Bill Text: TX SB2358 | 2023-2024 | 88th Legislature | Engrossed
Bill Title: Relating to security procedures for digital applications that pose a network security risk to state agencies.
Spectrum: Partisan Bill (Republican 2-0)
Status: (Engrossed - Dead) 2023-05-04 - Referred to State Affairs [SB2358 Detail]
Download: Texas-2023-SB2358-Engrossed.html
| By: Parker, Paxton | S.B. No. 2358 | |
|
|
||
|
|
||
| relating to security procedures for digital applications that pose | ||
| a network security risk to state agencies. | ||
| BE IT ENACTED BY THE LEGISLATURE OF THE STATE OF TEXAS: | ||
| SECTION 1. Chapter 2054, Government Code, is amended by | ||
| adding Subchapter S to read as follows: | ||
| SUBCHAPTER S. DIGITAL APPLICATION SECURITY PROCEDURES | ||
| Sec. 2054.621. DEFINITIONS. In this subchapter: | ||
| (1) "Digital application" means an Internet website or | ||
| application that is open to the public, allows a user to create an | ||
| account, and enables a user to communicate with other users by | ||
| posting information, comments, messages, images, or video. The | ||
| term does not include: | ||
| (A) an Internet service provider, as defined by | ||
| Section 324.055, Business & Commerce Code; | ||
| (B) e-mail; or | ||
| (C) an online service, application, or Internet | ||
| website: | ||
| (i) that consists primarily of news, | ||
| sports, entertainment, or other content preselected by the provider | ||
| that is not user generated; and | ||
| (ii) for which any chat, comment, or | ||
| interactive functionality is incidental to, directly related to, or | ||
| dependent on provision of the content described by Subparagraph | ||
| (i). | ||
| (2) "Network security" has the meaning assigned by | ||
| Section 2059.001. | ||
| (3) "User" means a person who posts, uploads, | ||
| transmits, shares, or otherwise publishes or receives content | ||
| through a digital application. | ||
| Sec. 2054.622. DIGITAL APPLICATION SECURITY RISK LIST. The | ||
| department shall: | ||
| (1) compile, maintain, and annually update a list of | ||
| digital applications that create a network security risk to state | ||
| agencies; | ||
| (2) limit or prohibit the placement and use of digital | ||
| applications on the list under Subdivision (1) on: | ||
| (A) state-owned cell phones, computers, and | ||
| other communication devices; and | ||
| (B) personal communication devices of state | ||
| agency employees that are used in the agency's office or other | ||
| workplace; and | ||
| (3) post the list under Subdivision (1) on a publicly | ||
| accessible web page on the department's Internet website. | ||
| Sec. 2054.623. DIGITAL APPLICATION SECURITY MODEL POLICY | ||
| FOR STATE AGENCIES. The department shall develop, maintain, and | ||
| periodically update a model policy for state agencies to use under | ||
| Section 2054.624 in limiting or prohibiting the placement and use | ||
| on communication devices of the digital applications included on | ||
| the list compiled under Section 2054.622. | ||
| Sec. 2054.624. STATE AGENCY DIGITAL APPLICATION SECURITY | ||
| POLICY. (a) Each state agency shall develop, implement, and | ||
| periodically update a policy limiting or prohibiting the placement | ||
| and use of digital applications included on the list compiled under | ||
| Section 2054.622 on: | ||
| (1) state-owned cell phones, computers, and other | ||
| communication devices; and | ||
| (2) personal communication devices of state agency | ||
| employees that are used in the agency's office or other workplace. | ||
| (b) Each state agency shall submit to the department a copy | ||
| of the policy required under Subsection (a) and updates to the | ||
| policy. | ||
| (c) The department: | ||
| (1) may offer recommendations for improvements to | ||
| submitted policies; | ||
| (2) shall retain each copy and update submitted under | ||
| Subsection (b); and | ||
| (3) shall notify each member of the legislature and | ||
| the governor when a state agency submits a policy or update. | ||
| Sec. 2054.625. DISCLOSURE EXEMPTION. The model policy and | ||
| state agency policies developed under this subchapter are exempt | ||
| from disclosure under Chapter 552. | ||
| Sec. 2054.626. RULEMAKING AUTHORITY. The department may | ||
| adopt rules to implement this subchapter. | ||
| SECTION 2. (a) As soon as practicable after the effective | ||
| date of this Act, but not later than January 1, 2024, the Department | ||
| of Information Resources shall develop the digital application | ||
| security risk list and model policy as required by Subchapter S, | ||
| Chapter 2054, Government Code, as added by this Act. | ||
| (b) A state agency is not required to comply with Section | ||
| 2054.624, Government Code, as added by this Act, until May 1, 2024. | ||
| SECTION 3. This Act takes effect September 1, 2023. | ||
