Cloud Security and Risk Mitigation Strategy, State Agency Request for Variance or Waiver  

  •  

    DEPARTMENT OF MANAGEMENT SERVICES

    Division of State Technology

    RULE NOS.:RULE TITLES:

    60GG-4.004Cloud Security and Risk Mitigation Strategy

    60GG-4.005State Agency Request for Variance or Waiver

    NOTICE OF CHANGE

    Notice is hereby given that the following changes have been made to the proposed rule in accordance with subparagraph 120.54(3)(d)1., F.S., published in Vol. 45 No. 191, October 1, 2019 issue of the Florida Administrative Register.

    60GG-4.004 Cloud Security and Risk Mitigation Strategy

    (1) through (2), No change.

    (3) The state agency will identify and document all current security rules (to include Chapter 60GG-2, Florida Administrative Code, Information Technology Security) and applicable standards that apply to state agency applications regardless of hosting infrastructure. The state agency will base the data classification on the Federal Information Processing Standards (FIPS) Publication No. 199, (February 2004), which is hereby incorporated into this rule by reference and may be found at: http://flrules.org/Gateway/reference.asp?No=Ref-11363.

    (4) through (6), No change.

    60GG-4.005 State Agency Request for Variance or Waiver

    A state agency may request a variance or waiver from these rules by filing a petition with the Department of Management Services (DMS) agency clerk, with a copy to the Joint Administrative Procedures Committee in accordance with section 120.542, Florida Statutes, and Chapter 28-104, Florida Administrative Code, Variance or Waiver. The DMS Secretary, or designee, will review and grant or deny the request and provide an approval or rejection.