Skip to main content Skip to office menu Skip to footer
Capital IconMinnesota Legislature

SF 3764

as introduced - 90th Legislature (2017 - 2018) Posted on 04/18/2018 03:09pm

KEY: stricken = removed, old language.
underscored = added, new language.
Line numbers 1.1 1.2 1.3 1.4 1.5 1.6
1.7 1.8 1.9 1.10 1.11 1.12 1.13 1.14 1.15 1.16 1.17 1.18 1.19
1.20 1.21 1.22 1.23 2.1 2.2 2.3 2.4 2.5 2.6 2.7 2.8 2.9 2.10 2.11 2.12 2.13 2.14 2.15 2.16 2.17
2.18 2.19 2.20 2.21 2.22 2.23 2.24 2.25 2.26 2.27 2.28 2.29 2.30
2.31 2.32

A bill for an act
relating to state government; requiring state agencies to dedicate a portion of their
information technology expenditures to cyber security enhancements; amending
Minnesota Statutes 2016, sections 16A.11, subdivision 1, by adding a subdivision;
16E.03, subdivision 7.

BE IT ENACTED BY THE LEGISLATURE OF THE STATE OF MINNESOTA:

Section 1.

Minnesota Statutes 2016, section 16A.11, subdivision 1, is amended to read:


Subdivision 1.

When.

The governor shall submit a three-part budget to the legislature.
Parts one and two, the budget message and detailed operating budget, must be submitted
by the fourth Tuesday in January in each odd-numbered year. However, in a year following
the election of a governor who had not been governor the previous year, parts one and two
must be submitted by the third Tuesday in February. Part three, the detailed recommendations
as to capital expenditure, must be submitted as follows: agency capital budget requests by
July 15 of each odd-numbered year, and governor's recommendations by January 15 of each
even-numbered year. deleted text begin Detailed recommendations as to information technology expenditure
must be submitted as part of the detailed operating budget. Information technology
recommendations must include projects to be funded during the next biennium and planning
estimates for an additional two bienniums. Information technology recommendations must
specify purposes of the funding such as infrastructure, hardware, software, or training.
deleted text end

Sec. 2.

Minnesota Statutes 2016, section 16A.11, is amended by adding a subdivision to
read:


new text begin Subd. 6a. new text end

new text begin Information technology and cyber security. new text end

new text begin (a) Detailed recommendations
as to information and telecommunications technology systems and services expenditures
must be submitted as part of the detailed operating budget. These recommendations must
include projects to be funded during the next biennium and planning estimates for an
additional two bienniums, and must specify purposes of the funding, such as infrastructure,
hardware, software, or training. The detailed operating budget must also separately
recommend expenditures for the maintenance and enhancement of cyber security for the
state's information and telecommunications technology systems and services.
new text end

new text begin (b) The commissioner of management and budget, in consultation with the state chief
information officer, shall establish budget guidelines for the recommendations required by
this subdivision. Unless otherwise set by the commissioner at a higher amount, the amount
to be budgeted each fiscal year for maintenance and enhancement of cyber security must
be at least five percent of a department's or agency's total operating budget for information
and telecommunications technology systems and services in that year.
new text end

new text begin (c) As used in this subdivision:
new text end

new text begin (1) "information and telecommunications technology systems and services" has the
meaning given in section 16E.03, subdivision 1, paragraph (a); and
new text end

new text begin (2) "cyber security" has the meaning given in section 16E.03, subdivision 1, paragraph
(d).
new text end

Sec. 3.

Minnesota Statutes 2016, section 16E.03, subdivision 7, is amended to read:


Subd. 7.

Cyber security systems.

In consultation with the attorney general and
appropriate agency heads, the chief information officer shall develop cyber security policies,
guidelines, and standards, and shall install and administer state data security systems on the
state's computer facilities consistent with these policies, guidelines, standards, and state law
to ensure the integrity of computer-based and other data and to ensure applicable limitations
on access to data, consistent with the public's right to know as defined in chapter 13. The
chief information officer is responsible for overall security of state agency networks
connected to the Internet. Each department or agency head is responsible for the security
of the department's or agency's data within the guidelines of established enterprise policy.new text begin
Unless otherwise expressly provided by law, at least five percent of each department's or
agency's expenditures in a fiscal year for information and telecommunications technology
systems and services must be directed to the maintenance and enhancement of cyber security.
new text end

new text begin EFFECTIVE DATE. new text end

new text begin This section is effective July 1, 2018, and applies to expenditures
in fiscal years beginning on or after that date.
new text end