Learn About the Law
Get help with your legal needs
FindLaw’s Learn About the Law features thousands of informational articles to help you understand your options. And if you’re ready to hire an attorney, find one in your area who can help.
Current as of December 31, 2021 | Updated by FindLaw Staff
(a) This section does not apply to:
(1) the Maryland Port Administration;
(2) the University System of Maryland;
(3) St. Mary's College of Maryland;
(4) Morgan State University;
(5) the Maryland Stadium Authority;
(6) Baltimore City Community College;
(7) the State Board of Elections;
(8) the Office of the Attorney General;
(9) the Comptroller; or
(10) the State Treasurer.
(b)(1) The Department shall hire independent contractors to:
(i) develop a framework for investments in technology; and
(ii) at least once every 2 years, in accordance with the framework, assess the cybersecurity and information technology systems in each unit of State government.
(2) The framework shall include the following criteria:
(i) security risks to the system;
(ii) system performance;
(iii) the system's dependence on other information technology or cybersecurity systems and data;
(iv) the system's ability to create an efficient and seamless experience for users;
(v) the system's effectiveness in achieving unit objectives;
(vi) the system's effectiveness in meeting the needs of citizens and customers;
(vii) the costs to maintain and operate the system;
(viii) the speed of government response time;
(ix) the effectiveness of the system in regard to the unit's objectives;
(x) improvements to the unit's relative audit findings attributable to the system; and
(xi) an assessment of the system using the National Institute of Standards and Technology Cybersecurity Framework.
(c) Each unit shall promptly provide a contractor employed under subsection (b) of this section with the information necessary to perform the assessments.
(d)(1) Every 2 years, a contractor shall provide the results of the assessments to:
(i) the Modernize Maryland Commission established under § 3.5-316 of this subtitle; and
(ii) in accordance with § 2-1257 of the State Government Article, the Senate Budget and Taxation Committee, the Senate Education, Health, and Environmental Affairs Committee, and the House Health and Government Operations Committee.
(2) The report submitted under paragraph (1)(ii) of this subsection may not contain information about the security of an information system.
(e) The Department may use multiple contractors at a time to meet the requirements of this section.
Cite this article: FindLaw.com - Maryland Code, State Finance and Procurement § 3.5-317 - last updated December 31, 2021 | https://codes.findlaw.com/md/state-finance-and-procurement/md-code-state-fin-and-proc-sect-3-5-317/
FindLaw Codes may not reflect the most recent version of the law in your jurisdiction. Please verify the status of the code you are researching with the state legislature or via Westlaw before relying on it for your legal needs.
A free source of state and federal court opinions, state laws, and the United States Code. For more information about the legal concepts addressed by these cases and statutes, visit FindLaw's Learn About the Law.
Get help with your legal needs
FindLaw’s Learn About the Law features thousands of informational articles to help you understand your options. And if you’re ready to hire an attorney, find one in your area who can help.
Search our directory by legal issue
Enter information in one or both fields (Required)