S257 - Appropriations Act of 2017. (SL 2017-57)

Overview: Section 37.9 of S.L. 2017-57 requires the Department of Information Technology to conduct a risk and vulnerability assessment with each agency that has transferred its personnel, operations, assets, projects, and funding to the Department of Information Technology. The assessment must consider: (1) the existing network infrastructure and configuration, (2) publicly available information and data accessible via agency Web sites, (3) an inventory of all agency hardware, operating systems, and network management systems, (4) an inventory of all applications, data storage devices and systems, and identification and authentication measures, (5) existing security systems and components, (6) network application processes and formal and informal policies, procedures, and guidelines, and (7) all applicable laws, regulations, and industry best practices. The sum of $2 million from the Information Technology Reserve Fund will be used to conduct the assessment.

This section became effective July 1, 2017.