Georgia

In plain terms. Georgia channels state IT security through the Georgia Technology Authority, which sets binding technical standards.

Who it applies to. State agencies and their IT vendors. The state participates in StateRAMP, its baseline for vetting cloud-service security.

What it requires. State law requires agencies to adhere to the technical standards and specifications established by the Georgia Technology Authority and grants the Authority broad powers over state technology.

Why it matters. Vendors selling IT to Georgia must meet the Georgia Technology Authority's technical and security standards.

Citation. Ga. Code Ann. §§ 50-25-7.2 (Adherence to Technical Standards) and 50-25-4 (Georgia Technology Authority General Powers).

In plain terms. Georgia sets detailed third-party security requirements through GTA policies and standards.

Who it applies to. Vendors and service providers with third-party access to state systems or data.

What it requires. GTA's enterprise information-security policy, third-party access policy, third-party security requirements, independent-security-assessment standard, and rules for outsourced IT services and interconnections define what outside parties must do.

Why it matters. As a third party, expect Georgia to require independent security assessments and compliance with its third-party security standards.

Citation. Georgia Technology Authority PS-08-005 (Enterprise Information Security Policy), PS-08-011 (Third-Party Access), SS-08-013 (Third-Party Security Requirements), SS-08-042 (Independent Security Assessments), and SS-08-044 (Outsourced IT Services and Third-Party Interconnections).