Related Laws and Regulations

Office of Cyber Security

• NYS Executive Law § 715. Office of Cyber Security
• NYS Information Security Breach and Notification Act

Office of Emergency Management

• Article 2B of the NYS Executive Law
• Primer on Article 2B
• Article 2B Questions and Answers

Office of Fire Prevention and Control

Laws

• Executive Law Article 6-C Office of Fire Prevention and Control
• County Law § 225-a Fire training and mutual aid programs
• Civil Service Law § 58-a Requirements for provisional or permanent appointment of certain firefighters
• Criminal Procedure Law § 2.10 (79) Persons designated as peace officers
• Education Law § 807-a Fire inspections
• Education Law § 807-b College fire inspections
• Executive Law § 837-o Search for arson conviction records of volunteer firefighter applicants
• General Municipal Law § 72-g Expenses of volunteer firefighters attending training schools and instruction courses
• General Municipal Law § 91-a Arson investigation
• General Municipal Law § 204-c Plan for arson investigation
• General Municipal Law § 204-d Duties of the fire chief
• General Municipal Law § 204-f Plan for hazardous materials incidents response
• General Municipal Law § 209-bb Specialized teams
• General Municipal Law § 209-c Fire police squads of fire departments and fire companies
• General Municipal Law § 209-cc Notification of presence of wild animals and dangerous dogs
• General Municipal Law § 209-e Fire mobilization and mutual aid plan
• General Municipal Law § 209-u Notification of presence of hazardous materials
• General Municipal Law § 209-w Permanent appointment of fire fighters; completion of training program
• General Municipal Law § 209-x Training of certain paid city firemen promoted to a first-line supervisory position
• Insurance Law § 318 Reports of fire losses; availability of information
• Insurance Law § 3409 Distribution of hazardous material report forms
• Penal Law § 265.26 Burn injury and wounds to be reported
• State Finance Law § 54-e State assistance to reimburse municipalities for firefighting costs
• State Finance Law § 97-pp New York state emergency services revolving loan account
• State Finance Law § 99-q Volunteer firefighting and volunteer emergency services recruitment and retention fund
• Town Law § 176-b Volunteer members of fire district fire companies
• Vehicle and Traffic Law § 115-a Fire vehicle

Regulations

• Title 9 Subtitle F Chapter III - Fire Safety
• 9 NYCRR Part 205 Fire Mobilization and Mutual Aid Plan
• Title 19 Chapter XII - Office of Fire Prevention and Control
• 19 NYCRR Part 425 Payment to Municipalities for Firefighting Costs Incurred in Fighting Fires on Property Under the Jurisdiction of the State of New York
• 19 NYCRR Part 426 Minimum Standards for Firefighting Personnel in the State of New York
• 19 NYCRR Part 427 Minimum Standards for Firefighting Personnel in the State of New York--Administrative Procedures
• 19 NYCRR Part 428 Reporting of the Presence of Hazardous Materials
• 19 NYCRR Part 429Fire Safety Standards for Cigarettes
• 19 NYCRR Part 437 Training of First-Line Supervisors at the New York City Fire Academy
• 19 NYCRR Part 438 New York State Fire Training Program - Minimum Standards
• 19 NYCRR Part 451 Fire Academy Grants and Bequests Account
• 19 NYCRR Part 452 New York Fire Academy Account
• 19 NYCRR Part 500 Campus Fire Safety
• Title 19 Chapter XVI - Wild Animals
• 19 NYCRR Part 820 Required Annual Reporting of the Presence of Wild Animals

General

• Public Officers Law
  (After the page loads click PBO from list)
  Personal Privacy Protection Law, Article 6-A,
  §92(9) - definition of "record"
  §95(b) - denial of access to records
  
• Penal Law §156
  (After the page loads click PEN from list; then click Article 156- "Offenses involving computers; definition of terms.")
• Freedom of Information Law (FOIL)
  • Full Text of FOIL
  • FAQs about the Freedom of Information Act

• State Archives and Records Administration
• §57-A Arts and Cultural Affairs Law (ACAL)
  Archives and Records Management Law for the Records of New York State Government.
• Health and Human Services: Health Insurance Portability and Accountability Act of 1996
• The HIPAA Law and Related Information

Policies

• Cyber Incident Reporting Policy P03-001

  This Policy defines a process and procedure for New York State governmental entities to report cyber security incidents to the New York State Office of Cyber Security.

• Information Security Policy P03-002 V3.4

  This Policy sets forth the minimum requirements, responsibilities and accepted behaviors to establish and maintain a secure environment and achieve the State's information security objectives. This Policy documents many of the security practices already in place in some State entities.

Publically Available Standards for the Information Security Policy:

• Role and Responsibilities of the State Entity Information Security Officer Standard (P03-002, Part 4. Organizational Security Policy)- S10-001 - V1.1
  This Standard defines the annual Continuing Professional Education (CPE) credit requirements for Information Security Officers in the State.
• Monitoring System Access and Use Standard (P03-002, Part 10. Access Control Policy) - S10-005 - V1.1
  This Standard defines audit log requirements for State systems and applications
• Cryptographic Controls Standard (P03-002, Part 11. Systems Development and Maintenance Policy)- S10-006 - V1.1
  This Standard defines the requirements for encryption of data at rest and data in transit. Included in the Appendix of this Standard is guidance in selecting FIPS 140 validated products.
• Key Management Standard (P03-002, Part 11. Systems Development and Maintenance Policy)S10-007 - V1.1
  This Standard defines the requirements for management of encryption
• Information Classification and Control Policy and Standard (with Appendices) PS08-001 - V1.2

  This Policy and Standard defines a classification scheme for information, provides procedures for classifying information and supplies baseline controls to protect the confidentiality, integrity and availability of information.

• Exemption Request Form PS08-001 - Appendix A - V1.2
  This form is for use in limited situations where a State entity determines that a particular control can not be implemented due to technical constraints or business limitations.
• Information Asset Classification Worksheet - PS08-001 - Appendix C - V1.2
  This worksheet is provided as a tool to assist State entities in inventorying and classifying their information.
• Information Control Charts and Glossary - PS08-001 Appendices D & E - V1.2
  The information control charts contain the baseline controls for the protection of the confidentiality, integrity and availability (CIA) of information. The charts are arranged by CIA classification rating. The glossary provides clarification on each control.
• Cyber Security Policies, Standards and Guidelines - Definitions & Acronyms - V1.2

This document includes definitions and acronyms for the above listed cyber security policies, standards and guidelines. Defined terms appear initalics.

• Secure Use of Social Media Guideline G10-001 - V1.1

This guideline is designed to educate State government entities on the risks associated with social media and provide best practices for the secure use of social media in New York State government.

• GIS Data Sharing NYS-P10-003*

Computerized geographic data that is created, collected, processed, disseminated, and stored by public agencies in New York State is a valuable information resource. This policy will facilitate the sharing of Geographic Information System (GIS) data and improve access to computerized geographic data across all levels of government.

• Statewide Geographic Information Systems - NYS-P10-002*

The purpose of this bulletin is to establish a framework for the development of a Statewide GIS Program.

*These policies were issued by the New York State Office for Technology.

Federal

Related Laws

Federal Laws

• Requirements for Governmental Access
• Title 17 U.S.C. §506
  The No Electronic Theft ("NET") Act § 506 Criminal Offense, (a) Criminal Infringement
• Title 18 U.S.C. §1029, 1030, 2511 Fraud and related activity in connection with access devices; computers; and interception and disclosure of wire, oral or electronic communications prohibited, respectively
• Title 18 U.S.C. §1030 Fraud and Related Activity in Connection with Computers
• Title 18 U.S.C. §2701 Criminal infringement of a copyright
  Unlawful Access to Stored Communications
• USA Patriot Act
• www.cybercrime.gov Web site for the U.S. Department of Justice Computer Crime and Intellectual Property Division