share information regarding cybersecurity threats, best practices, and remediation strategies.
The bill would require DIR to develop guidance on the use of distributed ledger and blockchain technology that includes a framework for deciding if that technology is appropriate for meeting a state agency's needs.
The bill would authorize state agencies and local governments that use the state electronic internet portal to accept peer-to-peer payments. It would also require DIR to identify at least three common peer-to-peer payment systems that provide for data privacy and financial security, and post the list on their website.
The bill would authorize DIR to use appropriated money to market shared technology services to state agencies and local governments.
The bill would modify the use of the Technology Improvement and Modernization Fund so that it could be used to mitigate a breach of system security.
The bill would require state agencies' strategic plans to include a description of customer service technology and a modernization plan that outlines how the agency intends to transition IT and data to a more modern, integrated, secure, and effective technological environment.
It is assumed that any costs associated with the bill could be absorbed using existing resources.
No significant fiscal implication to units of local government is anticipated.