VIRGINIA LAW PORTAL

• Code of Virginia
• Virginia Administrative Code
• Constitution of Virginia
• Charters
• Authorities
• Compacts
• Uncodified Acts
• RIS Users (account required)

SEARCHABLE DATABASES

• Bills & Resolutions
  session legislation
• Bill Summaries
  session summaries
• Reports to the General Assembly
  House and Senate documents
• Legislative Liaisons
  State agency contacts

ACROSS SESSIONS

• Subject Index: Since 1995
• Bills & Resolutions: Since 1994
• Summaries: Since 1994

Developed and maintained by the Division of Legislative Automated Systems.

2019 SESSION

• history | hilite | pdf | print version

19100636D
SENATE BILL NO. 1233 Offered January 9, 2019 Prefiled January 4, 2019 A BILL to amend the Code of Virginia by adding in Title 2.2 a chapter numbered 55.3, consisting of a section numbered 2.2-5514, relating to administration of government; prohibition on the use of certain products and services; Kaspersky Lab. ---------- Patron-- Ebbin ---------- Referred to Committee on General Laws and Technology ----------

Be it enacted by the General Assembly of Virginia:

1. That the Code of Virginia is amended by adding in Title 2.2 a chapter numbered 55.3, consisting of a section numbered 2.2-5514, as follows:

CHAPTER 55.3. PROHIBITION ON THE USE OF CERTAIN PRODUCTS AND SERVICES.

§ 2.2-5514. Prohibition on the use of products and services developed or provided by Kaspersky Lab.

A. For the purposes of this section, "public body" means any legislative body; any court of the Commonwealth; any authority, board, bureau, commission, district, or agency of the Commonwealth; any political subdivision of the Commonwealth, including counties, cities, and towns, city councils, boards of supervisors, school boards, planning commissions, and governing boards of institutions of higher education; and other organizations, corporations, or agencies in the Commonwealth supported wholly or principally by public funds. "Public body" includes any committee, subcommittee, or other entity however designated of the public body or formed to advise the public body, including those with private sector or citizen members and corporations organized by the Virginia Retirement System.

B. No public body may use, whether directly or through work with or on behalf of another public body, any hardware, software, or services developed or provided, in whole or in part, by (i) Kaspersky Lab or any successor entity; (ii) any entity that controls, is controlled by, or is under common control with Kaspersky Lab; or (iii) any entity of which Kaspersky Lab has majority ownership.

2. That the Virginia Information Technologies Agency, in consultation with other public bodies, as the Virginia Information Technologies Agency shall deem appropriate, shall conduct a review of the procedures for removing products or services prohibited under Chapter 55.3 (§ 2.2-5514) of Title 2.2 of the Code of Virginia, as created by this act, from the information technology networks of public bodies. In conducting its review, the Virginia Information Technologies Agency shall (i) identify authorities within the Commonwealth that may be used to prohibit, exclude, or prevent the use of products or services prohibited under Chapter 55.3 (§ 2.2-5514) of Title 2.2 of the Code of Virginia, as created by this act, on the information technology networks of public bodies; (ii) describe any gaps in authorities identified in clause (i) that could prevent effective prohibition of products or services prohibited under Chapter 55.3 (§ 2.2-5514) of Title 2.2 of the Code of Virginia, as created by this act, including any gaps in the enforcement of decisions made under such authorities; (iii) explain the capabilities and methodologies used to periodically assess and monitor the information technology networks of public bodies for prohibited products or services; (iv) identify information-sharing mechanisms that may be used to share information about suspect products or services, including mechanisms for the sharing of such information among public bodies in the Commonwealth, other states, relevant industries, and the public; (v) identify the existing tools for business intelligence, application management, and commerce due diligence that are either in use within the Commonwealth or that are commercially available; and (vi) recommend improvements to authorities, processes, resourcing, and capabilities of public bodies for the purpose of improving the procedures for identifying and removing prohibited products or services from the information technology networks of public bodies. No later than November 1, 2019, the Virginia Information Technologies Agency shall submit to the Governor and General Assembly an executive summary and a report of its findings and recommendations.