Bill Text: TX HB1467 | 2017-2018 | 85th Legislature | Introduced
Bill Title: Relating to reports on and purchase of information technology by state agencies.
Spectrum: Partisan Bill (Republican 3-0)
Status: (Introduced - Dead) 2017-04-04 - Left pending in subcommittee [HB1467 Detail]
Download: Texas-2017-HB1467-Introduced.html
| By: Capriglione | H.B. No. 1467 | |
|
|
||
|
|
||
| relating to reports on and purchase of information technology by | ||
| state agencies. | ||
| BE IT ENACTED BY THE LEGISLATURE OF THE STATE OF TEXAS: | ||
| SECTION 1. Section 552.139(b), Government Code, is amended | ||
| by adding subsection (4) to read as follows: | ||
| (b) The following information is confidential: | ||
| (1) a computer network vulnerability report; | ||
| (2) any other assessment of the extent to which data | ||
| processing operations, a computer, a computer program, network, | ||
| system, or system interface, or software of a governmental body or | ||
| of a contractor of a governmental body is vulnerable to | ||
| unauthorized access or harm, including an assessment of the extent | ||
| to which the governmental body's or contractor's electronically | ||
| stored information containing sensitive or critical information is | ||
| vulnerable to alteration, damage, erasure, or inappropriate use; | ||
| and | ||
| (3) a photocopy or other copy of an identification | ||
| badge issued to an official or employee of a governmental body. | ||
| (4) information collected, assembled, or maintained | ||
| by or for a governmental entity to prevent, detect, or investigate | ||
| security incidents. | ||
| SECTION 2. Subchapter C, Chapter 2054, Government Code, is | ||
| amended by adding Section 2054.068 to read as follows: | ||
| Sec. 2054.068. INFORMATION TECHNOLOGY INFRASTRUCTURE | ||
| REPORT. (a) In this section, "information technology" includes | ||
| information resources and information resources technologies. | ||
| (b) The department shall collect from each state agency | ||
| information on the status and condition of the agency's information | ||
| technology infrastructure, including information regarding: | ||
| (1) the agency's information security program; | ||
| (2) an inventory of the agency's servers, mainframes, | ||
| and other information technology equipment; | ||
| (3) identification of vendors that operate and manage | ||
| the agency's information technology infrastructure; and | ||
| (4) any additional related information requested by | ||
| the department. | ||
| (c) A state agency shall provide the information required by | ||
| Subsection (b) to the department according to a schedule determined | ||
| by the department. | ||
| (d) Not later than August 31 of each even-numbered year, the | ||
| department shall submit to the governor, chair of the house | ||
| appropriations committee, chair of the senate finance committee, | ||
| speaker of the house of representatives, lieutenant governor, and | ||
| staff of the Legislative Budget Board a consolidated report of the | ||
| information submitted by state agencies under Subsection (b). | ||
| (e) The consolidated report required by Subsection (d) | ||
| must: | ||
| (1) include an analysis and assessment of each state | ||
| agency's security and operational risks; and | ||
| (2) for a state agency found to be at higher security | ||
| and operational risks, include a detailed analysis of the | ||
| requirements for the agency to address the risks and related | ||
| vulnerabilities and the cost estimates to implement those | ||
| requirements. | ||
| (f) With the exception of information that is confidential | ||
| under Chapter 552, including Section 552.139, or other state or | ||
| federal law, the consolidated report submitted under Subsection (d) | ||
| is public information and must be released or made available to the | ||
| public upon request. A governmental body as defined by Section | ||
| 552.003, Government Code, may withhold information confidential | ||
| under Chapter 552, including Section 552.139, or other state or | ||
| federal law that is contained in a consolidated report released | ||
| under this section without the necessity of requesting a decision | ||
| from the attorney general under Subchapter G, Chapter 552, | ||
| Government Code. | ||
| (g) This section does not apply to an institution of higher | ||
| education or university system, as defined by Section 61.003, | ||
| Education Code. | ||
| SECTION 3. Section 2054.0965(a), Government Code, is | ||
| amended to read as follows: | ||
| (a) Not later than March 31 [ |
||
| even-numbered [ |
||
| review of the operational aspects of the agency's information | ||
| resources deployment following instructions developed by the | ||
| department. | ||
| SECTION 4. Section 2157.007, Government Code, is amended by | ||
| amending Subsection (b) and adding Subsection (e) to read as | ||
| follows: | ||
| (b) A state agency shall [ |
||
| service options, including any cost savings associated with | ||
| purchasing those service options from a commercial cloud computing | ||
| service provider and a statewide technology center established by | ||
| the department, when making purchases for a major information | ||
| resources project under Section 2054.118. | ||
| (e) Not later than August 1 of each even-numbered year, the | ||
| department, using existing resources, shall submit a report to the | ||
| governor, lieutenant governor, and speaker of the house of | ||
| representatives on the use of cloud computing service options by | ||
| state agencies. The report must include use cases that provided | ||
| cost savings and other benefits, including security enhancements. | ||
| A state agency shall cooperate with the department in the creation | ||
| of the report by providing timely and accurate information and any | ||
| assistance required by the department. | ||
| SECTION 5. This Act takes effect September 1, 2017. | ||
