Skip to main content
CourtGPT logoCourtGPT
Directory
Law
For Attorneys
Blog
AppointmentsSign InSign Up
§ 4-13-1-4-8 — Indiana Law | CourtGPT
  1. Home/
  2. Laws/
  3. Indiana/
  4. Title 4 - State Offices and Administration/
  5. Article 13.1 - Office of Technology/
  6. Chapter 4 - Technology Resources, Cybersecurity, and Infrastructure Standards4-13.1-4-1. "Political Subdivision"/
  7. § 4-13-1-4-8
Indiana Legal Code

§ 4-13-1-4-8

Ask AI about this
Effective 7-1-2025.Sec. 8. (a) A public entity that connects to the technology infrastructure of the state after July 1, 2027, must:(1) have completed a cybersecurity assessment within the three (3) year period immediately preceding the first date after July 1, 2027, on which the public entity connects to the technology infrastructure of the state;(2) complete a cybersecurity assessment at least once every three (3) years after the first date after July 1, 2027, on which the public entity connects to the technology infrastructure of the state;(3) provide proof to the office of the public entity's compliance with subdivisions (1) and (2) upon request by the office;(4) if the public entity is a state agency or political subdivision, have an 'in.gov' or '.gov' domain name; and(5) have a secondary end user authentication mechanism.(b) An entity that is not a public entity and that connects to the technology infrastructure of the state after July 1, 2026, must:(1) have completed a cybersecurity assessment within the two (2) year period immediately preceding the first date after July 1, 2026, on which the entity connects to the technology infrastructure of the state;(2) complete a

ersecurity assessment within the two (2) year period immediately preceding the first date after July 1, 2026, on which the entity connects to the technology infrastructure of the state;(2) complete a cybersecurity assessment:(A) at least once every two (2) years after the first date after July 1, 2026, on which the entity connects to the technology infrastructure of the state; and(B) biennially for as long as the entity connects to the technology infrastructure of the state;(3) provide proof to the office of the entity's compliance with subdivisions (1) and (2) upon request by the office; and(4) have a secondary end user authentication mechanism.(c) At the discretion of the office:(1) a public entity that is not in compliance with subsection (a); or(2) an entity that is not in compliance with subsection (b);may be disconnected from the technology infrastructure of the state.As added by P.L.108-2024, SEC.2.