The following information technology (IT) records shall be exempt from the Mississippi Public Records Act of 1983:
IT infrastructure details, including network architecture, schematics, and IT system designs;
Source code;
Detailed hardware and software inventories;
Security plans;
Vulnerability reports;
Security risk assessment details;
Security compliance reports;
Authentication credentials;
Security policies and processes;
Security incident reports; and
Any audit, assessment, compliance report, work papers or any combination of these that if disclosed could allow unauthorized access to the state’s IT assets.