Wyo. Code R. 077-0001-3
Director's Office
Chapter 3: Security
Effective Date: 06/08/2016 to Current
Rule Type: Current Rules & Regulations
Reference Number: 077.0001.3.06082016
(a) An electronic record can be considered secure from a specified point in time to the point of verification if it can be shown that the record has not been altered during that time.
(b) Security procedures shall be:
(i) Commercially reasonable under the circumstances;
(ii) Applied in a trustworthy manner;
(iii) Reasonably and in good faith relied upon by the party utilizing the procedure;
(iv) Capable of providing reliable evidence that an electronic record has not been altered; and
(v) Consistent with the risks and consequences associated with the compromise of the information or transaction.
(c) A security procedure is acceptable for purposes of these rules if the security procedure (including any combination of technology and algorithms it employs) has been generally accepted in the applicable information security or scientific community as being suitable for the intended purpose and capable of satisfying the requirements of these rules as applicable, in a trustworthy manner.
(a) State agencies shall protect information against unauthorized access, disclosure, modification or destruction, whether accidental or deliberate, as well as assure the availability, integrity, utility, authenticity, and confidentiality of information for the entire lifecycle of that information. Data shall be encrypted where appropriate using industry accepted encryption practices. Access to State information resources must be appropriately managed.
(b) All State agencies are required to have information resources security practices consistent with these rules, including adequate controls and separation of duties for tasks that are susceptible to fraudulent or other unauthorized activity. The agency head is responsible for the protection of information resources.
(c) All State agency employees are accountable for their actions relating to information resources. Information resources shall be used only for intended purposes as defined by the agency and consistent with applicable laws.
(d) Risks to information resources must be managed. The expense of security safeguards must be commensurate with the value of the assets being protected.
(e) The integrity of data, its source, its destination, and the processes applied to it must be assured. Changes to data must be made only in an authorized and documented manner.
(f) Information resources must be available when needed. Continuity of information resources supporting critical governmental services must be ensured in the event of a disaster or business disruption.
(g) Security requirements shall be identified, documented, and addressed in all phases of development or acquisition of information resources.