New Mexico Administrative Code
Title 1 - GENERAL GOVERNMENT ADMINISTRATION
Chapter 12 - INFORMATION TECHNOLOGY
Part 20 - INFORMATION SECURITY OPERATION MANAGEMENT
Section 1.12.20.26 - SYSTEM SECURITY CHECKING
Current through Register Vol. 35, No. 18, September 24, 2024
A. Systems that process or store sensitive or confidential information or services that provide support for critical services shall undergo technical security reviews by agency system administrators to ensure compliance with implementation standards and rules as promulgated by DoIT and check for vulnerabilities to threats discovered subsequent to the review. Technical reviews of systems and services essential to the support of critical agency functions shall be conducted by agency system administrators at least once every year. Random reviews of all systems and services shall be conducted at least once every 24 months.
B. Any deviations from expected or required results, as defined by the agency CIO or ISO which are detected by the technical security review shall be reported to the agency CIO and the agency ISO and shall be corrected immediately. Agency staff shall also be advised of such deviations and agency shall investigate deviations (including the review of system activity log records, if necessary) and provide results of investigation to agency ISO and CIO.