This bill amends various sections of the Idaho Code to enhance cybersecurity measures within state government. Key provisions include the requirement for the Office of Information Technology Services to implement cybersecurity best practices and to mandate the use of multifactor identification for accessing information technology devices and services across all state agencies. The bill also introduces a new section that specifically requires the legislative and judicial branches, as well as elected constitutional officers, to adopt multifactor identification protocols.

Additionally, the bill makes several technical corrections and clarifications, such as redefining the powers and duties of the Office of Information Technology Services, which now includes directing the acquisition and installation of telecommunications equipment and ensuring that state agencies implement cybersecurity policies. The definition of "multifactor identification" is also established, detailing the types of credentials that can be used for authentication. The bill declares an emergency, making it effective from July 1, 2025.

Statutes affected:
Bill Text: 67-827A, 67-831