Cybersecurity statutes (background)
In plain terms. Missouri centralizes IT in its Information Technology Services Division and regulates IT purchases and records by statute.
Who it applies to. State agencies and their IT vendors. The state participates in StateRAMP, its baseline for vetting cloud-service security.
What it requires. State law governs information-technology purchases, establishes the Information Technology Services Division, and addresses closed records and disclosures.
Why it matters. Vendors selling IT to Missouri work within ITSD's authority and the state's IT-purchasing rules.
Citation. Mo. Rev. Stat. §§ 34.047 (Information Technology Purchases), 37.110 (Information Technology Services Division), and 610.021/610.032 (Closed Records).
Regulations & policies (background)
In plain terms. Missouri's vendor security expectations come through ITSD policies and the state contractor agreement.
Who it applies to. State agencies and their IT vendors.
What it requires. ITSD policies on acquisition and development, agency security roles, and system security certification and accreditation, plus the State of Missouri contractor agreement, set vendor obligations.
Why it matters. Expect Missouri's certification-and-accreditation process and contractor-agreement terms to govern your work.
Citation. Missouri ITSD policies (Acquisition and Development; Agency Security Roles and Responsibilities; System Security Certification and Accreditation); State of Missouri Contractor Agreement.