HB5547 Enrolled LRB100 18538 RJF 33756 b
1		AN ACT concerning finance.
2		Be it enacted by the People of the State of Illinois,
3		represented in the General Assembly:
4		Section 5. The Illinois State Auditing Act is amended by
5		adding Section 3-2.4 as follows:
6		(30 ILCS 5/3-2.4 new)
7		Sec. 3-2.4. Cybersecurity audit.
8		(a) In conjunction with its annual compliance examination
9		program, the Auditor General shall review State agencies and
10		their cybersecurity programs and practices, with a particular
11		focus on agencies holding large volumes of personal
12		information.
13		(b) The review required under this Section shall, at a
14		minimum, assess the following:
15		(1) the effectiveness of State agency cybersecurity
16		practices;
17		(2) the risks or vulnerabilities of the cybersecurity
18		systems used by State agencies;
19		(3) the types of information that are most susceptible
20		to attack;
21		(4) ways to improve cybersecurity and eliminate
22		vulnerabilities to State cybersecurity systems; and
23		(5) any other information concerning the cybersecurity

HB5547 Enrolled - 2 - LRB100 18538 RJF 33756 b
1		of State agencies that the Auditor General deems necessary
2		and proper.
3		(c) Any findings resulting from the testing conducted under
4		this Section shall be included within the applicable State
5		agency's compliance examination report. Each compliance
6		examination report shall be issued in accordance with the
7		provisions of Section 3-14. A copy of the report shall also be
8		delivered to the head of the applicable State agency and posted
9		on the Auditor General's website.