Daily bulletin [2019 : April 25]

Title

Daily bulletin [2019 : April 25]

Date

April 25 2019

Place

["North Carolina, United States"]

4/25/2019 The Daily Bulletin: 2019-04-25 | Legislative Reporting Service И UNC SCHOOL OF GOVERNMENT The Daily Bulletin: 2019-04-25 PUBLIC/HOUSE BILLS H 2 1 7 (20 1 9-2020) DIT CHANGES.- AB Filed Feb 27 20 1 9, AN A CT TO MAKE MISCELLANEOUS AND TECHNICAL CHANGES TO THE STATUTES RELATING TO THE DEPARTMENT OF INFORMATION TECHNOLOGY: AMEND VARIOUS STATUTES RELATING TO STA ТЕ AGENCY CYBERSECURITY: AND AMEND VARIOUS STA TUTES RELA TING TO THE EMERGENCY TELEPHONE SERVICE AND THE 911 BOARD. House committee substitute makes the following changes to the 1st edition. Deletes the proposed changes to GS 1 43B-1 353, which prohibits financial interest of officers within the Department of Information Technology (Department) in sources of infonnation technology supply. Instead, deletes all of the existing language and establishes that the provisions of GS 133-32. which regulates gifts and favors of public works contractors, apply to all Department employees. Adds the following provisions. Section 6 Amends GS 143B-1322 and GS 166A-19.12 to require the State Chief Information Officer (State CIO) and the Division of Emergency Management to coordinate to manage statewide response to cybersecurity incidents and significant cybersecurity incidents, as defined. Additionally requires the Division of Emergency management to coordinate with the Adjutant General, and specifically directs the Division to develop and promulgate necessary policies, plans, and procedures for cybersecurity and critical infrastructure protection, and to annually review, update, and test cyber incident response plans and procedures. Adds to GS 143B-1321 to require that confidentiality be kept for infonuation technology information that is protected from public disclosure under GS 132-6.1 (c), including but not limited to specified examples provided. Amends GS 1 43B-1 320 to eliminate the defined terms infonnation technology security incident and security incident. Adds the tenn cybersecurity incident and defines the tenn to mean an occurrence that either ( 1 ) actually or imminently jeopardizes, without lawful authority, the integrity, confidentiality, or availability of information or an information system, or (2) constitutes a violation or imminent threat of violation of law, security policies, privacy policies, security procedures, or acceptable use policies. Adds the term significant cybersecurity incident and defines the term to mean a cybersecurity incident that is likely to result in demonstrable harm to the State's security interests, economy, critical infrastructure, or to the public confidence, civil liberties, or public health and safety of residents. Provides factors for determining significant cybersecurity incidents. Makes conforming changes throughout Article 1 5. Department of Information Technology. Amends GS 1 43B-1 379 to modify and add to the infonnation all principal department heads and Council of State agency heads must provide to the State CIO. Now includes the full details of all of the agency's significant cybersecurity incidents within 24 hours of conformation; comprehensive information concerning the information technology security employed to protect the agency's data, including documentation and reporting of remedial or corrective action plans to address any deficiencies in the infonnation security policies, procedures, and practices of the State agency; and a forecast of the parameters of the agency's projected future cybersecurity and privacy needs and capabilities. Additionally requires the department and agency heads to complete mandatory annual security awareness training and reporting compliance for all personnel, including contractors and other users of state information technology systems. Adds a new requirement for county and municipal governments to report cybersecurity incidents to the Department. Provides that the information reported is protected from public disclosure. Additionally, encourages private sector entities to report cybersecurity incidents to the Department. Expands GS 143B-1376 to charge the State CTO with the responsibility for the security and privacy (was only the security) of all State information technology systems and associated data. Makes conforming changes. Adds that the State CIO must ensure that agencies are periodically testing and evaluating information security controls and techniques for effective implementation. https://lrs.sog.unc.edU/lrs-subscr-view/dailybulletin/2019-04-25# 1/44

Document Details

Title

Daily bulletin [2019 : April 25]

Other Title

Daily bulletin : actions by the North Carolina General Assembly

Serial Title

["Daily bulletin: UNC School of Government"]

Title Replaces

Daily bulletin (University of North Carolina (1793-1962). Institute of Government)

Date

April 25 2019

Contributor

["University of North Carolina at Chapel Hill. Institute of Government.","North Carolina. General Assembly."]

Agency-Current

["University of North Carolina at Chapel Hill, University of North Carolina (System)"]

Publisher

Legislative Reporting Service, UNC School of Government

Rights

Users are responsible for determining the legal status of and securing any permissions necessary to distribute, reproduce, or make other use of this item.

Description

A digest of actions by the North Carolina General Assembly for April 25, 2019

Subject

["Legislation--North Carolina--Periodicals","North Carolina--Politics and government--1951-"]

Place

["North Carolina, United States"]

Time Period

["(1990-current) Contemporary"]

Digital Collections

["Daily Bulletin","North Carolina Digital State Publications Collection"]

Physical Characteristics

1 online resource (1 volume)

Format

["Summaries","Bulletins"]

Hosted By

["State Library of North Carolina"]

OCLC Number

4511542

Identifier

pubs_serial_4511542_daily20190425.pdf

Document Details

Image Details

Document Details

Image Details