§3.5–301.

    (a)    In this subtitle the following words have the meanings indicated.

    (b)    “Cybersecurity” means processes or capabilities wherein systems, communications, and information are protected and defended against damage, unauthorized use or modification, and exploitation.

    (c)    “Cybersecurity strategy” means a vision, a plan of action, or guiding principles.

    (d)    (1)    “Development” means all expenditures for a new information technology system or an enhancement to an existing system including system:

            (i)    planning;

            (ii)    creation;

            (iii)    installation;

            (iv)    testing; and

            (v)    initial training.

        (2)    “Development” does not include:

            (i)    ongoing operating costs, software or hardware maintenance, routine upgrades, or modifications that merely allow for a continuation of the existing level of functionality; or

            (ii)    expenditures made after a new or enhanced system has been legally accepted by the user and is being used for the business process for which it was intended.

    (e)    “Fund” means the Major Information Technology Development Project Fund.

    (f)    “Information technology” means all electronic information processing, including:

        (1)    maintenance;

        (2)    telecommunications;

        (3)    hardware;

        (4)    software; and

        (5)    associated services.

    (g)    “Information technology services” means information provided by electronic means by or on behalf of a unit of State government.

    (h)    “Major information technology development project” means any information technology development project that meets one or more of the following criteria:

        (1)    the estimated total cost of development equals or exceeds $1,000,000;

        (2)    the project is undertaken to support a critical business function associated with the public health, education, safety, or financial well–being of the citizens of Maryland; or

        (3)    the Secretary determines that the project requires the special attention and consideration given to a major information technology development project due to:

            (i)    the significance of the project’s potential benefits or risks;

            (ii)    the impact of the project on the public or local governments;

            (iii)    the public visibility of the project; or

            (iv)    other reasons as determined by the Secretary.

    (i)    “Master plan” means the statewide information technology master plan and statewide cybersecurity strategy.

    (j)    “Nonvisual access” means the ability, through keyboard control, synthesized speech, Braille, or other methods not requiring sight to receive, use, and manipulate information and operate controls necessary to access information technology in accordance with standards adopted under § 3.5–303(b) of this subtitle.

    (k)    “Resource sharing” means the utilization of a State resource by private industry in exchange for the provision to the State of a communication service or other consideration.

    (l)    “Systems development life cycle plan” means a plan that defines all actions, functions, or activities to be performed by a unit of State government in the definition, planning, acquisition, development, testing, implementation, operation, enhancement, and modification of information technology systems.