S257 - Appropriations Act of 2017. (SL 2017-57)

Overview: Sec. 10.21 of S.L. 2017-57 requires the President of The University of North Carolina (President), in collaboration with the Department of Information Technology or other cybersecurity consultant selected by the President, to review the existing security for the information technology systems and associated data of The University of North Carolina System (System) and determine whether the cybersecurity and risk management services supporting the System's network are sufficient or whether expansion is needed. The review must include an evaluation of the following:

• Continuous monitoring and risk assessment.
• Security policy, implementation of security programs and effective security controls, and ongoing support for operating security governance.
• Security training and education services for faculty, staff, and administrators.

The President shall take appropriate measures to address any potential problems or issues identified by the review.

Each constituent institution must also conduct a review of the existing security for the information technology systems and associated data of the constituent institution to determine whether the cybersecurity and risk management services supporting the System's network are sufficient or whether expansion is needed. The review shall include an evaluation of the following:

• Continuous monitoring and risk assessment.
• Security policy, implementation of security programs and effective security controls, and ongoing support for operating security governance.
• Security training and education services for faculty, staff, and administrators.

The chancellor of the constituent institution must take appropriate measures to address any potential problems or issues identified by the review.

This section became effective July 1, 2017.