3. The department shall establish a cybersecurity reporting function for local governments. The cybersecurity reporting function must include but is not limited to all of the following capabilities:
- a. A hotline available continuously for local government reporting of cybersecurity incidents resulting in system outages or data breaches.
- b. A method for the reporting of local government cybersecurity protections including the presence of multifactor authentication, event logging, use of data encryption at rest and in transit, the ability to reconstitute systems in the event of data loss, use of the “.gov” internet domain, and related cybersecurity practices.