Md. Code Regs. 20.06.01.08
Current through Register Vol. 52, No. 1, January 10, 2025
Section 20.06.01.08 - Public Service Company Cybersecurity ContactsA. All public service companies shall provide a primary cybersecurity contact and alternate cybersecurity contact information to the Office of Cybersecurity that includes each contact's name, company, position title, mail address, email address, cellular phone number, and office phone number. The Office of Cybersecurity shall share this information with the State Security Operations Center in the Department of Information Technology.B. A public service company's primary cybersecurity contact shall either be the public service company's CISO, or equivalent, or directly report to the public service company CISO, or equivalent.C. A public service company alternate cybersecurity contact shall either directly report to a public service company CISO, or equivalent, or directly report to the public service company primary cybersecurity contact.D. All public service companies shall provide an organization chart, or equivalent narrative description, that describes the organizational reporting relationships of the primary cybersecurity contact and alternate cybersecurity contact to the CISO.E. The Cybersecurity Director shall be notified of all changes to primary contact and alternate contact information, including the reporting relationship of the primary cybersecurity contact and alternate cybersecurity contact to the CISO, within 30 days of changes.Md. Code Regs. 20.06.01.08
Regulations .08 adopted effective 51:24 Md. R. 1081, eff. 12/12/2024.