Bill Text: TX HB1467 | 2017-2018 | 85th Legislature | Introduced
Bill Title: Relating to reports on and purchase of information technology by state agencies.
Spectrum: Partisan Bill (Republican 3-0)
Status: (Introduced - Dead) 2017-04-04 - Left pending in subcommittee [HB1467 Detail]
Download: Texas-2017-HB1467-Introduced.html
By: Capriglione | H.B. No. 1467 |
|
||
|
||
relating to reports on and purchase of information technology by | ||
state agencies. | ||
BE IT ENACTED BY THE LEGISLATURE OF THE STATE OF TEXAS: | ||
SECTION 1. Section 552.139(b), Government Code, is amended | ||
by adding subsection (4) to read as follows: | ||
(b) The following information is confidential: | ||
(1) a computer network vulnerability report; | ||
(2) any other assessment of the extent to which data | ||
processing operations, a computer, a computer program, network, | ||
system, or system interface, or software of a governmental body or | ||
of a contractor of a governmental body is vulnerable to | ||
unauthorized access or harm, including an assessment of the extent | ||
to which the governmental body's or contractor's electronically | ||
stored information containing sensitive or critical information is | ||
vulnerable to alteration, damage, erasure, or inappropriate use; | ||
and | ||
(3) a photocopy or other copy of an identification | ||
badge issued to an official or employee of a governmental body. | ||
(4) information collected, assembled, or maintained | ||
by or for a governmental entity to prevent, detect, or investigate | ||
security incidents. | ||
SECTION 2. Subchapter C, Chapter 2054, Government Code, is | ||
amended by adding Section 2054.068 to read as follows: | ||
Sec. 2054.068. INFORMATION TECHNOLOGY INFRASTRUCTURE | ||
REPORT. (a) In this section, "information technology" includes | ||
information resources and information resources technologies. | ||
(b) The department shall collect from each state agency | ||
information on the status and condition of the agency's information | ||
technology infrastructure, including information regarding: | ||
(1) the agency's information security program; | ||
(2) an inventory of the agency's servers, mainframes, | ||
and other information technology equipment; | ||
(3) identification of vendors that operate and manage | ||
the agency's information technology infrastructure; and | ||
(4) any additional related information requested by | ||
the department. | ||
(c) A state agency shall provide the information required by | ||
Subsection (b) to the department according to a schedule determined | ||
by the department. | ||
(d) Not later than August 31 of each even-numbered year, the | ||
department shall submit to the governor, chair of the house | ||
appropriations committee, chair of the senate finance committee, | ||
speaker of the house of representatives, lieutenant governor, and | ||
staff of the Legislative Budget Board a consolidated report of the | ||
information submitted by state agencies under Subsection (b). | ||
(e) The consolidated report required by Subsection (d) | ||
must: | ||
(1) include an analysis and assessment of each state | ||
agency's security and operational risks; and | ||
(2) for a state agency found to be at higher security | ||
and operational risks, include a detailed analysis of the | ||
requirements for the agency to address the risks and related | ||
vulnerabilities and the cost estimates to implement those | ||
requirements. | ||
(f) With the exception of information that is confidential | ||
under Chapter 552, including Section 552.139, or other state or | ||
federal law, the consolidated report submitted under Subsection (d) | ||
is public information and must be released or made available to the | ||
public upon request. A governmental body as defined by Section | ||
552.003, Government Code, may withhold information confidential | ||
under Chapter 552, including Section 552.139, or other state or | ||
federal law that is contained in a consolidated report released | ||
under this section without the necessity of requesting a decision | ||
from the attorney general under Subchapter G, Chapter 552, | ||
Government Code. | ||
(g) This section does not apply to an institution of higher | ||
education or university system, as defined by Section 61.003, | ||
Education Code. | ||
SECTION 3. Section 2054.0965(a), Government Code, is | ||
amended to read as follows: | ||
(a) Not later than March 31 [ |
||
even-numbered [ |
||
review of the operational aspects of the agency's information | ||
resources deployment following instructions developed by the | ||
department. | ||
SECTION 4. Section 2157.007, Government Code, is amended by | ||
amending Subsection (b) and adding Subsection (e) to read as | ||
follows: | ||
(b) A state agency shall [ |
||
service options, including any cost savings associated with | ||
purchasing those service options from a commercial cloud computing | ||
service provider and a statewide technology center established by | ||
the department, when making purchases for a major information | ||
resources project under Section 2054.118. | ||
(e) Not later than August 1 of each even-numbered year, the | ||
department, using existing resources, shall submit a report to the | ||
governor, lieutenant governor, and speaker of the house of | ||
representatives on the use of cloud computing service options by | ||
state agencies. The report must include use cases that provided | ||
cost savings and other benefits, including security enhancements. | ||
A state agency shall cooperate with the department in the creation | ||
of the report by providing timely and accurate information and any | ||
assistance required by the department. | ||
SECTION 5. This Act takes effect September 1, 2017. |