Statutes Text
Article - State Finance and Procurement
§3.5–303.
(a) The Secretary is responsible for carrying out the following duties:
(1) developing, maintaining, revising, and enforcing information technology policies, procedures, and standards;
(2) providing technical assistance, advice, and recommendations to the Governor and any unit of State government concerning information technology matters;
(3) reviewing the annual project plan for each unit of State government to make information and services available to the public over the Internet;
(4) developing and maintaining a statewide information technology master plan that will:
(i) centralize the management and direction of information technology policy within the Executive Branch of State government under the control of the Department;
(ii) include all aspects of State information technology including telecommunications, security, data processing, and information management;
(iii) consider interstate transfers as a result of federal legislation and regulation;
(iv) ensure that the State information technology plan and related policies and standards are consistent with State goals, objectives, and resources, and represent a long–range vision for using information technology to improve the overall effectiveness of State government;
(v) include standards to assure nonvisual access to the information and services made available to the public over the Internet; and
(vi) allows a State agency to maintain the agency’s own information technology unit that provides for information technology services to support the mission of the agency;
(5) developing and maintaining a statewide cybersecurity strategy that will:
(i) centralize the management and direction of cybersecurity strategy within the Executive Branch of State government under the control of the Department; and
(ii) serve as the basis for budget allocations for cybersecurity preparedness for the Executive Branch of State government;
(6) adopting by regulation and enforcing nonvisual access standards to be used in the procurement of information technology services by or on behalf of units of State government in accordance with subsection (c) of this section;
(7) in consultation with the Maryland Cybersecurity Coordinating Council, advising and overseeing a consistent cybersecurity strategy for units of State government, including institutions under the control of the governing boards of the public institutions of higher education;
(8) advising and consulting with the Legislative and Judicial branches of State government regarding a cybersecurity strategy;
(9) in consultation with the Maryland Cybersecurity Coordinating Council, developing guidance on consistent cybersecurity strategies for counties, municipal corporations, school systems, and all other political subdivisions of the State;
(10) upgrading information technology and cybersecurity–related State government infrastructure; and
(11) annually evaluating:
(i) the feasibility of units of State government providing public services using artificial intelligence, machine learning, commercial cloud computer services, device–as–a–service procurement models, and other emerging technologies; and
(ii) the development of data analytics capabilities to enable data–driven policymaking by units of State government.
(b) Nothing in subsection (a) of this section may be construed as establishing a mandate for any entity listed in subsection (a)(9) of this section.
(c) On or before January 1, 2020, the Secretary, or the Secretary’s designee, shall:
(1) adopt new nonvisual access procurement standards that:
(i) provide an individual with disabilities with nonvisual access in a way that is fully and equally accessible to and independently usable by the individual with disabilities so that the individual is able to acquire the same information, engage in the same interactions, and enjoy the same services as users without disabilities, with substantially equivalent ease of use; and
(ii) are consistent with the standards of § 508 of the federal Rehabilitation Act of 1973; and
(2) establish a process for the Secretary or the Secretary’s designee to:
(i) determine whether information technology meets the nonvisual access standards adopted under item (1) of this subsection; and
(ii) 1. for information technology procured by a State unit before January 1, 2020, and still used by the State unit on or after January 1, 2020, work with the vendor to modify the information technology to meet the nonvisual access standards, if practicable; or
2. for information technology procured by a State unit on or after January 1, 2020, enforce the nonvisual access clause developed under § 3.5–311 of this subtitle, including the enforcement of the civil penalty described in § 3.5–311(a)(2)(iii)1 of this subtitle.
(d) (1) The Governor shall include an appropriation in the annual budget bill in an amount necessary to cover the costs of implementing the statewide cybersecurity master plan developed under subsection (a) of this section without the need for the Department to operate a charge–back model for cybersecurity services provided to other units of State government or units of local government.
(2) On or before January 31 each year, in a separate report or included within a general budget report, the Governor shall submit a report in accordance with § 2–1257 of the State Government Article to the Senate Budget and Taxation Committee and the House Appropriations Committee that includes:
(i) specific information on the information technology budget and cybersecurity budget that the Governor has submitted to the General Assembly for the upcoming fiscal year; and
(ii) how the budgets listed under item (i) of this paragraph compare to the annual overview of the U.S. President’s budget submission on information technology and cybersecurity to Congress conducted by the U.S. Office of Management and Budget.