This bill amends various sections of the Idaho Code to enhance cybersecurity measures within state government. Key provisions include the requirement for the Office of Information Technology Services to implement cybersecurity best practices and to mandate the use of multifactor identification for accessing information technology devices and services. The bill also updates the powers and duties of the office, shifting from a role of coordination to one of direct oversight in the acquisition and installation of telecommunications equipment across state departments, institutions, and branches of government. Additionally, it introduces a new section that specifically mandates the legislative and judicial branches, as well as elected constitutional officers, to adopt multifactor identification protocols.

The bill defines "multifactor identification" and outlines acceptable forms of identification credentials, which include knowledge-based, possession-based, and inherence-based credentials. It also makes technical corrections to existing definitions and provisions within the Idaho Code. The act is declared to be an emergency measure, with an effective date set for July 1, 2025, ensuring that these cybersecurity enhancements are implemented promptly to protect state information systems.

Statutes affected:
Bill Text: 67-827A, 67-831