Md. Code Regs. 20.06.01.09
Current through Register Vol. 52, No. 1, January 10, 2025
Section 20.06.01.09 - Specific Information RequestA. The Office of Cybersecurity may send a public service company a specific information request for information related to cybersecurity incidents, standards, practices, procedures, or other information reasonably related to cybersecurity unless such processes are superseded by applicable federal cybersecurity standards and regulations that prohibit such disclosures.B. A public service company shall respond within 10 working days after receipt of a specific information request from the Office of Cybersecurity relating to a cybersecurity incident under Regulation .05 of this chapter.C. Except as provided under §B of this regulation, a public service company shall respond within 30 days after receipt of a specific information request from the Office of Cybersecurity.D. The Office of Cybersecurity may waive the requirements of §B or C of this regulation upon written request from a public service company demonstrating sufficient cause.E. The details of a public service company cybersecurity specific information request may not be divulged except as directed by the Commission, or a court, as authorized by law. The Office of Cybersecurity shall promptly notify a public service company upon the discovery of any unauthorized access, compromise, loss, or exfiltration of the public service company's special information request information.Md. Code Regs. 20.06.01.09
Regulations .09 adopted effective 51:24 Md. R. 1081, eff. 12/12/2024.