CS/CS/SB 258 — Prohibited Applications on Government-issued Devices
by Fiscal Policy Committee; Governmental Oversight and Accountability Committee; and Senator Burgess
This summary is provided for information only and does not represent the opinion of any Senator, Senate Officer, or Senate Office.
Prepared by: Governmental Oversight and Accountability Committee (GO)
The bill (Chapter 2023-32, L.O.F.) directs the Department of Management Services (DMS) to create a list of prohibited applications, defined as those that (1) are created, maintained, or owned by a foreign principal and that engage in specific activities that endanger cybersecurity; or (2) present a security risk in the form of unauthorized access to or temporary unavailability of a public employer’s information technology systems or data, as determined by the DMS.
The bill requires public employers (including state agencies, public education institutions, and local governments) to:
- Block access to prohibited applications on any wireless network or virtual private network that it owns, operates, or maintains;
- Restrict access to prohibited applications on any government-issued device; and
- Retain the ability to remotely wipe and uninstall prohibited applications from a compromised government-issued device.
All persons are prohibited from downloading prohibited applications on a government-issued device, and officers and employees of a public employer must remove any prohibited application from their government-issued devices within 15 calendar days of the DMS’ issuance of a list of prohibited applications.
The bill allows the use of prohibited applications by law enforcement officers, if the use is necessary to protect the public safety or to conduct an investigation. It also allows other government employees to use a prohibited application, if they are granted a waiver by the DMS.
The bill provides emergency rulemaking authority to the DMS to adopt a list of prohibited applications, and general rulemaking authority to implement a process by which it can grant waivers from the prohibition.
These provisions were approved by the Governor and take effect July 1, 2023.
Vote: Senate 38-0; House 115-0