Florida Administrative Code
60 - DEPARTMENT OF MANAGEMENT SERVICES
60FF - Technology Program
Chapter 60FF-3 - STATE NETWORK USAGE AND SECURITY
Section 60FF-3.006 - Department Response to System Failures, Security Breaches and Security Exposures

Universal Citation: FL Admin Code R 60FF-3.006

Current through Reg. 50, No. 187; September 24, 2024

(1) If there is a Security Breach, Security Exposure or System Failure resulting from implementation of Network Services, Network Software, or Network Equipment purchased or leased from sources other than SUNCOM by a Customer of the State Intranet, the Department's Division of Telecommunications, in consultation with the Florida Digital Service, will take whatever action the Department deems necessary to protect the integrity, predictability and availability of the State Network and protect SUNCOM Customers following the escalation steps defined below:

(a) The Customer shall remedy any Security Breach, Security Exposure, or System Failure in coordination with the Department's Division of Telecommunications and the Florida Digital Service.

(b) In the event that the Customer cannot remedy the Security Breach, Security Exposure, or System Failure, the Customer shall grant the Department access to, and, if deemed necessary by the Department control of any resources the Department declares to be related to the Security Breach, Security Exposure, or System Failure.

(c) Based on the Department's determination that steps (a) and (b), above, have failed to resolve the Security Breach, Security Exposure, or System Failure in a manner that will protect the integrity, predictability and availability of the State Network and protect SUNCOM Customers, the Customer shall grant the Department exclusive control of any and all said Network Services, Network Software, or Network Equipment or, if deemed necessary, the Department will temporarily suspend SUNCOM Services to the SUNCOM Customer responsible for said Network Services, Network Software, or Network Equipment. In making its determination that steps (a) and (b) have failed, the Department shall consider the severity of the Security Breach, Security Exposure, or System Failure, the extent, timeliness, and effectiveness of the Customer's resolution efforts and the findings described in subsection 60FF-3.004(4), F.A.C.

(d) The Department shall provide notice to the Customer prior to taking the actions described in paragraphs 60FF-3.006(1)(b) and (c), F.A.C.

(2) Government entities and associated vendors that are responsible for any and all said Network Services, Network Software, or Network Equipment shall grant the Department exclusive access to and control of any resources that the Department declares to be related to the Security Breach, Security Exposure, or System Failure, remedy thereto and ongoing prevention of recurrence.

(a) If the Department assumes exclusive control of these Network Resources, the Department shall grant staff authorized by the Customer unlimited opportunity to see information regarding the configuration, conditions and activities on the Network Resource.

(b) If the Department assumes exclusive control of these Network Resources, the Department's Division of Telecommunications shall do so in consultation with the Florida Digital Service.

(3) If the Customer requests allowance for continuation of the primary conditions that led to the Security Breach, Security Exposure, or System Failure beyond the short term mitigation efforts, the Department will implement ongoing State Network protection requirements, such as implementing access controls to shared resources, isolation of the Customer's Sub-network and special monitoring of the Customer's Traffic and configurations.

Rulemaking Authority 282.702(2), (9), 282.707(2) FS. Law Implemented 282.702(2), (8), (12), 282.703, 282.704, 282.705, 282.706, 282.707 FS.

New 6-25-08, Amended 5-19-22.

Disclaimer: These regulations may not be the most recent version. Florida may have more current or accurate information. We make no warranties or guarantees about the accuracy, completeness, or adequacy of the information contained on this site or the information linked to on the state site. Please check official sources.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.