Statutes, codes, and regulations
Maryland Administrative code
Title 20 - PUBLIC SERVICE COMMISSIONSubtitle 06 - CYBERSECURITY
Chapter 20.06.01 - General
Section 20.06.01.03 - Good Cybersecurity Practice

Md. Code Regs. 20.06.01.03

Download
PDF
Current through Register Vol. 52, No. 1, January 10, 2025
Section 20.06.01.03 - Good Cybersecurity Practice
A. All public service companies shall follow good cybersecurity practice.
B. At a minimum, public service company cybersecurity plans shall address cybersecurity-related governance, risk management, procurement practices, personnel hiring, training policies, situational awareness, response, recovery, zero trust implementation, and transparent reporting of cybersecurity incidents to State and federal entities.
C. At a minimum, all public service companies shall comply with all cybersecurity standards applicable to their cybersecurity devices and align their cybersecurity practices with Cybersecurity and Infrastructure Security Agency's Cross-Sector Cybersecurity Performance Goals (CPG) or a more stringent standard that is based on the National Institute of Standards and Technology (NIST) security frameworks.

Md. Code Regs. 20.06.01.03

Regulation .03 adopted effective 49:15 Md. R. 739, eff. 7/25/2022; amended effective 51:24 Md. R. 1081, eff. 12/12/2024.