CT SB01191

Prohibits public officials and state employees from accessing, uploading to, or downloading TikTok on state-issued devices effective October 1, 2023, with an exception for law enforcement purposes.

Requires the Chief Information Officer, Chief Information Security Officer, director of the Office of Information Technology Services, and Chief Court Administrator to jointly develop minimum cybersecurity standards for all three branches of government by December 1, 2023, with periodic revisions at least annually.

Authorizes state officials to prohibit use of computer programs, software, applications, or devices that violate security standards or pose cybersecurity threats, with prohibitions posted on government websites and communicated electronically to all state employees and public officials.

Mandates annual security audits of state-issued devices and software beginning July 1, 2024, conducted by the Chief Information Officer (executive branch), director of the Office of Information Technology Services (legislative branch), and Chief Court Administrator (judicial branch).

Defines "cybersecurity threat" as any activity intended to cause unauthorized access, exfiltration, manipulation, or impairment to state information technology systems and applies the standards across all three branches of government.