Public Act 100-0914

HB5547 Enrolled LRB100 18538 RJF 33756 b

AN ACT concerning finance.

Be it enacted by the People of the State of Illinois,

represented in the General Assembly:

Section 5. The Illinois State Auditing Act is amended by

adding Section 3-2.4 as follows:

(30 ILCS 5/3-2.4 new)

Sec. 3-2.4. Cybersecurity audit.

(a) In conjunction with its annual compliance examination

program, the Auditor General shall review State agencies and

their cybersecurity programs and practices, with a particular

focus on agencies holding large volumes of personal

information.

(b) The review required under this Section shall, at a

minimum, assess the following:

(1) the effectiveness of State agency cybersecurity

practices;

(2) the risks or vulnerabilities of the cybersecurity

systems used by State agencies;

(3) the types of information that are most susceptible

to attack;

(4) ways to improve cybersecurity and eliminate

vulnerabilities to State cybersecurity systems; and

(5) any other information concerning the cybersecurity

of State agencies that the Auditor General deems necessary

and proper.

(c) Any findings resulting from the testing conducted under

this Section shall be included within the applicable State

agency's compliance examination report. Each compliance

examination report shall be issued in accordance with the

provisions of Section 3-14. A copy of the report shall also be

delivered to the head of the applicable State agency and posted

on the Auditor General's website.