| 1 | 1 | | 85R11614 YDB-D |
|---|
| 2 | 2 | | By: Blanco H.B. No. 2192 |
|---|
| 3 | 3 | | |
|---|
| 4 | 4 | | |
|---|
| 5 | 5 | | A BILL TO BE ENTITLED |
|---|
| 6 | 6 | | AN ACT |
|---|
| 7 | 7 | | relating to comprehensive information security assessments on |
|---|
| 8 | 8 | | state agency information resources and network systems and digital |
|---|
| 9 | 9 | | data storage and security. |
|---|
| 10 | 10 | | BE IT ENACTED BY THE LEGISLATURE OF THE STATE OF TEXAS: |
|---|
| 11 | 11 | | SECTION 1. Subchapter F, Chapter 2054, Government Code, is |
|---|
| 12 | 12 | | amended by adding Section 2054.136 to read as follows: |
|---|
| 13 | 13 | | Sec. 2054.136. FIVE-YEAR AGENCY INFORMATION SECURITY |
|---|
| 14 | 14 | | ASSESSMENT AND REPORT. (a) At least once every five years, a state |
|---|
| 15 | 15 | | agency shall conduct a comprehensive information security |
|---|
| 16 | 16 | | assessment of the agency's information resources systems, network |
|---|
| 17 | 17 | | systems, digital data storage systems, digital data security |
|---|
| 18 | 18 | | measures, and information resources vulnerabilities. |
|---|
| 19 | 19 | | (b) Not later than December 1 of the year in which a state |
|---|
| 20 | 20 | | agency conducts the information security assessment required under |
|---|
| 21 | 21 | | Subsection (a), the agency shall report the results of the study to |
|---|
| 22 | 22 | | the department, the governor, the lieutenant governor, and the |
|---|
| 23 | 23 | | speaker of the house of representatives. |
|---|
| 24 | 24 | | (c) The department by rule may establish the requirements |
|---|
| 25 | 25 | | for the information security assessment and report required by this |
|---|
| 26 | 26 | | section. |
|---|
| 27 | 27 | | SECTION 2. This Act takes effect September 1, 2017. |
|---|