Bill > H0004

This bill amends Idaho's information technology laws to strengthen cybersecurity measures across state government by expanding the Office of Information Technology Services' powers and requiring multifactor identification. The bill defines multifactor identification as using two or more different types of authentication credentials, such as passwords, physical tokens, or biometric traits like fingerprints. Specifically, the Office of Information Technology Services will now have the authority to directly (rather than merely coordinate) telecommunications equipment acquisition for various government branches, oversee cybersecurity policies, and ensure state agencies implement cybersecurity best practices. The legislation mandates that all state agencies, including the legislative and judicial branches and elected officials' staffs, must implement multifactor identification for accessing various technological resources like email accounts, networks, databases, and servers. The bill aims to enhance the security of state government's information technology systems by providing clearer guidelines and requiring more robust authentication methods. The new requirements will go into effect on July 1, 2025, giving state agencies time to prepare and implement the necessary changes.

Business and Industry

State Affairs Committee (House)

https://legislature.idaho.gov/sessioninfo/2025/legislation/H0004/