This bill amends various sections of the Idaho Code to enhance cybersecurity measures within state government. It revises Section 67-827A to clarify the powers and duties of the Office of Information Technology Services, emphasizing the need for the implementation of cybersecurity best practices and the mandatory use of multifactor identification for accessing information technology devices and services. The bill also includes technical corrections and updates the language to reflect these changes. Additionally, it introduces a new section, 67-2362, which mandates the legislative and judicial branches, as well as elected constitutional officers, to implement multifactor identification for accessing various IT resources.

Furthermore, the bill defines "multifactor identification" in Section 67-831, outlining acceptable forms of identification credentials, such as knowledge-based, possession-based, and inherence-based credentials. The legislation aims to strengthen the state's cybersecurity framework by ensuring that all state agencies adopt best practices and utilize multifactor identification to protect sensitive data and personal information from cyber threats. An emergency clause is included, establishing that the act will take effect on July 1, 2025.

Statutes affected:
Bill Text: 67-827A, 67-831