Sec. 2054.077. VULNERABILITY REPORTS. (a) In this section, a term defined by Section 33.01, Penal Code, has the meaning assigned by that section.
(b) The information security officer of a state agency shall prepare or have prepared a report, including an executive summary of the findings of the biennial report, not later than June 1 of each even-numbered year, assessing the extent to which a computer, a computer program, a computer network, a computer system, a printer, an interface to a computer system, including mobile and peripheral devices, computer software, or data processing of the agency or of a contractor of the agency is vulnerable to unauthorized access or harm, including the extent to which the agency's or contractor's electronically stored information is vulnerable to alteration, damage, erasure, or inappropriate use.
(c) Except as provided by this section, a vulnerability report and any information or communication prepared or maintained for use in the preparation of a vulnerability report is confidential and is not subject to disclosure under Chapter 552.
(d) The information security officer shall provide an electronic copy of the vulnerability report on its completion to:
(1) the department;
(2) the state auditor;
(3) the agency's executive director;
(4) the agency's designated information resources manager; and
(5) any other information technology security oversight group specifically authorized by the legislature to receive the report.
(e) Separate from the executive summary described by Subsection (b), a state agency shall prepare a summary of the agency's vulnerability report that does not contain any information the release of which might compromise the security of the state agency's or state agency contractor's computers, computer programs, computer networks, computer systems, printers, interfaces to computer systems, including mobile and peripheral devices, computer software, data processing, or electronically stored information. The summary is available to the public on request.
Added by Acts 2001, 77th Leg., ch. 792, Sec. 1, eff. June 14, 2001.
Amended by:
Acts 2009, 81st Leg., R.S., Ch. 183 (H.B. 1830), Sec. 5, eff. September 1, 2009.
Acts 2017, 85th Leg., R.S., Ch. 683 (H.B. 8), Sec. 7, eff. September 1, 2017.
Acts 2019, 86th Leg., R.S., Ch. 509 (S.B. 64), Sec. 13, eff. September 1, 2019.
Acts 2021, 87th Leg., R.S., Ch. 856 (S.B. 800), Sec. 9, eff. September 1, 2021.
Structure Texas Statutes
Subtitle B - Information and Planning
Chapter 2054 - Information Resources
Subchapter D. Information Resources Managers
Section 2054.071. Identity of Manager; Consolidation
Section 2054.074. Responsibility to Prepare Operating Plans
Section 2054.075. Cooperation With Information Resources Manager