New Cybersecurity Requirements for State of Minnesota Critical Infrastructure Providers

On August 30, Governor Tim Walz signed Executive Order 22-20, directing state agencies to implement cybersecurity measures to protect critical infrastructure in Minnesota. Your business is part of the 16 critical infrastructure types.

MDH leadership, in partnership with Minnesota IT Services (MNIT) is following this order by continuing to monitor and help reduce cybersecurity risks to protect the life and safety of Minnesotans. All service providers rely on systems that are potentially vulnerable to cybersecurity threats and will be required to take actions to protect their system security, with more details in the future from MDH. 

What needs to be done?

• Register your system owners and identified staff with MN Fusion Center at MNFC. See below.
• Report cyber-attacks using guidance at the State Security Operations Center (SOC).
• Look for additional information in the near future from MDH on materials to conduct a cybersecurity self-assessment. You may also choose to have an assessment completed by an outside entity.
  • After completing the cybersecurity assessment, your system will:
    • Certify completion with MDH.
    • Continue work in addressing potential security gaps; and
    • Annually certify that an updated assessment has been completed.

Register system owner and staff with the Minnesota Fusion Center (MNFC). Personnel responsible for system ownership, system operations, and cybersecurity are expected to register at MNFC; there is no limit to how many may register. Register under ‘Partners Membership’, complete the biographic information, then select the Critical Infrastructure applicable Key Resources Sector.  Public drinking water entities should choose “Water.”  Most others will select “Health Care and Public Health.” IT and cyber security personnel should select ‘Information Technology’ and a sector. Registration questions can be directed to mn.fc@state.mn.us.

Find general information on cybersecurity self-assessments?

See Free Cybersecurity Services and Tools | CISA for additional guidance as it’s available.

You can update or cancel your subscription at any time by editing your personal profile. You will need your email address and your password (if you have selected one).

P.S. If you have any questions or problems please contact subscriberhelp.govdelivery.com for assistance.