Notice of Development of Rulemaking

AGENCY FOR ENTERPRISE INFORMATION TECHNOLOGY
Office of Information Security
RULE NO: RULE TITLE
71A-1.001: Purpose and Scope
71A-1.002: Definitions
71A-1.003: Agency Information Security Program
71A-1.004: Agency Information Technology Workers
71A-1.005: Agency Contracts, Providers, and Partners
71A-1.006: Confidential and Exempt Information
71A-1.007: Access Control
71A-1.008: Awareness and Training
71A-1.009: Audit and Accountability
71A-1.010: Certification, Accreditation, and Security Assessments
71A-1.011: Configuration Management
71A-1.012: Contingency Planning
71A-1.013: Identification and Authentication
71A-1.014: Incident Response
71A-1.015: Maintenance
71A-1.016: Media Protection
71A-1.017: Physical and Environmental Protection
71A-1.018: System and Application Security Planning
71A-1.019: Personnel Security and Acceptable Use
71A-1.020: Risk Assessment
71A-1.021: Systems, Appllications and Services Acquisition and Development
71A-1.022: Systems and Communications Protection
71A-1.023: Systems and Information Integrity
PURPOSE AND EFFECT: The purpose of the proposed new rule Chapter 71A-1, F.A.C., to be known as the Florida Information Technology Resource Security Policies and Standards, is to:
1. Document a framework of information security policies and practices for state agencies in order to safeguard the confidentiality, integrity, and availability of Florida government data and information technology resources.
2. Define minimum standards to be used by state agencies to categorize information and information technology resources based on the objectives of providing appropriate levels of information security according to risk levels.
3. Define minimum management, operational and technical security controls to be used by state agencies to secure information and information technology resources.
Chapter 60DD-2, F.A.C. will be repealed; proposed Rule Chapter 71A-1, F.A.C., if adopted, is intended to replace Rule Chapter 60DD-2, F.A.C.
SUBJECT AREA TO BE ADDRESSED: Information Security Policies and Standards.
SPECIFIC AUTHORITY: 282.318(5) FS.
LAW IMPLEMENTED: 282.318(5) FS.
A RULE DEVELOPMENT WORKSHOP WILL BE HELD AT THE DATE, TIME AND PLACE SHOWN BELOW:
DATE AND TIME: October 26, 2009, 9:00 a.m.
PLACE: Betty Easley Conference Center, 4075 Esplanade Way, Room 152, Tallahassee, Florida
Pursuant to the provisions of the Americans with Disabilities Act, any person requiring special accommodations to participate in this workshop/meeting is asked to advise the agency at least 2 days before the workshop/meeting by contacting: The Agency for Enterprise Information Technology. If you are hearing or speech impaired, please contact the agency using the Florida Relay Service, 1(800)955-8771 (TDD) or 1(800)955-8770 (Voice).
THE PERSON TO BE CONTACTED REGARDING THE PROPOSED RULE DEVELOPMENT AND A COPY OF THE PRELIMINARY DRAFT, IF AVAILABLE, IS: The Agency for Enterprise Information Technology, 4030 Esplanade Way, Suite 135, Tallahassee, FL 32399-0950, telephone (850)414-6771, e-mail address: Contactaeit@aeit.myflorida.com or on the AEIT website at the following link: http://www.myflorida.com/myflorida/cabinet/aeit/index.php?pg=facsecrules

THE PRELIMINARY TEXT OF THE PROPOSED RULE DEVELOPMENT IS AVAILABLE AT NO CHARGE FROM THE CONTACT PERSON LISTED ABOVE.