(a) This section applies to a community water system or community sewerage system in the State that serves over 3,300 customers. (b) Each community water system and community sewerage system provider shall: (1) Adopt and implement cybersecurity standards that are equal to or exceed the standards adopted by the Department under § 9-2702(3)(ii) of this subtitle; (2) Commit to adopting a zero-trust cybersecurity approach and begin planning and implementing the zero-trust approach, as appropriate for each system, modeled after the federal Cybersecurity and Infrastructure Security Agency's zero-trust maturity model, for on-premises services and cloud-based services; and (3) On or before July 1, 2026, and every 2 years thereafter, conduct a maturity assessment of its cybersecurity program for operational technology and information technology, based on the minimum cybersecurity standards established under § 9-2702(3)(ii) of this subtitle.
‹ Prev All Maryland sections Next ›
Lexace provides legal information, not legal advice, and no attorney–client relationship is created. Statute text is provided for general information and may not reflect the most recent amendments; verify against the official state code.