Int. No. 1153
By Council Members Koo, Rivera and Holden
Title
A Local Law to amend the administrative code of the city of New York, in relation to requiring an electronic system penetration testing protocol and security briefings and reports
Body
Be it enacted by the Council as follows:
Section 1. The title of chapter 8 of title 23 of the administrative code of the city of New York, as added by local law number 25 for the year 2016, is amended to read as follows:
CHAPTER 8
CITY WEBSITES AND ELECTRONIC SYSTEMS
? 2. Chapter 8 of title 23 of the administrative code of the city of New York is amended by adding a new section 23-803 to read as follows:
? 23-803 Electronic systems security testing, briefings and reports. a. For the purposes of this section, the following terms have the following meanings:
Chief information security officer. The term "chief information security officer" means the head of New York city cyber command as established by executive order number 28 for the year 2017 or any other officer or administering agency designated by the mayor to perform the same functions.
Electronic system. The term "electronic system" means any website, network, online infrastructure or internally or externally accessible electronic system constructed or maintained by or on behalf of the city.
Personal identifying information. The term "personal identifying information" shall have the same meaning as provided for the term "personal identifying information" in section 10-501 and any other identifying information, as such term is defined in section 23-1201.
b. The chief information security officer shall adopt a protocol relating to penetration testing of electronic systems. Such protocol shall use the penetration testing standards of national institute of standards and technology special publication 800-53, including all control enhancements, or any successor standard, for all physical electronic...
Click here for full text