This bill amends various sections of the Idaho Code to enhance cybersecurity measures within state government. It revises Section 67-827A to clarify the powers and duties of the Office of Information Technology Services, emphasizing the need for the implementation of cybersecurity best practices and the mandatory use of multifactor identification for accessing information technology devices and services. The bill also introduces a new section, 67-2362, which mandates the legislative and judicial branches, as well as elected constitutional officers, to adopt multifactor identification for secure access to their IT systems.

Additionally, the bill defines "multifactor identification" in Section 67-831, outlining acceptable forms of identification credentials, such as knowledge-based, possession-based, and inherence-based credentials. The amendments include technical corrections and updates to ensure that state agencies are directed to implement these cybersecurity measures effectively. The bill declares an emergency, making it effective on July 1, 2025.

Statutes affected:
Bill Text: 67-827A, 67-831