Get Full Government Meeting Transcripts, Videos, & Alerts Forever!
State IT officials tell Ways and Means subcommittee cybersecurity posture improving but below target; data center uptime near 99.98%
Summary
Department of Administrative Services officials briefed the Ways and Means subcommittee on HB 5002 about Enterprise Information Services' cybersecurity progress, data governance efforts, data-center availability and proposed budget reductions and policy packages.
Enterprise Information Services officials told the Joint Committee on Ways and Means Subcommittee on General Government on March 6 that the state's cybersecurity and data programs are improving but remain below internal targets as budget pressures force program reductions.
Terrence Wood, state chief information officer, told Co-chair Smith and the committee that the enterprise’s goal is to meet 70% of the Center for Internet Security (CIS) 8.1 and cloud addendum controls across agencies. “The goal was 40%. We moved the target up to 70% in 2023,” Wood said, and reported the enterprise average at roughly 49% in 2024 and about 50.8% at the time of testimony.
The committee heard a technical explanation from Ben Gresgere, the state chief security officer, who said the CIS assessment covers roughly 54–56 controls and that some gaps reflect basic cyber hygiene, such as incomplete inventories of software and hardware. “We would not let an agency have a serious security gap and then simply walk away from them,” Gresgere said.
Wood and Gresgere asked the committee for…
Already have an account? Log in
Subscribe to keep reading
Unlock the rest of this article — and every article on Citizen Portal.
- Unlimited articles
- AI-powered breakdowns of topics, speakers, decisions, and budgets
- Instant alerts when your location has a new meeting
- Follow topics and more locations
- 1,000 AI Insights / month, plus AI Chat
