Public Act 100-0914
 
HB5547 EnrolledLRB100 18538 RJF 33756 b

    AN ACT concerning finance.
 
    Be it enacted by the People of the State of Illinois,
represented in the General Assembly:
 
    Section 5. The Illinois State Auditing Act is amended by
adding Section 3-2.4 as follows:
 
    (30 ILCS 5/3-2.4 new)
    Sec. 3-2.4. Cybersecurity audit.
    (a) In conjunction with its annual compliance examination
program, the Auditor General shall review State agencies and
their cybersecurity programs and practices, with a particular
focus on agencies holding large volumes of personal
information.
    (b) The review required under this Section shall, at a
minimum, assess the following:
        (1) the effectiveness of State agency cybersecurity
    practices;
        (2) the risks or vulnerabilities of the cybersecurity
    systems used by State agencies;
        (3) the types of information that are most susceptible
    to attack;
        (4) ways to improve cybersecurity and eliminate
    vulnerabilities to State cybersecurity systems; and
        (5) any other information concerning the cybersecurity
    of State agencies that the Auditor General deems necessary
    and proper.
    (c) Any findings resulting from the testing conducted under
this Section shall be included within the applicable State
agency's compliance examination report. Each compliance
examination report shall be issued in accordance with the
provisions of Section 3-14. A copy of the report shall also be
delivered to the head of the applicable State agency and posted
on the Auditor General's website.

Effective Date: 1/1/2019