Sec. 8. (a) A public entity that connects to the technology infrastructure of the state after July 1, 2027, must: (1) have completed a cybersecurity assessment within the three (3) year period immediately preceding the first date after July 1, 2027, on which the public entity connects to the technology infrastructure of the state; (2) complete a cybersecurity assessment at least once every three (3) years after the first date after July 1, 2027, on which the public entity connects to the technology infrastructure of the state; (3) provide proof to the office of the public entity's compliance with subdivisions (1) and (2) upon request by the office; (4) if the public entity is a state agency or political subdivision, have an "in.gov" or ".gov" domain name; and (5) have a secondary end user authentication mechanism. (b) An entity that is not a public entity and that connects to the technology infrastructure of the state after July 1, 2026, must: (1) have completed a cybersecurity assessment within the two (2) year period immediately preceding the first date after July 1, 2026, on which the entity connects to the technology infrastructure of the state; (2) complete a cybersecurity assessment: (A) at least once every two (2) years after the first date after July 1, 2026, on which the entity connects to the technology infrastructure of the state; and (B) biennially for as long as the entity connects to the technology infrastructure of the state; (3) provide proof to the office of the entity's compliance with subdivisions (1) and (2) upon request by the office; and (4) have a secondary end user authentication mechanism. (c) At the discretion of the office: (1) a public entity that is not in compliance with subsection (a); or (2) an entity that is not in compliance with subsection (b); may be disconnected from the technology infrastructure of the state.
‹ Prev All Indiana sections Next ›
Lexace provides legal information, not legal advice, and no attorney–client relationship is created. Statute text is provided for general information and may not reflect the most recent amendments; verify against the official state code.