                                 CODE OF VIRGINIA

POWERS AND DUTIES OF THE ITAC; REPORT (§ 2.2-2699.6)

A. The ITAC shall have the power and duty to:

   1. Adopt rules and procedures for the conduct of its business;

   2. Advise the CIO regarding cybersecurity policies, standards, and guidelines,
   for (i) assessing security risks, (ii) determining appropriate security
   measures, (iii) performing security audits of government electronic
   information, (iv) strengthening the Commonwealth&#8217;s cybersecurity, and
   (v) protecting against and responding to breaches of information technology
   security;

   3. Advise the CIO on strategies and priorities for information technology for
   executive branch agencies;

   4. Advise the CIO on information technology planning and projects;

   5. Advise the CIO on policies, standards, and guidelines for information
   technology and data of the Commonwealth; and

   6. Advise the CIO on information technology budgeting, investments, and
   expenditures.

B. The ITAC may appoint advisory subcommittees consisting of individuals with
expertise in particular subject areas and information technology to advise the
ITAC on the utilization of nationally recognized technical and data standards in
such subject areas. If such a subcommittee is appointed by the ITAC, the CIO, or
his designee, shall be an ex officio member and the Secretary of Administration
may appoint representatives from other relevant Secretariats or state agencies
as may be appropriate. Any such subcommittee may be appointed for a period of
two years and may be reappointed by the ITAC at the end of any two-year period.

C. The CIO shall report annually to the Governor and the General Assembly
regarding the work of the ITAC and any advisory subcommittees.

D. As used in this section, &#8220;information technology&#8221; has the same
meaning as set forth in &#xA7; 2.2-2006.

HISTORY: 2010, cc. 136, 145; 2011, cc. 266, 313; 2016, c. 296; 2022, cc. 260,
261.