Florida passed a statute that allows state agencies to exclude cybersecurity information from public records – do you know if there are any other state/local governments (or US gov't agencies) that omit this kind of information when it comes to procurement for cybersecurity products/services?
Sort by:
Very common in Canada
While I am not aware of any other agencies that restrict or limit access to K-12 cybersecurity information, I am not opposed to limits being countrywide; accessible only on an as-needed basis, as determined by the courts or law enforcement. This could be likened to protecting student information from public record.
There are some but governments keep it vague due to their lack of understanding of what they actually are looking for. So many laws, particularly in my state, are extremely outdated and cyber information was not considered at the time and have not been amended to include such. This leads for so many confusing and sticky situations, particularly for those seeking guidance.
I do understand why they would want to keep some of that information disclosed from the public, but I think common information, such as the amount of funds, and categories that are a little more specific (rather than just "cyber Security") such as EDR, or SIEM would be preferred. I do not know of any other agencies that do this other than the federal government, using different forms of classifications. I suspect other states, such as California and Texas will follow them pretty soon.
We try to monitor what California is up to, but haven't seen anything yet. I can understand why the government would want to keep this sensitive, but also would like a check and balance to insure they are at least moving on things.