Section 282.318(4), F.S., requires state agencies to ensure the security of agency data, information, and information technology (IT) resources. Additionally, Florida Digital Service rules (Chapter 60GG, Florida Administrative Code (F.A.C.)) establish minimum security standards for ensuring the confidentiality, integrity, and availability of state data, information, and IT resources, referred to as the Florida Cybersecurity Standards. These rules implement the National Institute of Standards and Technology (NIST) Cybersecurity Framework

The NIST Framework is comprised of five high-level functions: Identify, Protect, Detect, Respond and Recover. Under these high-level functions are underlying categories and subcategories.

Starting in 2021, each state agency Inspector General is required to incorporate a specific cybersecurity audit plan into their annual audit planning process. This initiative aligns with the Office of the Chief Inspector General's leadership in an annual cybersecurity enterprise audit, involving the state agency Inspectors General offices. \ The purpose of these enterprise audits is to evaluate agency controls and compliance with Chapter 60GG, F.A.C. and the NIST Framework.

In addition, Cybersecurity Training formed an integral component of this initiative. This training provides several notable benefits, including enhanced effectiveness in cybersecurity audits and investigations, diminished dependency on staff augmentation to perform cybersecurity audits, heightened strategic awareness of the agency's IT operations, an enhanced skill sets among agency Inspectors General staff, and improved capability to identify instances of fraud, waste, and abuse throughout the enterprise.