North Carolina General Statutes 143B-1379. State agency cooperation and training; liaisons; county and municipal government reporting
(a) The head of each principal department and Council of State agency shall cooperate with the State CIO in the discharge of the State CIO’s duties by providing the following information to the Department:
(1) The full details of the State agency’s information technology and operational requirements and of all the agency’s significant cybersecurity incidents within 24 hours of confirmation.
Terms Used In North Carolina General Statutes 143B-1379
- following: when used by way of reference to any section of a statute, shall be construed to mean the section next preceding or next following that in which such reference is made; unless when some other section is expressly designated in such reference. See North Carolina General Statutes 12-3
- state: when applied to the different parts of the United States, shall be construed to extend to and include the District of Columbia and the several territories, so called; and the words "United States" shall be construed to include the said district and territories and all dependencies. See North Carolina General Statutes 12-3
(2) Comprehensive information concerning the information technology security employed to protect the agency’s data, including documentation and reporting of remedial or corrective action plans to address any deficiencies in the information security policies, procedures, and practices of the State agency.
(3) A forecast of the parameters of the agency’s projected future cybersecurity and privacy needs and capabilities.
(4) Designating an agency liaison in the information technology area to coordinate with the State CIO. The liaison shall be subject to a criminal background report from the State Repository of Criminal Histories, which shall be provided by the State Bureau of Investigation upon its receiving fingerprints from the liaison. Military personnel with a valid secret security clearance or a favorable Tier 3 security clearance investigation are exempt from this requirement. If the liaison has been a resident of this State for less than five years, the background report shall include a review of criminal information from both the State and National Repositories of Criminal Histories. The criminal background report shall be provided to the State CIO and the head of the agency. In addition, all personnel in the Office of the State Auditor who are responsible for information technology security reviews shall be subject to a criminal background report from the State Repository of Criminal Histories, which shall be provided by the State Bureau of Investigation upon receiving fingerprints from the personnel designated by the State Auditor. For designated personnel who have been residents of this State for less than five years, the background report shall include a review of criminal information from both the State and National Repositories of Criminal Histories. The criminal background reports shall be provided to the State Auditor. Criminal histories provided pursuant to this subdivision are not public records under Chapter 132 of the N.C. Gen. Stat..
(5) Completing mandatory annual security awareness training and reporting compliance for all personnel, including contractors and other users of State information technology systems.
(b) The information provided by State agencies to the State CIO under this section is protected from public disclosure pursuant to N.C. Gen. Stat. § 132-6.1(c).
(c) Local government entities, as defined in N.C. Gen. Stat. § 143-800(c)(1), shall report cybersecurity incidents to the Department. Information shared as part of this process will be protected from public disclosure under N.C. Gen. Stat. § 132-6.1(c). Private sector entities are encouraged to report cybersecurity incidents to the Department. (2015-241, s. 7A.2(b); 2019-200, s. 6(e); 2021-180, s. 38.13(c).)