1. Except as otherwise provided in subsection 3, records and portions of records that are assembled, maintained, overseen or prepared by the Office to mitigate, prevent or respond to cybersecurity incidents or acts of terrorism, the public disclosure of which would, in the determination of the Chief, create a substantial likelihood of threatening the cybersecurity of a using agency or the safety of the general public are confidential and not subject to inspection by the general public to the extent that such records and portions of records consist of or include: (a) Information regarding the infrastructure and security of information systems, including, without limitation: (1) Access codes, passwords and programs used to ensure the security of an information system; (2) Access codes used to ensure the security of software applications; (3) Procedures and processes used to ensure the security of an information system; and (4) Plans used to re-establish security and service with respect to an information system after security has been breached or service has been interrupted. (b) Assessments and plans that relate specifically and uniquely to the vulnerability of an information system or to the measures which will be taken to respond to such vulnerability, including, without limitation, any compiled underlying data necessary to prepare such assessments and plans. (c) The results of tests of the security of an information system, insofar as those results reveal specific vulnerabilities relative to the information system. 2. The Chief shall maintain or cause to be maintained a list of each record or portion of a record that the Chief has determined to be confidential pursuant to subsection 1. The list described in this subsection must be prepared and maintained so as to recognize the existence of each such record or portion of a record without revealing the contents thereof. 3. At least once each biennium, the Chief shall review the list described in subsection 2 and shall, with respect to each record or portion of a record that the Chief has determined to be confidential pursuant to subsection 1: (a) Determine that the record or portion of a record remains confidential in accordance with the criteria set forth in subsection 1; (b) Determine that the record or portion of a record is no longer confidential in accordance with the criteria set forth in subsection 1; or (c) If the Chief determines that the record or portion of a record is obsolete, cause the record or portion of a record to be disposed of in the manner described in NRS 239.073 to 239.125 , inclusive. 4. On or before February 15 of each year, the Chief shall: (a) Prepare a report setting forth a detailed description of each record or portion of a record determined to be confidential pursuant to this section, if any, accompanied by an explanation of why each such record or portion of a record was determined to be confidential; and (b) Submit a copy of the report to the Director of the Legislative Counsel Bureau for transmittal to: (1) If the Legislature is in session, the standing committees of the Legislature which have jurisdiction of the subject matter; or (2) If the Legislature is not in session, the Legislative Commission. 5. As used in this section, act of terrorism has the meaning ascribed to it in NRS 239C.030 .
‹ Prev All Nevada sections Next ›
Lexace provides legal information, not legal advice, and no attorney–client relationship is created. Statute text is provided for general information and may not reflect the most recent amendments; verify against the official state code.