Agency exemption requests and remediation tracking
10
Total Requests
3
Pending Review
6
Approved
1
Denied
Department of Health
HIPAA-regulated EHR system migration in progress; vendor timeline extends beyond certification deadline
Environment Department
EPA-mandated environmental monitoring systems use proprietary protocols incompatible with current NIST controls
Department of Transportation
Federal FHWA grant-funded traffic management systems under separate federal security requirements
General Services Department
Statewide procurement platform undergoing complete rebuild; legacy system sunset scheduled for Q3 2026
Motor Vehicle Division
REAL ID compliance systems under DHS security framework; dual compliance creates resource constraints
Energy, Minerals and Natural Resources
Oil and gas regulatory systems require coordination with BLM; interstate data sharing agreements limit unilateral changes
Human Services Department
Post-Conduent breach: requesting exemption while forensic investigation and system rebuild are in progress
Corrections Department
Budget constraints prevent simultaneous facility network upgrades; requesting phased implementation by facility
Public Education Department
No dedicated CISO; requesting technical assistance from DoIT while recruiting cybersecurity leadership
Workforce Solutions Department
Legacy COBOL unemployment insurance system cannot be secured to NIST standards; modernization RFP in progress