- A. All public service companies shall follow good cybersecurity practice.
- B. At a minimum, public service company cybersecurity plans shall address cybersecurity-related governance, risk management, procurement practices, personnel hiring, training policies, situational awareness, response, recovery, zero trust implementation, and transparent reporting of cybersecurity incidents to State and federal entities.
- C. At a minimum, all public service companies shall comply with all cybersecurity standards applicable to their cybersecurity devices and align their cybersecurity practices with Cybersecurity and Infrastructure Security Agency’s Cross-Sector Cybersecurity Performance Goals (CPG) or a more stringent standard that is based on the National Institute of Standards and Technology (NIST) security frameworks.
Authority: Public Utilities Article, §§2-112, 2-113, 2-121, 3-101, 3-104, and 3-113, Annotated Code of Maryland
Effective date: July 25, 2022 (49:15 Md. R. 739)
Regulation .01 amended effective December 12, 2024 (51:24 1081)
Regulation .02 amended effective December 12, 2024 (51:24 1081)
Regulation .03 amended effective December 12, 2024 (51:24 1081)
Regulation .04 amended effective December 12, 2024 (51:24 1081)
Regulation .05 amended effective December 12, 2024 (51:24 1081)
Regulation .06 adopted effective December 12, 2024 (51:24 1081)
Regulation .07 adopted effective December 12, 2024 (51:24 1081)
Regulation .08 adopted effective December 12, 2024 (51:24 1081)
Regulation .09 adopted effective December 12, 2024 (51:24 1081)