This bill amends various sections of the Idaho Code to enhance cybersecurity measures within state government. Key provisions include the requirement for the implementation of cybersecurity best practices and the mandatory use of multifactor identification for accessing information technology devices and services across all state agencies, including the legislative and judicial branches, as well as elected constitutional officers. The bill also revises the powers and duties of the Office of Information Technology Services, emphasizing its role in directing the acquisition and installation of telecommunications equipment, overseeing cybersecurity policies, and ensuring compliance with training and education requirements for state employees.

Additionally, the bill introduces a new definition for "multifactor identification," outlining acceptable types of identification credentials, such as knowledge-based, possession-based, and inherence-based credentials. Technical corrections are made throughout the bill to clarify language and improve the overall structure. The act is declared to be an emergency measure, with an effective date set for July 1, 2025.

Statutes affected:
Bill Text: 67-827A, 67-831