The Agency for State Technology (“AST”) proposes the repeal of Rules 71A-2.001, 71A-2.002, 71A-2.003, 71A-2.004, 71A-2.005, 71A-2.006, 71A-2.007, 71A-2.008, 71A-2.009, and 71A-2.010, F.A.C., as they are duplicative of the AST’s newly adopted rules, ...  

AGENCY FOR ENTERPRISE INFORMATION TECHNOLOGY

Office of Information Security

RULE NOS.:RULE TITLES:

71A-2.001Purpose; Definitions; Policy; Applicability; Agency Security Programs; Roles and Responsibilities; Risk Management

71A-2.002Control of Computers and Information Resources

71A-2.003Physical Security and Access to Data Processing Facilities

71A-2.004Logical and Data Access Controls

71A-2.005Data and System Integrity

71A-2.006Network Security

71A-2.007Backup and Disaster Recovery

71A-2.008Personnel Security and Security Awareness

71A-2.009Systems Acquisition, Disposal, Auditing, and Reporting

71A-2.010Standards Adopted

PURPOSE AND EFFECT: The Agency for State Technology (“AST”) proposes the repeal of Rules 71A-2.001, 71A-2.002, 71A-2.003, 71A-2.004, 71A-2.005, 71A-2.006, 71A-2.007, 71A-2.008, 71A-2.009, and 71A-2.010, F.A.C., as they are duplicative of the AST’s newly adopted rules, Rules 74-2.001, F.A.C., through 74-2.006, F.A.C., the Florida Cybersecurity Standards.

SUMMARY: Rule Chapter 71A-2, Florida Administrative Code, was transferred to the Agency for State Technology by operation of Chapter 2014-221, Section 1, Laws of Florida. AST proposes repeal of Rules 71A-2.001, 71A-2.002, 71A-2.003, 71A-2.004, 71A-2.005, 71A-2.006, 71A-2.007, 71A-2.008, 71A-2.009, and 71A-2.010, F.A.C, as they are duplicative of the AST’s newly adopted rules, Rules 74-2.001, F.A.C., through 74-2.006, F.A.C., the Florida Cybersecurity Standards.

SUMMARY OF STATEMENT OF ESTIMATED REGULATORY COSTS AND LEGISLATIVE RATIFICATION: The Agency has determined that this will not have an adverse impact on small business or likely increase directly or indirectly regulatory costs in excess of $200,000 in the aggregate within one year after the implementation of the rule. A SERC has not been prepared by the Agency.

Any person who wishes to provide information regarding a statement of estimated regulatory costs, or provide a proposal for a lower cost regulatory alternative must do so in writing within 21 days of this notice.

RULEMAKING AUTHORITY: 282.318(5) FS.

LAW IMPLEMENTED: 282.318(3) FS.

IF REQUESTED WITHIN 21 DAYS OF THE DATE OF THIS NOTICE, A HEARING WILL BE SCHEDULED AND ANNOUNCED IN THE FAR.

THE PERSON TO BE CONTACTED REGARDING THE PROPOSED RULE IS: Gerard York, Senior Attorney, Agency for State Technology, 2585 Shumard Oak Blvd., Tallahassee, Florida 32311, (850)488-9377, gerard.york@ast.myflorida.com

THE FULL TEXT OF THE PROPOSED RULE IS:

71A-2.001 Purpose; Definitions; Policy; Applicability; Agency Security Programs; Roles and Responsibilities; Risk Management (Repealed).

Rulemaking Authority 281.102(2), (6), (16) FS. Law Implemented 282.0041, 282.101, 282.318 FS. History-New 8-10-04, Formerly 60DD-2.001 Repealed                       .

71A-2.002 Control of Computers and Information Resources (Repealed).

Rulemaking Authority 281.102(2), (6), (16) FS. Law Implemented 282.0041, 282.101, 282.318 FS. History-New 8-10-04, Formerly 60DD-2.002 Repealed                       .

71A-2.003 Physical Security and Access to Data Processing Facilities (Repealed).

Rulemaking Authority 281.102(2), (6), (16) FS. Law Implemented 282.0041, 282.101, 282.318 FS. History-New 8-10-04, Formerly 60DD-2.003 Repealed                       .

71A-2.004 Logical and Data Access Controls (Repealed).

Rulemaking Authority 281.102(2), (6), (16) FS. Law Implemented 282.0041, 282.101, 282.318 FS. History-New 8-10-04, Formerly 60DD-2.004 Repealed                       .

71A-2.005 Data and System Integrity (Repealed).

Rulemaking Authority 281.102(2), (6), (16) FS. Law Implemented 282.0041, 282.101, 282.318 FS. History-New 8-10-04, Formerly 60DD-2.005 Repealed                       .

71A-2.006 Network Security (Repealed).

Rulemaking Authority 281.102(2), (6), (16) FS. Law Implemented 282.0041, 282.101, 282.318 FS. History-New 8-10-04, Formerly 60DD-2.006 Repealed                       .

71A-2.007 Backup and Disaster Recovery (Repealed).

Rulemaking Authority 281.102(2), (6), (16) FS. Law Implemented 282.0041, 282.101, 282.318 FS. History-New 8-10-04, Formerly 60DD-2.007 Repealed                       .

71A-2.008 Personnel Security and Security Awareness (Repealed).

Rulemaking Authority 281.102(2), (6), (16) FS. Law Implemented 282.0041, 282.101, 282.318 FS. History-New 8-10-04, Formerly 60DD-2.008 Repealed                       .

71A-2.009 Systems Acquisition, Disposal, Auditing, and Reporting (Repealed).

Rulemaking Authority 281.102(2), (6), (16) FS. Law Implemented 282.0041, 282.101, 282.318 FS. History-New 8-10-04, Formerly 60DD-2.009 Repealed                       .

71A-2.010 Standards Adopted (Repealed).

Rulemaking Authority 281.102(2), (6), (16) FS. Law Implemented 282.0041, 282.101, 282.318 FS. History-New 8-10-04, Formerly 60DD-2.010 Repealed                       .

NAME OF PERSON ORIGINATING PROPOSED RULE: Danielle Alvarez, Chief Information Security Officer

NAME OF AGENCY HEAD WHO APPROVED THE PROPOSED RULE: Jason Allison, Executive Director

DATE PROPOSED RULE APPROVED BY AGENCY HEAD: March 14, 2016