This bill amends various sections of the Idaho Code to enhance cybersecurity measures within state government. It revises Section 67-827A to clarify the powers and duties of the Office of Information Technology Services, including the requirement to implement cybersecurity best practices and the use of multifactor identification for accessing information technology devices and services. The bill also introduces a new section, 67-2362, which mandates the legislative and judicial branches, as well as elected constitutional officers, to adopt multifactor identification for secure access to technology resources.

Additionally, the bill defines "multifactor identification" in Section 67-831, outlining acceptable forms of identification credentials, such as knowledge-based, possession-based, and inherence-based credentials. The amendments aim to strengthen the state's cybersecurity framework by ensuring that all state agencies implement and maintain best practices, while also providing a clear definition of multifactor identification to enhance understanding and compliance. An emergency clause is included, establishing that the act will take effect on July 1, 2025.

Statutes affected:
Bill Text: 67-827A, 67-831