Purpose and Applicability; Definitions  

DEPARTMENT OF MANAGEMENT SERVICES

Florida Digital Service

RULE NO.:RULE TITLE:

60GG-2.001Purpose and Applicability; Definitions

NOTICE OF CHANGE

Notice is hereby given that the following changes have been made to the proposed rule in accordance with subparagraph 120.54(3)(d)1., F.S., published in Vol. 48 No. 106, June 1, 2022 issue of the Florida Administrative Register.

60GG-2.001 Purpose and Applicability; Definitions; Agency Requirements

(1) Purpose and Applicability.

(a) No change

(b) These rules establish cybersecurity standards for information technology (IT) resources.  Agencies must comply with these standards in the management and operation of state IT resources. This rule is modeled after the National Institute of Standards and Technology (NIST) Framework for Improving Critical Infrastructure Cybersecurity, Version 1.1, and the Federal Information Security Management Act of 2002 (44 U.S.C. §3541, et seq.). For the convenience of the reader cross-references to these documents and Special Publications issued by the NIST are provided throughout the SFCS as they may be helpful to Agencies when drafting their cybersecurity procedures. For procurement of IT commodities and services, the commodity or service must comply with the NIST Framework for Improving Critical Infrastructure Cybersecurity, Version 1.1 (April 2018) National Institute of Standards and Technology Cybersecurity Framework. The SFCS:­­­­

1. through 3. No change

(c)  The NIST Framework for Improving Critical Infrastructure Cybersecurity, Version 1.1 (April 2018), maintained at: https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf, is hereby incorporated by reference into this rule: [FAR Link].

(2) through (3) No change

Rulemaking Authority 282.318(11) FS. Law Implemented 282.318(3) FS. History‒New 3-10-16, Amended 1-2-19, Formerly 74-2.001, Amended.