(a) The Department of Information Technology shall require basic security requirements to be included in a contract:
- (1) in which a third-party contractor will have access to and use State telecommunication equipment, systems, or services; or
- (2) for systems or devices that will connect to State telecommunication equipment, systems, or services.
- (b) The security requirements developed under subsection (a) of this section shall be consistent with a widely recognized security standard, including National Institute of Standards and Technology SP 800-171, ISO27001, or Cybersecurity Maturity Model Certification.
Added by Acts 2022, c. 242, § 2, eff. July 1, 2022.