Cybersecurity statutes (background)
In plain terms. Connecticut governs state IT systems and contracting by statute, with procurement overseen by the Department of Administrative Services and the State Contracting Standards Board.
Who it applies to. State agencies and their IT vendors. Connecticut references NIST/FIPS.
What it requires. State law manages information and telecommunications systems and state contracting through general provisions.
Why it matters. Vendors contracting with Connecticut must meet its state-contracting and IT-systems requirements.
Citation. Conn. Gen. Stat. tit. 4d ch. 61 (State Information and Telecommunications Systems Management and Contracts), tit. 4e ch. 62a (State Contracting: General Provisions); tit. 36a ch. 669 (Regulated Activities). References NIST/FIPS.
Regulations & policies (background)
In plain terms. Connecticut's security expectations for vendors come through state IT security policy and standard contract terms.
Who it applies to. State agencies and their IT vendors.
What it requires. The state's policy on security for mobile computing and storage devices sets handling requirements, and the State of Connecticut contract standard terms and conditions carry the security and confidentiality obligations vendors must meet.
Why it matters. Expect device-security expectations and standard security terms in Connecticut contracts.
Citation. Connecticut Policy on Security for Mobile Computing and Storage Devices; State of Connecticut Contract Standard Terms and Conditions.