Indiana § 4-13.1-4-8 Requirements for connection to state technology infrastructure

Indiana Statutes

§ 4-13.1-4-8 — Requirements for connection to state technology infrastructure

Indiana § 4-13.1-4-8

Art. 13.1OFFICE OF TECHNOLOGY

Ch. 4Technology Resources, Cybersecurity, and Infrastructure

This text of Indiana § 4-13.1-4-8 (Requirements for connection to state technology infrastructure) is published on Counsel Stack Legal Research, covering Indiana primary law. Counsel Stack provides free access to over 12 million legal documents including statutes, case law, regulations, and constitutions.

Bluebook

Ind. Code § 4-13.1-4-8 (2026).

Text

(a)A public entity that connects to the technology infrastructure of the state after July 1, 2027, must:

(1)have completed a cybersecurity assessment within the three

(3)year period immediately preceding the first date after July 1, 2027, on which the public entity connects to the technology infrastructure of the state;

(2)complete a cybersecurity assessment at least once every three

(3)years after the first date after July 1, 2027, on which the public entity connects to the technology infrastructure of the state;

(3)provide proof to the office of the public entity's compliance with subdivisions (1) and (2) upon request by the office;

(4)if the public entity is a state agency or political subdivision, have an "in.gov" or ".gov" domain name; and

(5)have a secondary end user authenti

Free access — add to your briefcase to read the full text and ask questions with AI

(a) A public entity that connects to the
technology infrastructure of the state after July 1, 2027, must:
(1) have completed a cybersecurity assessment within the three
(3) year period immediately preceding the first date after July 1,
2027, on which the public entity connects to the technology
infrastructure of the state;
(2) complete a cybersecurity assessment at least once every three
(3) years after the first date after July 1, 2027, on which the public
entity connects to the technology infrastructure of the state;
(3) provide proof to the office of the public entity's compliance
with subdivisions (1) and (2) upon request by the office;
(4) if the public entity is a state agency or political subdivision,
have an "in.gov" or ".gov" domain name; and
(5) have a secondary end user authentication mechanism.
(b) An entity that is not a public entity and that connects to the
technology infrastructure of the state after July 1, 2026, must:
(1) have completed a cybersecurity assessment within the two (2)
year period immediately preceding the first date after July 1,
2026, on which the entity connects to the technology
infrastructure of the state;
(2) complete a cybersecurity assessment:
(A) at least once every two (2) years after the first date after
July 1, 2026, on which the entity connects to the technology
infrastructure of the state; and
(B) biennially for as long as the entity connects to the
technology infrastructure of the state;
(3) provide proof to the office of the entity's compliance with
subdivisions (1) and (2) upon request by the office; and
(4) have a secondary end user authentication mechanism.
(c) At the discretion of the office:
(1) a public entity that is not in compliance with subsection (a);
or
(2) an entity that is not in compliance with subsection (b);
may be disconnected from the technology infrastructure of the state.