(a) The Department of Information Technology shall require basic security requirements to be included in a contract: (1) in which a third-party contractor will have access to and use State telecommunication equipment, systems, or services; or (2) for systems or devices that will connect to State telecommunication equipment, systems, or services. (b) The security requirements developed under subsection (a) of this section shall be consistent with a widely recognized security standard, including National Institute of Standards and Technology SP 800-171, ISO27001, or Cybersecurity Maturity Model Certification.
‹ Prev All Maryland sections Next ›
Lexace provides legal information, not legal advice, and no attorney–client relationship is created. Statute text is provided for general information and may not reflect the most recent amendments; verify against the official state code.