Florida Administrative Code

The Department of Management Services exempts the Department of Education from the requirement to file Exemption Requests, as described in Chapter 60FF-1, F.A.C., for the purpose of acquiring, leasing, and utilizing broadcast communications equipment, facilities, and services tha…

The authority of the Department of Transportation to acquire, lease, maintain and utilize communications equipment, facilities, circuits and services that facilitate traffic systems and control devices solely for the purpose of motor vehicle traffic control and surveillance, is h…

(1) The Department shall provide the State of Florida government listing information for all local commercial directories and coordinate the maintenance of government and personnel listing information on the state government Web site https://411.myflorida.com. The Department shal…

(1) The purpose of this rule chapter is to establish procedures to allow public safety entities, as defined herein, to use the Statewide Law Enforcement Radio System (SLERS). Such use benefits State Law Enforcement and SLERS Partners and facilitates the efficient use of radio spe…

(1) SLERS Partner - Public safety entities, other than Joint Task Force entities, which are eligible under Part 90 of the Federal Communication Commission's rules to use spectrum allocated for public safety use, to which Contractor provides communications services on SLERS. (2) S…

(1) Agencies wishing to use the Statewide Law Enforcement Radio System shall complete the SLERS Partner Application and Agreement for access to the Statewide Law Enforcement Radio System (Form No.DMS-SLERS-1), which is hereby incorporated by reference and available online at www.…

(1) SLERS Partners wishing to join the Statewide Law Enforcement Radio System shall contribute FCC-licensed or Florida 800 MHz FCC Region 9 Public Safety Plan Frequencies for use by the Statewide Law Enforcement Radio System during their term of membership. In order to ensure tha…

(1) The Department and SLERS Partner applicants shall work with the Contractor to devise a talk group structure that makes efficient use of available channels and meets operational needs of JTF agencies and SLERS Partners. (2) The talk group structure and number of talk groups fo…

(1) Personnel background checks are required for non-Law Enforcement users who have access to the Interoperability Talk Groups used by State Law Enforcement unless previously conducted by their agencies. (2) Encryption is required for access to the Interoperability Talk Groups us…

(1) If traffic loading at a site causes queuing of calls such that the busy hour average waiting time per call exceeds 0.5 seconds, the Department, in consultation with the Contractor and system users, is authorized to take measures to restrict system use. Such measures shall inc…

Rulemaking Authority 365.172(6)(a)11. FS. Law Implemented 365.173(2)(d) FS. History-New 12-20-09, Transferred to 60FF1-5.001.

Rulemaking Authority 365.172(6)(a)11. FS. Law implemented 365.173(2)(g), 365.172(9)(a), (b), (c) FS. History-New 12-7-08, Amended 10-19-09, 4-15-10, 10-27-10, Transferred to 60FF1-5.002.

Rulemaking Authority 365.172(6)(a)11. FS. Law implemented 365.172(6)(a)3.b., 365.173(2)(i), 365.172(9)(a), (b), (c) FS. History-New 12-7-08, Amended 10-27-10, Transferred to 60FF1-5.003.

Rulemaking Authority 365.172(6)(a)11., 365.172(8) FS. Law Implemented 365.172(8) FS. History-New 11-16-10, Transferred to 60FF1-5.004.

Rulemaking Authority 365.172(6)(a)11. FS. Law implemented 365.172(6)(a)3.b., 365.173(2)(g), 365.173(2)(i) FS. History-New 10-19-09, Amended 10-27-10, Transferred to 60FF1-5.005.

Rulemaking Authority 365.172(6)(a)11. FS. Law implemented 365.173(2)(c) FS. History-New 10-6-09, Amended 10-27-10, Transferred to 60FF1-5.006.

Rulemaking Authority 365.172(6)(a)11., 365.172(8) FS. Law Implemented 365.172(8) FS. History-New 10-27-10, Transferred to 60FF1-5.007.

(1) The purpose of this rule chapter is to prescribe necessary rules for implementing, coordinating and maintaining a statewide emergency Enhanced 911 communication system. It also prescribes the necessary procedures to be followed by an entity of local government for implementat…

(1) Each County E911 plan shall include: (a) System Summary including identification of all public safety agencies (law enforcement, fire protection, emergency medical, and rescue agencies), within the boundaries of the 911 system including PSAPs, government agencies, type of sys…

(1) A certification inspection will determine if the E911 systems operated or planned to be operated by entities of local government meets the minimum technical and operational standards in subsection 60FF-6.002(1) and Rule 60FF-6.005, F.A.C., so that an established minimum stand…

(1) The Board of County Commissioners in each county is established as the responsible fiscal agent. The funds collected and interest earned are appropriated for E911 purposes by the county commissioners for the County 911 system and operations. Ultimate responsibility and author…

(1) Public Safety Answering Point. (a) Each 911 primary PSAP shall operate 24 hours a day, seven days a week. (b) All primary PSAPs shall be staffed with an adequate number of answering positions to ensure that a minimum of 90 percent of voice calls shall be answered within 10 se…

The following definitions shall apply when used in Chapter 60G-1, F.A.C.: (1) "Commission" means the Governor's Mansion Commission. (2) "State Rooms" has the meaning ascribed in section 272.18(3)(a), F.S. Rulemaking Authority 272.18(3)(f), (g) FS. Law Implemented 272.18 FS. Histo…

Rulemaking Authority 272.18(2)(a) FS. Law Implemented 272.18 FS. History-New 8-1-83, Formerly 13L-1.03, 13L-1.003, Amended 10-14-98, Repealed 12-22-15.

(1) Use of State Rooms. Use of the State Rooms is only for the First Family, for uses that benefit the Commission, or for official state functions. (2) Items Placed in State Rooms. No items may be placed in, or removed from, State Rooms except upon prior approval of the Commissio…

If a not-for-profit corporation requests authorization to operate from the Commission pursuant to section 272.18(3)(f), F.S., it must enter into a contract with the Commission which: (1) Provides that the corporation shall assist the Commission in the performance of duties requir…

(1) Purpose and Applicability. (a) Rules 60GG-1.001 through 60GG-1.009, F.A.C., will be known as the Florida Information Technology Project Management and Oversight Standards. These rules include two separate sets of requirements - project management standards defined in Rules 60…

(1) The Agency will perform Risk & Complexity Assessments (R&C Assessments) for information technology (IT) projects to evaluate the risk and complexity factors for each IT project https://www.flrules.org/Gateway/reference.asp?No=Ref-05569. The purpose of the assessments is to de…

(1) Project Initiation is the first phase in the project management lifecycle. In the Initiation phase, information technology projects are transitioned from ideas to a viable project proposal (through the Agency's project request process) for consideration and approval by the Ag…

(1) In the Planning phase, the Agency develops and approves detailed project planning documents. (2) The matrix provided below lists planning activities and documents required for the project based on the project's Risk and Complexity (R&C) Category. (a) Specific document types, …

(1) The Execution phase involves carrying out and managing all the activities described in the Project Management Plan. (2) The majority of Execution phase activities and documentation will be associated with the Agency's specific Systems Development Life Cycle (SDLC) process and…

(1) Project Monitoring and Controlling spans all phases of the project and involves the regular review of project status in order to identify variances from baselined project schedule, cost, and scope. In addition, all project management plan components developed pursuant to Rule…

(1) The Agency must perform Project Closeout phase activities after the defined project objectives have been met and the Agency has accepted the project's product in accordance with their deliverable acceptance criteria and governance process. (2) The following matrix lists the c…

(1) Agencies as defined in Rule 60GG-1.001, F.A.C., must comply with the Florida Information Technology Project Management and Oversight Standards. (2) The Florida Information Technology Project Management Standards set forth in Rules 60GG-1.001 through 60GG-1.008, F.A.C. will be…

(1) Section 282.0051(d), F.S., requires DMS oversight on State Agency information technology projects that have total project costs of $10 million or more and that are funded in the General Appropriations Act or any other law. (2) Section 282.0051(1)(n), F.S., requires DMS oversi…

(1) Purpose and Applicability. (a) Rules 60GG-2.001 through 60GG-2.006, F.A.C., will be known as the State of Florida Cybersecurity Standards (SFCS). (b) These rules establish cybersecurity standards for information technology (IT) resources. Agencies must comply with these stand…

The identify function of the FCS is visually represented as such: Function Category Subcategory Identify (ID) Asset Management (AM) ID.AM-1: Inventory Agency physical devices and systems ID.AM-2: Inventory Agency software platforms and applications ID.AM-3: Map Agency communicati…

The protect function of the SFCS is visually represented as such: Function Category Subcategory Protect (PR) Identity Management, Authentication, and Access Control (AC) PR.AC-1: Issue, manage, verify, revoke, and audit identities and credentials for authorized devices, processes…

The detect function of the SFCS is visually represented as such: Function Category Subcategory Detect (DE) Anomalies and Events (AE) DE.AE-1: Establish and manage a baseline of network operations and expected data flows for Users and systems DE.AE-2: Analyze detected Cybersecurit…

The respond function of the SFCS is visually represented as such: Function Category Subcategory Respond (RS) Response Planning (RP) RS.RP-1: Execute response plan during or after an Incident Communications (CO) RS.CO-1: Ensure that personnel know their roles and order of operatio…

The recover function of the SFCS is visually represented as such: Function Category Subcategory Recover (RC) Recovery Planning (RP) RC.RP-1: Execute recovery plan during or after a Cybersecurity Incident Improvements (IM) RC.IM-1: Incorporate lessons learned in recovery plans RC.…

(1) Definitions. (a) "Critical Component" means a Drone component related to: flight controllers, radio, data transmission devices, cameras, gimbals, ground control systems, operating software (including cell phone or tablet applications, but not cell phone or tablet operating sy…

(1) Definitions. Capitalized terms used herein will have the meanings ascribed in section 112.22, F.S. "Form" will mean the Form FL[DS]-02, Prohibited Application Waiver Request Form, eff. 12/23, and available at http://www.flrules.org/Gateway/reference.asp?No=Ref-16158, which is…

The following terms are defined: (1) Infrastructure as a Service (IaaS) - a data center service offering that provides processing, storage, networks and other fundamental computing resources used to deploy and run arbitrary software, which can include operating systems and applic…

(1) General - In order to gain access to the State Data Center (SDC) facility, all Visitors must: (a) Provide a government issued photo identification to verify their identity. Visitor identification will be verified before SDC access is approved; (b) Be visiting the SDC on busin…

The acquisition of data center services, including IaaS, will be accomplished by customer entities submitting a Service Request to the State Data Center. Rulemaking Authority 282.0051(6) FS. Law Implemented 282.0051 FS. History-New 6-16-16, Formerly 74-3.004.

The Department of Management Services (DMS) is responsible for developing and implementing cost-recovery mechanisms that recover the full direct and indirect cost of services through charges to applicable customer entities. To fulfill this responsibility the DMS will employ the f…

(1) These rules apply to state agencies as defined in Section 282.0041, F.S. (2) These rules are designed to further state agency implementation of the cloud-first policy as provided in Section 282.206, F.S., that requires state agencies to show a preference for cloud computing s…

(1) As part of their cloud-first policy, the state agency will develop formal procedures to be used when procuring information technology that establish a preference for cloud computing. (2) Where products or services are required for cloud migration and integration with products…

(1) The state agency will document the controls and processes that are in place to proactively control cloud spend and maintain acceptable budgeted versus actual variances. (2) The state agency will establish and document, in advance of contract execution, an acceptable threshold…