Fla. Admin. Code Ann. R. 60FF-3.006 - Department Response to System Failures, Security Breaches and Security Exposures

(1) If there is a Security Breach, Security Exposure or System Failure resulting from implementation of Network Services, Network Software, or Network Equipment purchased or leased from sources other than SUNCOM by a Customer of the State Intranet, the Department's Division of Telecommunications, in consultation with the Florida Digital Service, will take whatever action the Department deems necessary to protect the integrity, predictability and availability of the State Network and protect SUNCOM Customers following the escalation steps defined below:

(a) The Customer shall remedy any Security Breach, Security Exposure, or System Failure in coordination with the Department's Division of Telecommunications and the Florida Digital Service.

(b) In the event that the Customer cannot remedy the Security Breach, Security Exposure, or System Failure, the Customer shall grant the Department access to, and, if deemed necessary by the Department control of any resources the Department declares to be related to the Security Breach, Security Exposure, or System Failure.

(c) Based on the Department's determination that steps (a) and (b), above, have failed to resolve the Security Breach, Security Exposure, or System Failure in a manner that will protect the integrity, predictability and availability of the State Network and protect SUNCOM Customers, the Customer shall grant the Department exclusive control of any and all said Network Services, Network Software, or Network Equipment or, if deemed necessary, the Department will temporarily suspend SUNCOM Services to the SUNCOM Customer responsible for said Network Services, Network Software, or Network Equipment. In making its determination that steps (a) and (b) have failed, the Department shall consider the severity of the Security Breach, Security Exposure, or System Failure, the extent, timeliness, and effectiveness of the Customer's resolution efforts and the findings described in subsection 60FF-3.004(4), F.A.C.

(d) The Department shall provide notice to the Customer prior to taking the actions described in paragraphs 60FF-3.006(1)(b) and (c), F.A.C.

(2) Government entities and associated vendors that are responsible for any and all said Network Services, Network Software, or Network Equipment shall grant the Department exclusive access to and control of any resources that the Department declares to be related to the Security Breach, Security Exposure, or System Failure, remedy thereto and ongoing prevention of recurrence.

(a) If the Department assumes exclusive control of these Network Resources, the Department shall grant staff authorized by the Customer unlimited opportunity to see information regarding the configuration, conditions and activities on the Network Resource.

(b) If the Department assumes exclusive control of these Network Resources, the Department's Division of Telecommunications shall do so in consultation with the Florida Digital Service.

(3) If the Customer requests allowance for continuation of the primary conditions that led to the Security Breach, Security Exposure, or System Failure beyond the short term mitigation efforts, the Department will implement ongoing State Network protection requirements, such as implementing access controls to shared resources, isolation of the Customer's Sub-network and special monitoring of the Customer's Traffic and configurations.

Notes

Fla. Admin. Code Ann. R. 60FF-3.006

Rulemaking Authority 282.702(2), (9), 282.707(2) FS. Law Implemented 282.702(2), (8), (12), 282.703, 282.704, 282.705, 282.706, 282.707 FS.

New 6-25-08, Amended by Florida Register Volume 48, Number 086, May 3, 2022 effective 5/19/2022.

New 6-25-08, Amended 5-19-22.