This bill amends various sections of the Idaho Code to enhance cybersecurity measures within state government. It revises Section 67-827A to clarify the powers and duties of the Office of Information Technology Services, including the requirement to implement cybersecurity best practices and the use of multifactor identification for accessing information technology devices and services. The bill also introduces a new definition for "multifactor identification," which involves using two or more different types of identification credentials for authentication. Additionally, it mandates that all state agencies implement and maintain cybersecurity best practices.

Furthermore, the bill adds a new section, 67-2362, which requires the legislative and judicial branches, as well as elected constitutional officers and their staffs, to utilize multifactor identification for accessing various information technology resources. The bill includes technical corrections and updates to ensure clarity and compliance with the new cybersecurity requirements. An emergency clause is included, establishing that the act will take effect on July 1, 2025.

Statutes affected:
Bill Text: 67-827A, 67-831