eLaws | eCases | Utah Code | Utah Courts | Counties & Cities of Utah | Code of Federal Regulations |
Home » 2004 Issues » Vol. 2004, No. 20 (10/15/2004) » No. 27462 (New Rule): R365-11. Network Filtering Requirements for Executive Branch Agencies

  No. 27462 (New Rule): R365-11. Network Filtering Requirements for Executive Branch Agencies  

  • DAR File No.: 27462
    Filed: 10/01/2004, 07:42
    Received by: NL

     

    RULE ANALYSIS

    Purpose of the rule or reason for the change:

    Network Security, risk of harassment, resource utilization, and employee productivity are all affected by the access and transfer of inappropriate electronic material. This proposed new rule provides limitations for access by Executive Branch Agencies.

     

    Summary of the rule or change:

    This new rule implements filtering policies into rule for management of network access to inappropriate material over electronic networks.

     

    State statutory or constitutional authorization for this rule:

    Section 63D-1a-305

     

    Anticipated cost or savings to:

    the state budget:

    No anticipated impact--This function is currently performed within the Division of Information Technology Services (ITS). This rule formalizes the process.

     

    local governments:

    No impact--Local government is not affected by this rule.

     

    other persons:

    None--This rule is for Executive Branch agencies only.

     

    Compliance costs for affected persons:

    None--All current network activity is via the division of ITS. They have the tools and resources in place to accommodate this rule.

     

    Comments by the department head on the fiscal impact the rule may have on businesses:

    Implementation of filtering for networks will have a positive net fiscal impact by reducing inappropriate traffic on state networks.

     

    The full text of this rule may be inspected, during regular business hours, at the Division of Administrative Rules, or at:

    Governor
    Planning and Budget, Chief Information Officer
    Room 116 STATE CAPITOL
    350 N STATE ST
    SALT LAKE CITY UT 84114-1103

     

    Direct questions regarding this rule to:

    Randy Hughes at the above address, by phone at 801-537-9071, by FAX at 801-538-1547, or by Internet E-mail at randyhughes@utah.gov

     

    Interested persons may present their views on this rule by submitting written comments to the address above no later than 5:00 p.m. on:

    11/15/2004

     

    This rule may become effective on:

    11/16/2004

     

    Authorized by:

    Val Oveson, Chief Information Officer

     

     

    RULE TEXT

    R365. Governor, Planning and Budget, Chief Information Officer.

    R365-11. Network Filtering Requirements for Executive Branch Agencies.

    R365-11-1. Purpose.

    The purpose of this rule is to define limitations of access to "inappropriate material" in concurrence with R365-7 Acceptable Use of Information Technology Resources.

    Network Security, risk of harassment, resource utilization, and employee productivity are all affected by the access and transfer of inappropriate electronic material. This rule requires that network providers to the Executive Branch implement filtering at levels prescribed by the CIO for the benefit and protection of the Executive Branch as required by the Acceptable Use of Information Technology Resources Rule (R365-7).

     

    R365-11-2. Authority.

    This rule is issued by the Chief Information Officer under the authority of Section 63D-1a-305 of the Information Technology Act, and Section 63-46a-3 of the Utah Rulemaking Act, Utah Code.

     

    R365-11-3. Definitions.

    (1) "Inappropriate material" means any content to which access would be inappropriate in the course of conduct of typical state business. Examples of Internet sites that fall under this definition may include, but are not limited to, those that promote the use of alcohol, tobacco, gambling, illicit drug use and illegal activities; violence and violent extremist views including acts of extreme cruelty against animals or persons; full or partial nudity, and graphic sex.

    (2) "Network" means any electronic method for communicating information within agencies, between agencies, and between agencies and external entities where such communication may allow access to inappropriate material.

    (3) "Network Filtering Criteria" means the categories of inappropriate material which shall be blocked from electronic access.

     

    R365-11-4. Scope of Application.

    (1) All agencies of the executive branch of state government including its administrative sub-units, except the State Board of Education, the Board of Regents, and institutions of higher education, are included within the scope of this rule.

    (2) This rule provides requirements for denying or limiting state agencies from access to inappropriate material over electronic networks.

     

    R365-11-5. Responsibilities and Authorities.

    (1) The CIO shall review and approve network filtering criteria.

    (a) The CIO may direct the IT council, network service providers, the State Chief Information Security Officer, or others, to establish review teams as needed to determine appropriate network filtering criteria.

    (2) Executive Branch agencies shall ensure that access to networks by employees utilize CIO approved filtering.

    (a) Executive Branch agencies shall provide contract information to the CIO for private network providers utilized by the agency as defined in 63a-6-106 of Utah Code.

    (3) Executive Branch agency contracts with network providers shall include provisions to support this rule.

    (a) Provide network filtering and processes to meet the requirements of this rule.

    (b) Provide discretionary filtering as required by individual departments beyond the minimum filtering requirements established by this rule.

    (c) Provide a means to remove legitimate sites from filtering criteria or to unblock content as required through exception to this rule.

    (d) Changes in filtering criteria shall be implemented within 30 working days of CIO notification to a network provider or Executive Branch Agency.

    (e) Implementation of filtering criteria changes shall be communicated by the network provider to executive branch agency personnel, including but not limited to, the most Senior IT Manager and the Executive Director or their designee, a minimum of 10 working days prior to implementation.

    (4) Existing contracts with network providers shall be brought into compliance at the earliest opportunity allowed within the current contract, or at contract renewal, whichever occurs first.

     

    R365-11-6. Exceptions.

    (1) Agency Executive Director, or the most senior executive of an Executive Branch Agency, may request an exception for filtering through the CIO via written communication.

     

    R365-11-7. Rule Compliance Management.

    A state executive branch agency's executive director, or designee, upon becoming aware of a violation, shall institute measures designed to enforce this rule. The CIO may, where appropriate, monitor compliance and report to an agency's executive director any findings or violations of this rule.

     

    KEY: filtering inappropriate material, networks

    2004

    63D-1a-305

     

     

     

     
Visit the Official Version
Leave a Comment

Document Information

Effective Date:
11/16/2004
Publication Date:
10/15/2004
Filed Date:
10/01/2004
Agencies:
Governor,Planning and Budget, Chief Information Officer
Rulemaking Authority:

Section 63D-1a-305

 

Authorized By:
Val Oveson, Chief Information Officer
DAR File No.:
27462