My WebLink
|
Help
|
About
|
Sign Out
Home
Browse
Search
01/31/2023
CBCC
>
Meetings
>
2020's
>
2023
>
01/31/2023
Metadata
Thumbnails
Annotations
Entry Properties
Last modified
3/16/2023 1:11:51 PM
Creation date
3/16/2023 1:01:11 PM
Metadata
Fields
Template:
Meetings
Meeting Type
BCC Regular Meeting
Document Type
Agenda Packet
Meeting Date
01/31/2023
Meeting Body
Board of County Commissioners
Jump to thumbnail
< previous set
next set >
There are no annotations on this page.
Document management portal powered by Laserfiche WebLink 9 © 1998-2015
Laserfiche.
All rights reserved.
/
386
PDF
Print
Pages to print
Enter page numbers and/or page ranges separated by commas. For example, 1,3,5-12.
After downloading, print the document using a PDF reader (e.g. Adobe Reader).
View images
View plain text
INDIAN RIVER COUNTY, FLORIDA I QE` <br />MEMORANDUM <br />TO: Indian River County Board of County Commissioners <br />VIA: Michael Zito, Interim County Administrator <br />FROM: Dan Russell, Information Technology Director <br />SUBJECT: Information Technology Policy Additions to the Administrative Policy Manual <br />DATE: January 31, 2023 <br />BACKGROUND: <br />The recent enactment of section 282.3185, Florida Statutes, (Local Government cybersecurity) <br />requires local governments to adopt cybersecurity standards that safeguard their data, information <br />technology, and information technology resources to ensure availability, confidentiality, and <br />integrity. The cybersecurity standards must be consistent with generally accepted best practices <br />for cybersecurity, including the National Institute of Standards and Technology (NIST) <br />Cybersecurity Framework (CSF). Each county with a population of 75,000 or more must adopt the <br />cybersecurity standards required by this subsection by January 1, 2024. Furthermore, each local <br />government shall notify the Florida Digital Service of its compliance with this subsection as soon as <br />possible. <br />The Indian River County Information Technology Department has been pursuing alignment with <br />the best practices outlined in the NIST CSF for the past several years. Over the course of the past <br />year the IT Department has created a requirements trace matrix for all of the security controls <br />specified by the NIST CSF and mapped those security controls that require the creation of an <br />organizational policy into the twenty one policies listed below. To comply with section282.3185, <br />Florida Statutes, the Information Technology Department is recommending the following <br />Information Technology and Cybersecurity policy additions to the Administrative Policy Manual <br />(APM): <br />• AM -1200.01 -Contingency Planning <br />• AM -1200.02 - Incident Response <br />• AM -1200.03 - Awareness and Training <br />• AM -1200.04 - Program Management <br />• AM -1200.05 — Planning <br />• AM -1200.06 - Identification and Authentication <br />• AM -1200.07 - System and Communications Protection <br />• AM -1200.08 - Configuration Management <br />• AM -1200.09 - Access Control <br />• AM -1200.10 - Audit and Accountability <br />• AM -1200.11 - Assessment, Authorization, and Monitoring <br />• AM -1200.12 - Maintenance <br />• AM -1200.13 - System and Information Integrity <br />• AM -1200.14 - Media Protection <br />• AM -1200.15 - Physical and Environmental Protection <br />• AM -1200.16 - Personnel Security <br />• AM -1200.17 - System and Services Acquisition <br />• AM -1200.18 - Risk Assessment <br />• AM -1200.19 - Supply Chain Risk Management <br />• AM -1200.20 - Personally Identifiable Information Processing and Transparency 239 <br />
The URL can be used to link to this page
Your browser does not support the video tag.