The bill mandates the Arizona Department of Homeland Security (AZDOHS) and the Arizona Department of Administration (ADOA) to create comprehensive information technology (IT) standards for state agencies, contractors, and public institutions of higher education. It requires the removal of applications considered security risks, restricts the use of personal electronic devices for state business, and outlines security measures to safeguard sensitive information. State employees must acknowledge their understanding of these standards annually, with disciplinary actions for violations. The bill also clarifies definitions related to state IT standards and establishes new responsibilities for AZDOHS and ADOA.

In contrast to current law, which lacks detailed IT standards and restrictions, this bill introduces specific guidelines for managing state IT infrastructure, including prohibitions on certain communications technologies. It removes previous exceptions for student use of state email addresses and narrows the definition of "state business." The bill allows for exceptions to restrictions for law enforcement and specific business needs, requiring reporting to AZDOHS. Overall, the bill aims to enhance cybersecurity and impose stricter controls over technology use in state operations, particularly concerning applications linked to national security concerns.

Statutes affected:
Introduced Version: 5-838
House Engrossed Version: 18-105