RCW 43.105.460
Office of cybersecurity—Catalog of services and functions—Report.
(1) By July 1, 2022, the office of cybersecurity, in collaboration with state agencies, shall develop a catalog of cybersecurity services and functions for the office of cybersecurity to perform and submit a report to the legislature and governor. The report must include, but not be limited to:
(a) Cybersecurity services and functions to include in the office of cybersecurity's catalog of services that should be performed by the office of cybersecurity;
(b) Core capabilities and competencies of the office of cybersecurity;
(c) Security functions which should remain within agency information technology security programs;
(d) A recommended model for accountability of agency security programs to the office of cybersecurity; and
(e) The cybersecurity services and functions required to protect confidential information transacted, stored, or processed in the state's information technology systems and infrastructure that is specifically protected from disclosure by state or federal law and for which strict handling requirements are required.
(2) The office of cybersecurity shall update and publish its catalog of services and performance metrics on a biennial basis. The office of cybersecurity shall use data and information provided from agency security programs to inform the updates to its catalog of services and performance metrics.
(3) To ensure alignment with enterprise information technology security strategy, the office of cybersecurity shall develop a process for reviewing and evaluating agency proposals for additional cybersecurity services consistent with RCW 43.105.255.
[ 2021 c 291 § 2.]
Structure Revised Code of Washington
Title 43 - State Government—Executive
Chapter 43.105 - Consolidated Technology Services Agency.
43.105.006 - Consolidated technology services agency—Purpose.
43.105.025 - Agency created—Appointment of director—Director's duties.
43.105.052 - Powers and duties of agency.
43.105.054 - Governing information technology—Standards and policies—Powers and duties of office.
43.105.057 - Rule-making authority.
43.105.060 - Contracts by state and local agencies with agency.
43.105.111 - Performance targets—Plans for achieving goals—Quarterly reports to governor.
43.105.205 - Office of the state chief information officer—Created—Powers, duties, and functions.
43.105.220 - Strategic information technology plan—Biennial performance reports.
43.105.225 - Managing information technology as a statewide portfolio.
43.105.230 - State agency information technology portfolio—Basis for decisions and plans.
43.105.235 - State agency information technology portfolio—Exemptions.
43.105.240 - Evaluation of agency information technology spending and budget requests.
43.105.245 - Planning, implementation, and evaluation of major projects—Standards and policies.
43.105.255 - Major technology projects and services—Approval.
43.105.285 - Technology services board—Created—Composition.
43.105.287 - Technology services board—Powers and duties.
43.105.331 - State interoperability executive committee—Composition—Responsibilities.
43.105.341 - Information technology portfolios.
43.105.351 - Electronic access to public records—Findings—Intent.
43.105.355 - Electronic access to public records—Costs and fees.
43.105.365 - Accuracy, integrity, and privacy of records and information.
43.105.369 - Office of privacy and data protection.
43.105.375 - Use of state data center or commercial cloud computing services—Exceptions.
43.105.385 - Agency as central service provider for state agencies.
43.105.460 - Office of cybersecurity—Catalog of services and functions—Report.
43.105.470 - Office of cybersecurity—Major cybersecurity incidents—Reporting duties.
43.105.825 - K-20 network—Oversight—Coordination of telecommunications planning.
43.105.904 - Actions of telecommunications oversight and policy committee—Savings—1999 c 285.
43.105.905 - Construction—2008 c 262.