WeVote

Bill

Bill

H 4

INFORMATION TECHNOLOGY SERVICES – Amends and adds to existing law to require the implementation of cybersecurity best practices and the use of multifactor identification in Idaho state government.

68th Legislature, 1st Regular Session (2025)

House Bill 4 mandates Idaho state agencies to adopt cybersecurity best practices and use multifactor identification, enhancing protection of sensitive information statewide.

Reported Printed and Referred to Commerce & Human Resources
0
WeVote Research Nonpartisan
Bill Summary · H 4

Summary of House Bill 4 (H 4)

Title

Information Technology Services – Cybersecurity Best Practices and Multifactor Identification

Purpose

House Bill 4 aims to enhance cybersecurity measures within Idaho state government by mandating the implementation of cybersecurity best practices and the use of multifactor identification (MFA) across all state agencies. This legislation is designed to protect sensitive information and improve the overall security posture of state government systems.

Key Provisions

The bill includes several significant amendments and additions to existing law:

  1. Implementation of Cybersecurity Best Practices:

    • All state agencies are required to adopt and maintain cybersecurity best practices to mitigate risks associated with information technology.
  2. Mandatory Use of Multifactor Identification:

    • State agencies must implement MFA for accessing information technology devices and services. This includes local and remote access to:
      • Email accounts
      • Cloud storage accounts
      • Web applications
      • Networks
      • Databases
      • Servers
  3. Clarification of the Office of Information Technology's Role:

    • The bill clarifies the responsibilities of the Office of Information Technology Services regarding information security, risk management, and the provision of education and training on cybersecurity.
  4. New Section on Multifactor Identification:

    • A new section (67-2362) is added to require the legislative branch, judicial branch, and elected constitutional officers to also implement MFA.
  5. Definitions:

    • The bill defines key terms such as "information technology," "multifactor identification," and "telecommunications" to ensure clarity in the application of the law.

Impact

  • Affected Entities:

    • All state agencies, including the legislative and judicial branches, as well as elected constitutional officers and their staffs, will be required to comply with the new cybersecurity measures.
  • Fiscal Note:

    • The legislation is projected to have no fiscal impact on state or local government budgets, as existing resources for MFA tools are already available.

Procedural Aspects

  • Introduced: January 09, 2025
  • Status: Reported printed and referred to the Commerce & Human Resources Committee on January 10, 2025.
  • Effective Date: The bill will take effect on July 1, 2025, following the declaration of an emergency.

Conclusion

House Bill 4 represents a proactive approach to strengthening cybersecurity within Idaho's state government. By mandating the use of multifactor identification and establishing clear cybersecurity practices, the bill aims to safeguard sensitive data and enhance the resilience of state information systems against cyber threats.

Compiled from official sources — confirm details with the bill’s official record.

Sign in to ask a question.