Tap any paragraph to write a margin note. Your notes collect in the Desk below the text and file under cases with @. The side-by-side margin rail opens on a larger screen.

§
Marginalia
Code · Maryland · State Finance and Procurement

§ 3.5-405

340 words·~2 min read·/md/state-finance-and-procurement/3-5-405·

A research copy — for the controlling text, always check the official state or federal source. Not legal advice.

§3.5–405.
(a)On or before December 1 each year, each unit of State government shall:
(1)report the results of any cybersecurity preparedness assessments performed in the prior year to the Office of Security Management in accordance with guidelines developed by the Office; and
(2)submit a report to the Governor and the Office of Security Management that includes:
(i)an inventory of all information systems and applications used or maintained by the unit;
(ii)a full data inventory of the unit;
(iii)a list of all cloud or statistical analysis system solutions used by the unit;
(iv)a list of all permanent and transient vendor interconnections that are in place;
(v)the number of unit employees who have received cybersecurity training;
(vi)the total number of unit employees who use the network;
(vii)the number of information technology staff positions, including vacancies;
(viii)the number of noninformation technology staff positions, including vacancies;
(ix)the unit’s information technology budget, itemized to include the following categories:
1. services;
2. equipment;
3. applications;
4. personnel;
5. software licensing;
6. development;
7. network projects;
8. maintenance; and
9. cybersecurity;
(x)any major information technology initiatives to modernize the unit’s information technology systems or improve customer access to State and local services;
(xi)the unit’s plans for future fiscal years to implement the unit’s information technology goals;
(xii)compliance with timelines and metrics provided in the Department’s master plan; and
(xiii)any other key performance indicators required by the Office of Security Management to track compliance or consistency with the Department’s statewide information technology master plan.
(1)Each unit of State government shall report a cybersecurity incident in accordance with paragraph
(2)of this subsection to the State Chief Information Security Officer.
(2)For the reporting of cybersecurity incidents under paragraph
(1)of this subsection, the State Chief Information Security Officer shall determine:
(i)the criteria for determining when an incident must be reported;
(ii)the manner in which to report; and
(iii)the time period within which a report must be made.
★   the supreme law of the land   ★
Don't Tread on Me
E Pluribus Unum — out of many, one

"If you don't know your rights, you don't have any."

Marginalia · a citizen's law index
A research desk, not legal advice. Always read the cited source before relying on a summary.
Questions or an issue? support@self-law.org
disclaimerMarginalia is a research index, not a law firm. Nothing on this site is legal, tax, or financial advice and no attorney–client relationship is formed by using it. Statutes, regulations, and case law change; summaries, search results, AI output, and member posts may be incomplete, out of date, or wrong. Any interpretation drawn from material on this site should be validated by a licensed attorney in your jurisdiction before you act on it.