Commonwealth information security requirements. Requires state public bodies, defined in the bill, to (i) complywith the Commonwealth's security policies and standards, (ii) ensureeach of its employees completes information security training, (iii)conduct regular security audits, and (iv) report the results of suchaudits to the appropriate entity. The bill directs the Chief InformationOfficer of the Commonwealth to (a) publish and maintain a list ofthe Commonwealth's security policies and standards with which statepublic bodies are required to comply, (b) ensure that transitionmeetings with state public bodies occur, and (c) document such transitionsand any exemptions from the requirements of the bill. Commonwealth information security requirements. Exempts cybersecurity information, defined in the bill, from the provisions of the Virginia Freedom of Information Act and the Government Data Collection and Dissemination Practices Act while in possession of the Virginia Information Technologies Agency (VITA). The bill requires VITA to keep such cybersecurity information confidential unless the Chief Information Officer or his designee authorizes publication or disclosure of reports or aggregate cybersecurity information.