Tap any paragraph to write a margin note. Your notes collect in the Desk below the text and file under cases with @. The side-by-side margin rail opens on a larger screen.

§
Marginalia
Code · Utah · Title 63C — State Commissions and Councils Code · Chapter 27

63C-27-202. Commission duties.

351 words·~2 min read·/ut/title-63c/chapter-27/63c-27-202

A research copy — for the controlling text, always check the official state or federal source. Not legal advice.

Effective 5/6/2026
63C-27-202. Commission duties.
The commission shall:
(1)identify and inform the governor of:
(a)cyber threats and vulnerabilities towards Utah's critical infrastructure;
(b)cybersecurity assets and resources; and
(c)an analysis of:
(i)current cyber incident response capabilities;
(ii)potential cyber threats; and
(iii)areas of significant concern with respect to:
(A)vulnerability to cyber attack; or
(B)seriousness of consequences in the event of a cyber attack;
(2)provide resources with respect to cyber attacks in both the public and private sector, including:
(a)best practices;
(b)education; and
(c)mitigation;
(3)promote cyber security awareness;
(4)share information;
(5)promote best practices to prevent and mitigate cyber attacks;
(6)enhance cyber capabilities and response for all Utahns;
(7)provide consistent outreach and collaboration with private and public sector organizations;
(8)share cyber threat intelligence to operators and overseers of Utah's critical infrastructure; and
(9)in accordance with Title 63G, Chapter 3, Utah Administrative Rulemaking Act, make rules establishing minimum cybersecurity standards for a local education agency, as that term is defined in Section 53G-3-402 , that:
(a)align with industry recognized cybersecurity frameworks and standards, including frameworks developed by the National Institute of Standards and Technology, the Center for Internet Security, or a successor organization;
(b)take into account varying local education agency resources, capacity, and needs;
(c)establish phased implementation timelines based on local education agency size, existing cybersecurity infrastructure, and available resources; and
(d)as appropriate based on the local education agency's size, risk profile, and available resources, shall address:
(i)identity and access management;
(ii)asset management and inventory of hardware, software, and data systems;
(iii)data protection;
(iv)security monitoring and logging capabilities;
(v)vulnerability management, including regular security assessments and patching procedures;
(vi)incident response and recovery planning;
(vii)security awareness training requirements for staff and administrators;
(viii)third-party risk management for vendors with access to local education agency systems or data;
(ix)network security controls;
(x)backup and disaster recovery procedures; and
(xi)governance structures for cybersecurity oversight within a local education agency.
Amended by Chapter 170 , 2026 General Session
★   the supreme law of the land   ★
Don't Tread on Me
E Pluribus Unum — out of many, one

"If you don't know your rights, you don't have any."

Marginalia · a citizen's law index
A research desk, not legal advice. Always read the cited source before relying on a summary.
Questions or an issue? support@self-law.org
disclaimerMarginalia is a research index, not a law firm. Nothing on this site is legal, tax, or financial advice and no attorney–client relationship is formed by using it. Statutes, regulations, and case law change; summaries, search results, AI output, and member posts may be incomplete, out of date, or wrong. Any interpretation drawn from material on this site should be validated by a licensed attorney in your jurisdiction before you act on it.