MS HB999

Establishes the Enterprise Security Program to provide coordinated oversight of cybersecurity efforts across all state agencies, including systems, services, policies, standards, and guidelines.

Requires the Mississippi Department of Information Technology Services (MDITS) to provide centralized management and coordination of state cybersecurity policies and serve as the sole authority for defining applicable enterprise cybersecurity systems and services.

MDITS responsibilities include acquiring technology solutions, establishing security standards, overseeing data center infrastructure, managing enterprise cybersecurity systems, forming an advisory council of agency security officers, and charging agencies reimbursement for proportionate costs.

Requires each state agency's executive director or agency head to be solely responsible for security of all data and IT resources under their jurisdiction, designate a security officer, adhere to Enterprise Security Program requirements, and conduct annual internal security assessments.

Effective July 1, 2017.