Skip to main content
govconCyber
State profile

Mississippi

Responsible agency: Dep't of Finance and Admin.; Bureau of Purchasing and Contracting; Bureau of Building, Grounds, and Real Property Mgmt.

Last reviewedJune 7, 2026Version v1

Cybersecurity statutes (background)

In plain terms. Mississippi runs cybersecurity for state agencies through a central Enterprise Security Program led by the Mississippi Department of Information Technology Services (MDITS). State law sets the rules, including a fast breach-reporting deadline.

Who it applies to. State agencies and the contractors that sell them data and information-technology systems and services.

What it requires. The Enterprise Security Program coordinates cybersecurity oversight across all state agencies and runs an advisory council of agency information-security officers. Agencies must build appropriate cybersecurity requirements into the specifications of their IT solicitations. Since July 1, 2023, any state agency hit by a cyberattack or a ransomware demand must notify MDITS no later than the close of the next business day, using MDITS's reporting format; those reports are exempt from the state Public Records Act.

Why it matters. If you sell IT to Mississippi, your products and services have to satisfy the agency's cybersecurity specifications, and an incident on a system you support can trigger the state's next-business-day reporting clock.

Citation. Miss. Code Ann. §§ 25-53-1 et seq., including the Enterprise Security Program (§ 25-53-201) and cyberattack/ransomware reporting (§ 25-53-203); related duties at §§ 25-53-25, -53, -59, -111, -117. State references NIST/FIPS standards.

Regulations & policies (background)

In plain terms. Mississippi has no separate body of cybersecurity regulations; instead, MDITS procurement rules and the state Procurement Manual govern how cyber-related IT is bought and approved.

Who it applies to. State agencies procuring IT, and their vendors.

What it requires. Procurement of covered information-technology systems and services runs through MDITS review and approval (for example, ISS Procurement Rule 209.3 on ITS Director and ITS Board approval of procurements), layered on the Public Procurement Review Board rules and the Mississippi Procurement Manual.

Why it matters. Vendors should expect MDITS to be in the approval path for IT buys, so meeting its process and security expectations is part of doing business with the state.

Citation. PPRB Rules and Regulations; Mississippi Procurement Manual; MDITS ISS Procurement Rule 209.3. (Mississippi has no dedicated cyber regulation; these are procurement rules and policies.)