Public Act 100-0914
 
HB5547 EnrolledLRB100 18538 RJF 33756 b


  
    AN ACT concerning finance.
  
 
    Be it enacted by the People of the State of Illinois,
 
represented in the General Assembly:
  
 
 
    Section 5. The Illinois State Auditing Act is amended  by 
adding Section 3-2.4 as follows:
 
    (30 ILCS 5/3-2.4 new)
    Sec. 3-2.4. Cybersecurity audit.
    (a)   In conjunction with its annual compliance examination 
program, the Auditor General shall review State agencies and 
their cybersecurity programs and practices, with a particular 
focus on agencies holding large volumes of personal 
information.
    (b)   The review required under this Section shall, at a 
minimum, assess the following:
        (1)   the effectiveness of State agency cybersecurity 
    practices;
        (2)   the risks or vulnerabilities of the cybersecurity 
    systems used by State agencies;
        (3)   the types of information that are most susceptible 
    to attack;
        (4)   ways to improve cybersecurity and eliminate 
    vulnerabilities to State cybersecurity systems; and
        (5)   any other information concerning the cybersecurity 
    of State agencies that the Auditor General deems necessary 
    and proper.
    (c)   Any findings resulting from the testing conducted under 
this Section shall be included within the applicable State 
agency's compliance examination report. Each compliance 
examination report shall be issued in accordance with the 
provisions of Section 3-14. A copy of the report shall also be 
delivered to the head of the applicable State agency and posted 
on the Auditor General's website.