Legal and Legislative Services | Virginia IT Agency

Who we are and what we do

The Legal and Legislative Services (LLS) team is VITA’s in-house legal and policy team.

LLS is responsible for the development and implementation of strategies to advance VITA’s legislative initiatives, record keeping and responding to inquiries for public records. LLS serves as the primary conduit of information for proposed legislation between the agency and legislators, committee staff and legislative staff.

Our mission is to empower, enhance and facilitate VITA’s performance of its functions and responsibilities, through internal advice, support and compliance, as well as external representation and advocacy.

Get in touch with us

FOIA provides access to public records and public meetings. For more information visit our FOIA section at Records Request (FOIA).

Project, Portfolio & Recommended Technology Investment Projects (RTIP) Reports

Annual Security Reports

Monthly Infrastructure Contract Amendments

2024

2023

2022

2021

2024

SB222 - Exempts cybersecurity information (defined in the bill) received by VITA from the provisions of the Virginia Freedom of Information Act and the Government Data Collection and Dissemination Practices Act while in possession of VITA. The bill requires VITA to keep such cybersecurity information confidential unless the Chief Information Officer or his designee authorizes publication or disclosure of reports or aggregate cybersecurity information.
SB242 / HB242 - Allows public bodies to require offerors to state exceptions to contract terms & conditions in RFP responses, but prohibits scoring or evaluating those exceptions when selecting offerors for negotiations. Exceptions to be considered in negotiations.

2023

SB1459 - Prohibits any employee or agent of any public body or person or entity contracting with any such public body from downloading or using any application, including TikTok or WeChat, or accessing any website developed by ByteDance Ltd. or Tencent Holdings Ltd. (i) on any government-issued device or government-owned or government-leased equipment, including mobile phones, desktop computers, laptop computers, tablets, or other devices capable of connecting to the Internet, or (ii) while connected to any wired or wireless Internet network owned, operated, or maintained by the Commonwealth.

2022

SB703 / HB1304 - Reorganizes the Information Technology Advisory Council (ITAC) and revises its purpose and responsibilities
SB764 / HB1290 - Requires every public body to report to the Virginia Fusion Intelligence Center all known incidents that threaten the security of the Commonwealth's data or communications or result in exposure of data protected by federal or state laws and all other incidents compromising the security of the public body's information technology systems with the potential to cause major disruption to normal activities of the public body or other public bodies. The incident reporting form and other information is available at https://www.reportcyber.virginia.gov/

2021

SB1458 – Transferring the Identity Management Standards Advisory Council from the Secretary of Administration and VITA to the Office of the Secretary of Commerce and Trade and the Virginia Innovation Partnership Authority.

2020

HJ64 – Requiring VITA to study and report on the Commonwealth's susceptibility, preparedness, and ability to respond to ransomware attacks, including: (i) assess the Commonwealth's susceptibility to ransomware attacks at the state and local levels of government; (ii) develop guidelines and best practices to prevent ransomware attacks; (iii) evaluate current data encryption and backup strategies; (iv) evaluate the availability of tools to monitor unusual access requests, viruses, and network traffic; (v) develop guidance for state agencies and localities on responding in the event of a ransomware attack; (vi) develop a coordinated law-enforcement response strategy that utilizes forensic investigative techniques to identify the source of ransomware attacks; and (vii) provide recommendations on legislative or regulatory changes to better protect state and local government entities from ransomware.
HB852 – Requiring VITA to develop and annually update a curriculum and materials for training all state employees in information security awareness and in proper procedures for detecting, assessing, reporting, and addressing information security threats. And requiring the Commonwealth's executive, legislative, and judicial branches and independent agencies to provide annual information security training for each of its employees in accordance with the VITA-developed curriculum and materials.
HB1003 – Transferring support and administration of the 9-1-1 Services Board and Virginia Geographic Information Network Advisory Board from the Virginia Information Technologies Agency to the Virginia Department of Emergency Management. Associated budget amendments transferred related staff.

2019

SB1233 – Prohibiting public bodies from using hardware, software, or services that have been prohibited by the U.S. Department of Homeland Security for use on federal systems, and requiring the CIO to promptly notify all public bodies of such prohibited hardware, software, and services.
HB1668 – Requiring VITA (as well as DGS and OAG) to review procurement solicitations and contracts for any contract with a state public body that meets the definition of high-risk contract provided in the bill, and to develop guidelines for state agencies to use when assigning staff to administer high-risk contracts.