Minnesota

In plain terms. Minnesota runs state IT through MNIT under statute and an executive order directing cybersecurity measures for critical infrastructure.

Who it applies to. State agencies and their IT vendors. The state participates in StateRAMP, its baseline for vetting cloud-service security.

What it requires. State law sets government-data duties, establishes state information and communications systems and IT policy, and assigns responsibility for IT services. An executive order directs agencies to implement cybersecurity measures protecting critical infrastructure.

Why it matters. Vendors serving Minnesota must support MNIT's data duties and the state's critical-infrastructure cybersecurity directives.

Citation. Minn. Stat. §§ 13.05 (Government Data Duties), 16E.03, 16E.016, 16E.04, and 16E.18 (State Information and Communications Systems); Minn. Exec. Order 22-20.

In plain terms. Minnesota applies a secure development and acquisition policy to state systems.

Who it applies to. State agencies and their IT vendors.

What it requires. MNIT's secure systems development and acquisition policy sets the security requirements for systems the state builds or buys.

Why it matters. Expect Minnesota's secure development and acquisition requirements to apply to systems you deliver.

Citation. MNIT Secure Systems Development and Acquisition Policy.