RCW 43.105.470
Office of cybersecurity—Major cybersecurity incidents—Reporting duties.
(1) In the event of a major cybersecurity incident, as defined in policy established by the office of cybersecurity in accordance with RCW 43.105.450, state agencies must report that incident to the office of cybersecurity within 24 hours of discovery of the incident.
(2) State agencies must provide the office of cybersecurity with contact information for any external parties who may have material information related to the cybersecurity incident.
(3) Once a cybersecurity incident is reported to the office of cybersecurity, the office of cybersecurity must investigate the incident to determine the degree of severity and facilitate any necessary incident response measures that need to be taken to protect the enterprise.
(4) The chief information security officer or the chief information security officer's designee shall serve as the state's point of contact for all major cybersecurity incidents.
(5) The office of cybersecurity must create policy to implement this section.
[ 2021 c 291 § 3.]
Structure Revised Code of Washington
Title 43 - State Government—Executive
Chapter 43.105 - Consolidated Technology Services Agency.
43.105.006 - Consolidated technology services agency—Purpose.
43.105.025 - Agency created—Appointment of director—Director's duties.
43.105.052 - Powers and duties of agency.
43.105.054 - Governing information technology—Standards and policies—Powers and duties of office.
43.105.057 - Rule-making authority.
43.105.060 - Contracts by state and local agencies with agency.
43.105.111 - Performance targets—Plans for achieving goals—Quarterly reports to governor.
43.105.205 - Office of the state chief information officer—Created—Powers, duties, and functions.
43.105.220 - Strategic information technology plan—Biennial performance reports.
43.105.225 - Managing information technology as a statewide portfolio.
43.105.230 - State agency information technology portfolio—Basis for decisions and plans.
43.105.235 - State agency information technology portfolio—Exemptions.
43.105.240 - Evaluation of agency information technology spending and budget requests.
43.105.245 - Planning, implementation, and evaluation of major projects—Standards and policies.
43.105.255 - Major technology projects and services—Approval.
43.105.285 - Technology services board—Created—Composition.
43.105.287 - Technology services board—Powers and duties.
43.105.331 - State interoperability executive committee—Composition—Responsibilities.
43.105.341 - Information technology portfolios.
43.105.351 - Electronic access to public records—Findings—Intent.
43.105.355 - Electronic access to public records—Costs and fees.
43.105.365 - Accuracy, integrity, and privacy of records and information.
43.105.369 - Office of privacy and data protection.
43.105.375 - Use of state data center or commercial cloud computing services—Exceptions.
43.105.385 - Agency as central service provider for state agencies.
43.105.460 - Office of cybersecurity—Catalog of services and functions—Report.
43.105.470 - Office of cybersecurity—Major cybersecurity incidents—Reporting duties.
43.105.825 - K-20 network—Oversight—Coordination of telecommunications planning.
43.105.904 - Actions of telecommunications oversight and policy committee—Savings—1999 c 285.
43.105.905 - Construction—2008 c 262.