| Alaska |
AK HB 3 |
Enacted |
Includes cybersecurity incidents in the definition of disaster. |
| Arizona |
AZ HB 2145 |
Failed |
Relates to governmental entities, relates to ransomware payment, relates to prohibition. |
| Arizona |
AZ HB 2584 |
Failed |
Provides that the Arizona Department of Homeland Security shall secure through a competitive bidding process an enterprise license for use by agencies of the state for security software that will integrate security into the development process and scan software code in development, production and postproduction to detect and improve security threats through specified methods, makes an appropriation. |
| Arizona |
AZ HB 2690 |
Failed |
Relates to cybersecurity risk, relates to insurance. |
| Arizona |
AZ SB 1457 |
Failed |
Relates to voting, relates to equipment, relates to internet, relates to custody, relates to violation. |
| Arizona |
AZ SB 1465 |
Failed |
Relates to voting equipment, relates to requirements, relates to records, relates to origin. |
| Arizona |
AZ SB 1598 |
Enacted |
Relates to information technology, relates to security, relates to office, relates to State Department of Homeland Security, provides power and duties of the department, defines terms, relates to suspension of budget unit's information infrastructure. |
| Arizona |
AZ SB 1642 |
Failed |
Relates to election management systems, relates to security. |
| California |
CA AB 154 |
Pending |
Makes appropriations for the support of state government for specified fiscal year. |
| California |
CA AB 183 |
Enacted |
Establishes the Cybersecurity Regional Alliances and Multistakeholder Partnerships Pilot Program to address the cybersecurity workforce gap. |
| California |
CA AB 581 |
Pending |
Requires all state agencies, as generally defined, to review and implement specified National Institute of Standards and Technology (NIST) guidelines for, among other things, reporting, coordinating, publishing, and receiving information about a security vulnerability relating to information systems and the resolution thereof, no later than specified date. |
| California |
CA AB 1980 |
Pending |
Relates to the statute of limitation and ransomware. Requires prosecution for that offense to commence within 3 years after the person is initially identified by law enforcement as a suspect in the commission of that offense, as specified. |
| California |
CA AB 2001 |
Pending |
Authorizes a licensee under the California Financing Law (CFL) to designate an employee, when acting within the scope of employment, to perform work on the licensee's behalf at a remote location, as defined, if the licensee takes certain actions, including that the licensee prohibits a consumer's personal information from being physically stored at a remote location except for storage on an encrypted device or encrypted media. |
| California |
CA AB 2135 |
Pending |
Requires state agencies to adopt and implement information security and privacy policies, standards, and procedures based upon standards issued by the National Institute of Standards and Technology and the Federal Information Processing Standards. Requires to certify, to the President pro Tempore of the Senate and the Speaker of the Assembly that the agency is in compliance with all adopted policies, standards, and procedures and to include a plan of action and milestones. |
| California |
CA AB 2154 |
Pending |
Requires the board to report specified information to the Assembly Committee on Insurance and the Senate Committee on Insurance within 60 days of the request if the board of CIGA asks the California Infrastructure and Economic Development Bank to issue bonds, and annually thereafter while the bond remain outstanding. Specifies that obligations under a policy issued to cover cybersecurity are covered claims. |
| California |
CA AB 2190 |
Pending |
Relates to the Office of Information Security in the Department of Technology and requirement for such office to be under the direction of a chief. Requires the chief to submit an annual statewide information security status report to the Assembly Committee on Privacy and Consumer Protection and the Senate Governmental Organization Committee, as described. |
| California |
CA AB 2355 |
Pending |
Requires a school district, county office of education, and charter school to report any cyberattack, as defined, impacting more than 500 pupils or personnel to the California Cybersecurity Integration Center. |
| California |
CA AB 2695 |
Pending |
Requires the statewide cybersecurity strategy to increase opportunities to meet the cybersecurity workforce demand. |
| California |
CA SB 154 |
Enacted |
Makes appropriations for the support of the government of the State of California, including funding to establish and operate the Office of Elections Cybersecurity and for other cybersecurity programs. |
| California |
CA SB 183 |
Pending |
Revises and recasts various provisions of the Higher Education Student Housing Grant Program, as provided, including various revisions to application criteria and process. Appropriates specified amount from the General Fund for grants under the program to be allocated, as specified. Appropriates specified amount from the General Fund for the purpose of providing planning grants for California community colleges that are exploring or determining if it is feasible to offer affordable student rental housing. |
| California |
CA SB 468 |
Pending |
Includes an electromagnetic pulse attack among those conditions constituting a state of emergency or local emergency. |
| California |
CA SB 844 |
Pending |
Establishes a program to award grants to eligible entities to address cybersecurity risks and cybersecurity threats to information systems owned or operated by, or on behalf of, state, local, or tribal governments. Requires the center to create four reports, to be delivered to the Legislature. Relates to federal State and Local Cybersecurity Improvement Act. |
| California |
CA SB 892 |
Pending |
Requires the Office of Emergency Services to develop, propose, and adopt optional reporting guidelines applicable to companies and cooperatives in the food and agriculture industry and entities in the water and wastewater systems industry if they identify a significant and verified cyber threat or active cyberattack. Requires a report of cyberattack or cyber threat submitted pursuant to guidelines developed pursuant to these provisions to be confidential and would prohibit disclosure as a public record. |
| California |
CA SB 1001 |
Pending |
Requires the center, to submit to the Legislature, as specified, a report on the feasibility and benefits of requiring credit reporting bureaus and lenders to implement new information security tactics that protect consumers from financial fraud, including requiring credit reporting bureaus or lenders to use multifactor authentication each time a new line of credit is opened or a credit report is accessed, and specified tactics related to using alternatives to social security numbers as authenticators. |
| Colorado |
CO HB 1404 |
Failed |
Concerns the Colorado critical infrastructure resiliency initiative. |
| Florida |
FL HB 1147 |
Failed |
Relates to critical infrastructure standards and procedures, requires and encourages agency asset owners procuring certain components, services, or solutions or entering into contracts to require conformance with certain standards, requires agency asset owners to ensure that contracts require meet certain minimum standards, encourages asset owners to ensure that operation and maintenance of operational technology conform to certain standards and practices. |
| Florida |
FL HB 1287 |
Failed |
Relates to public records/information held by a utility owned or operated by a unit of local government, provides exemption from public records requirements for certain information held by utility owned or operated by unit of local government, provides applicability, provides for future legislative review and repeal of exemption, provides statement of public necessity. |
| Florida |
FL HB 2203 |
Failed |
Provides an appropriation for the CyberResilience, Security Leadership and Disaster Recovery. |
| Florida |
FL HB 5001 |
Enacted |
Makes appropriations, provides moneys for the annual period beginning on specified date, and ending on specified date, and supplemental appropriations for the period ending on specified date, to pay salaries and other expenses, capital outlay buildings and other improvements, and for other specified purposes of the various agencies of state government. |
| Florida |
FL HB 5003 |
Enacted |
Implements the 2022-2023 General Appropriations act, incorporates by reference certain calculations of the Florida Education Finance Program, provides that funds for instructional materials must be released and expended as required in the General Appropriations Act, extends for 1 fiscal year specified charter school capital outlay funding provisions, provides for the future expiration and reversion of specified statutory text. |
| Florida |
FL HB 7019 |
Failed |
Relates to Open Government Sunset Review Act (OGSR)/technology systems/state university or a State college system institution, removes scheduled repeal of exemption from public records requirements for certain records held by state university or fcs institution relating to information technology security incidents and certain portions of risk assessments, evaluations, audits, and other reports of universityo or institutions information technology security program. |
| Florida |
FL HB 7055 |
Enacted |
Relates to cybersecurity, requires the Department of Management Services, acting through the Florida Digital Service, to develop and publish guidelines and processes for reporting cybersecurity incidents, requires state agencies to report ransomware incidents and certain cybersecurity incidents to certain entities within specified timeframes, requires the Cybersecurity Operations Center to provide certain notifications to the Legislature within a specified timeframe. |
| Florida |
FL HB 7057 |
Enacted |
Relates to public records and public meetings, provides an exemption from public records requirements for certain information related to a cybersecurity incident or ransomware incident held by a local government, state agency, or sheriff. |
| Florida |
FL PCB 6073 |
Failed |
Relates to cybersecurity, requires a list of reportable incidents maintained by the Division of Emergency Management to include cybersecurity incidents and ransomware incidents. |
| Florida |
FL PCB 6075 |
Failed |
Relates to public records and public meetings, provides an exemption from public records requirements for certain information related to a cybersecurity incident or ransomware incident held by a local government, state agency, or sheriff. |
| Florida |
FL SB 828 |
Failed |
Relates to critical infrastructure. |
| Florida |
FL SB 1670 |
Failed |
Relates to cybersecurity, requires specified entities to report certain computer attacks to the State Watch Office within the Division of Emergency Management, requires local governments to adopt certain cybersecurity standards by a specified date, requires the Florida Digital Service and the Florida Cybersecurity Advisory Council to develop training requirements and conduct training at certain intervals, prohibits specified offenses concerning ransomware. |
| Florida |
FL SB 1694 |
Failed |
Relates to public records/criminal intelligence information or criminal investigative information, provides an exemption from public records requirements for criminal intelligence information or criminal investigative information that reveals means or methods that could allow unauthorized access to any electronic device, software, or network, provides for future legislative review and repeal of the exemption, provides a statement of public necessity. |
| Florida |
FL SB 1740 |
Failed |
Relates to Public Records and Public Meetings. |
| Georgia |
GA HR 877 |
Failed |
Encourages the Department of Education to dedicate personnel, funds, and other resources to state wide outreach efforts to promote and improve cybersecurity education, training, and workforce development. |
| Georgia |
GA SB 596 |
Failed |
Relates to emergency management, so as to provide for the creation of the Georgia Cyberforce, provides for a definition, provides for the purpose and duties of the cyberforce, provides for an annual report. |
| Georgia |
GA SR 741 |
Failed |
Creates the Senate Study Committee on the Creation of a Georgia Cybersecurity Force. |
| Hawaii |
HI HB 957 |
Failed |
(Governor Bill Package) Establishes the State Fusion Center as a program under the Office of Homeland Security, establishes the position of State Fusion Center Director. |
| Hawaii |
HI HB 2052 |
Failed |
Prohibits government agencies, business entities, and health care entities in the state from paying or having another entity pay on its behalf ransom for cyber incidents or cyber ransom or ransomware attacks, requires all agencies and entities to report incidents and attacks to the office of homeland security, establishes penalties for violations. |
| Hawaii |
HI HB 2118 |
Failed |
Codifies the existing Hawaii State Cybersecurity program, administered by the Office of Homeland Security in partnership with specified entities, to oversee cybersecurity and cyber resiliency matters, eliminates the state cybersecurity, economic, education, and infrastructure security coordinator position. |
| Hawaii |
HI SB 2427 |
Failed |
Requires manufacturers of lot devices to equip the devices with reasonable security features regarding information collected, unauthorized access, or the destruction or use of the devices. |
| Hawaii |
HI SB 3086 |
Failed |
(Governor Bill Package) Updates and provides clarification to reflect the existence of the state cybersecurity program, which is administered by the state Office of Homeland Security, eliminates the state cybersecurity, economic, education, and infrastructure security coordinator position. |
| Idaho |
ID HB 621 |
Enacted |
Relates to public records, provides that certain cybersecurity records are exempt from disclosure and to make technical corrections, declares an emergency. |
| Idaho |
ID HB 667 |
Failed |
Adds to existing law to provide for program integrity and cross matching requirements, relates to Employment Security Law. |
| Iowa |
IA D 5428 |
Failed |
Relates to essential corporate purpose cybersecurity. |
| Iowa |
IA D 5430 |
Failed |
Relates to affirmative defense cybersecurity. |
| Iowa |
IA D 5735 |
Failed |
Relates to cyber ransom public sector. |
| Iowa |
IA D 6183 |
Failed |
Relates to cybersecurity simulator. |
| Iowa |
IA HB 719 |
Enacted |
Relates to standards for data security, and investigations and notifications of cybersecurity events, for certain licensees under the jurisdiction of the Commissioner of Insurance, makes penalties applicable, includes effective date provisions. |
| Iowa |
IA HB 2288 |
Failed |
Modifies the definitions of essential county purpose and essential corporate purpose to include cybersecurity purposes. |
| Iowa |
IA HB 2302 |
Failed |
Relates to affirmative defenses for entities using cybersecurity programs. |
| Iowa |
IA HB 2361 |
Failed |
Establishes the cybersecurity simulation training center at the Iowa State University of science and technology, and makes appropriations. |
| Iowa |
IA HB 2461 |
Failed |
Relates to ransomware and provides penalties. |
| Iowa |
IA HB 2555 |
Failed |
Establishes the cybersecurity simulation training center at the Iowa State University of Science and Technology. |
| Iowa |
IA HSB 555 |
Failed |
Relates to affirmative defenses for entities using cybersecurity programs and electronic transactions recorded by blockchain technology. |
| Iowa |
IA HSB 645 |
Failed |
Relates to ransomware. |
| Iowa |
IA HSB 669 |
Failed |
Establishes the cybersecurity simulation training center at the Iowa State University of Science and Technology. |
| Iowa |
IA HSB 670 |
Failed |
Creates a cybersecurity unit within the Office of the Chief Information Officer. |
| Iowa |
IA HSB 691 |
Failed |
Prohibits the state or a political subdivision of the state from expending revenue received from taxpayers for payment to persons responsible for ransomware attacks, includes effective date provisions. |
| Iowa |
IA SB 2049 |
Failed |
Relates to affirmative defenses for entities using cybersecurity programs and electronic transactions recorded by blockchain technology. |
| Iowa |
IA SB 2207 |
Failed |
Prohibits the state and political subdivisions of the state from expending public moneys for payment to persons responsible for ransomware attacks. |
| Iowa |
IA SSB 3068 |
Failed |
Modifies the definitions of essential county purpose and essential corporate purpose to include cybersecurity purposes. |
| Illinois |
IL HB 900 |
Enacted |
Appropriates monies to the Department of Commerce and Economic Opportunity, relates to Labor and Employment Relations, relates to Build Illinois Bond fund. |
| Illinois |
IL HB 1588 |
Pending |
Amends the Information Security Improvement Act, makes a technical change in a section concerning the short title. |
| Illinois |
IL HB 2869 |
Pending |
Amends the Local Records Act, provides that a unit of local government, acting through its governing board, may authorize the use of technology to execute its duties, or assist in the execution of certain portions of public duties, where those technologies utilize commonly accepted methods of data storage and cybersecurity, and the unit of local government otherwise continues adherence to the Local Records Act. |
| Illinois |
IL HB 3030 |
Pending |
Creates the Cybersecurity Compliance Act, creates an affirmative defense for every covered entity that creates, maintains, and complies with a written cybersecurity program that contains administrative, technical, and physical safeguards for the protection of either personal information or both personal information and restricted information and that reasonably conforms to an industry-recognized cybersecurity framework, prescribes requirements for the cybersecurity program. |
| Illinois |
IL HB 3040 |
Pending |
Creates the Insurance Data Security Act, requires any person licensed, authorized to operate, or registered as an insurer in accordance with the insurance Laws of this State to conduct a risk assessment of cybersecurity threats, implement appropriate security measures, and no less than annually assess the effectiveness of the safeguards' key controls, systems, and procedures. |
| Illinois |
IL HB 3204 |
Pending |
Amends the Information Security Improvement Act, makes a technical change in a section concerning the short title. |
| Illinois |
IL HB 3536 |
Pending |
Creates the Security of Connected Devices Act, requires manufacturers of connected devices to equip the device with security features that are designed to protect the device and any information the device contains from unauthorized access, destruction, use, modification, or disclosure. |
| Illinois |
IL HB 3731 |
Pending |
Amends the Department of Innovation and Technology Act, requires the Department of Innovation and Technology to work to ensure the security of the social media and Internet presence of state elected officials and state agencies and, to the extent possible, reserve the use of State government online accounts, whether social media or email, for use only by state officials, state agencies, and employees thereof, to prevent false personation, provides for the adoption of rules, defines false personation. |
| Illinois |
IL HB 4074 |
Pending |
Creates the Consumers and Climate First Act, provides that it is the policy of the state to transition to 100% clean energy by 2050, amends the Governmental Ethics Act, expands the information required to be provided on a statement of economic interests to include employment by a public utility, amends the Enterprise Zone Act, expands, in provisions relating to High Impact Businesses, the definition of new electric generating facility to include a new utility scale solar power facility. |
| Illinois |
IL HB 4152 |
Pending |
Amends the School Code to require a school district to report a cyber security attack to the State Board of Education as soon as school personnel determine that a breach of the school district's computer system or network has occurred, amends various Acts relating to the governance of public universities and community colleges in Illinois to require a public university or community college district to report a cyber security attack to the Department of Innovation and Technology as soon as school person. |
| Illinois |
IL HB 4653 |
Pending |
Creates the Insurance Data Security Law, sets forth provisions concerning an information security program, investigations of cybersecurity events, and notifications of cybersecurity events, provides that the Director of Insurance shall have power to examine and investigate into the affairs of any licensee to determine whether the licensee has been or is engaged in any conduct in violation of the Act. |
| Illinois |
IL HB 4725 |
Pending |
Amends the Public Utilities Act, provides that all public utilities are required to establish a security policy, provides that Commerce Commission staff shall determine entities subject to the attestation and reporting requirements, provides that each entity subject to the attestation and reporting requirements shall provide to the Commission an annual affidavit signed by a senior executive responsible for security of the regulated entity that States the entity has a security policy. |
| Illinois |
IL HB 5165 |
Pending |
Amends the Freedom of Information Act, modifies the exemptions from inspection and copying concerning cybersecurity vulnerabilities, amends the Department of Innovation and Technology Act, requires a local government official or employee to be chosen to act as the primary point of contact for local cybersecurity issues, amends the Information Security Improvement Act, requires the establishment of a cybersecurity liaison program, provides for cybersecurity training for county and municipal employees. |
| Illinois |
IL HB 5243 |
Pending |
Creates the Cybersecurity Compliance Act, creates an affirmative defense for every covered entity that creates, maintains, and complies with a written cybersecurity program that contains administrative, technical, and physical safeguards for the protection of either personal information or both personal information and restricted information and that reasonably conforms to an industry-recognized cybersecurity framework, prescribes requirements for the cybersecurity program. |
| Illinois |
IL HB 5248 |
Pending |
Creates the Insurance Data Security Act, requires any person licensed, authorized to operate, or registered as an insurer in accordance with the insurance Laws of this state to conduct a risk assessment of cybersecurity threats, implement appropriate security measures, and no less than annually assess the effectiveness of the safeguards' key controls, systems, and procedures, requires a licensee to develop, implement, and maintain a written information security program based on the licensee's risk. |
| Illinois |
IL HB 5561 |
Pending |
Appropriates a specified amount from the General Revenue Fund to the Board of Higher Education for a grant to the Institute of Technology to fund the Institute of Technology Cybersecurity Bootcamp program. |
| Illinois |
IL SB 350 |
Pending |
Amends the Freedom of Information Act, exempts from disclosure risk and vulnerability assessments, security measures, schedules, certifications, and response policies or plans that are designed to detect, defend against, prevent, or respond to potential cyber attacks upon the state's or an election authority's network systems, or records that the disclosure of which would, in any way, constitute a risk to the proper administration of elections or voter registration. |
| Illinois |
IL SB 3427 |
Pending |
Amends the Department of Employment Security Law of the Civil Administrative Code, requires the Department of Employment Security to consult with private cybersecurity experts on the best practices to identify and prevent fraudulent applications for benefits and fraudulent receipt of benefits under the unemployment insurance program and other programs administered by the Department, requires the Department to maintain a cloud-based system to detect and prevent fraud. |
| Illinois |
IL SB 3440 |
Pending |
Amends the Criminal Code of 2012, provides that a person also commits computer tampering when he or she knowingly and without the authorization of a computer's owner or in excess of the authority granted to him or her intentionally introduces ransomware onto a computer, computer system, or computer network, provides for penalties. |
| Illinois |
IL SB 3939 |
Enacted |
Provides that the principal executive officer, or his or her designee, of each municipality with a population of 35,000 or greater and of each county shall designate a local official or employee as the primary point of contact for local cybersecurity issues, provides that each jurisdiction must provide the name and contact information of the cybersecurity designee to the Department of Innovation and Technology Act and update the information as necessary. |
| Indiana |
IN HB 1274 |
Failed |
Relates to volunteer cyber civilian corps, establishes the State cyber civilian corps program (program), provides that the program includes civilian volunteers who have expertise in addressing cybersecurity incidents and may volunteer at the invitation of the office of technology (office) to provide rapid response assistance to a client in need of expert assistance during a recognition of a potential vulnerability that could lead to a cybersecurity incident. |
| Kansas |
KS HB 2548 |
Failed |
Implementing additional reporting requirements for informational technology proiects and state agencies and requiring additional information technology security training and status reports. |
| Kansas |
KS SB 267 |
Enacted |
Makes and concerns appropriations for the fiscal years ending a specified date, authorizes certain transfers, capital improvement projects and fees, imposing certain restrictions and limitations, directs or authorizes certain receipts, disbursements, procedures and acts incidental to the foregoing. |
| Kentucky |
KY HB 474 |
Enacted |
Relates to insurance data security, provides that each licensee shall develop, implement, and maintain a comprehensive written information security program based on the licensees risk assessment that contains administrative, technical, and physical safeguards for the protection of nonpublic information and the licensees information system. |
| Kentucky |
KY HR 77 |
Adopted |
Urges Congress to take appropriate steps in mitigating cyberattacks and ransomware attacks. |
| Kentucky |
KY SB 298 |
Enacted |
Requires investment advisers to establish written procedures relating to a business continuity and succession plan, requires investment advisers to establishes and implement written physical security and cybersecurity policies and procedures, establishes continuing education requirements for investment adviser representatives on a specified date. |
| Louisiana |
LA SCR 14 |
Adopted |
Establishes the Cybersecurity Redhibition Task Force. |
| Maryland |
MD HB 5 |
Failed |
Relates to state and local government employees and contractors and cybersecurity training. |
| Maryland |
MD HB 24 |
Enacted |
Alters certain criteria for the Cybersecurity Public Service Scholarship Program, includes increasing the number of years a recipient may hold an award, expanding the qualifying positions for a scholarship recipient to fulfill a work obligation, establishes criteria for part time students to be eligible for the scholarship, hold an award, and fulfill a work obligation, requires the State Department of Education to provide information on the Program to high school students. |
| Maryland |
MD HB 346 |
Failed |
Concerns Department of Information Technology, relates to Oversight of Legislative Branch Information Technology. |
| Maryland |
MD HB 348 |
Failed |
Concerns the General Assembly and Legislative Branch of State Government, provides for security training, protects security sensitive data. |
| Maryland |
MD HB 419 |
Failed |
Codifies the establishment of the Office of Security Management within the Department of Information Technology, the position of State Chief Information Security Officer, and the Maryland Cybersecurity Coordinating Council, alters the membership of the Council, requires each unit of the Legislative Branch or Judicial Branch of State government that uses a certain network to certify certain compliance to the Department by a specified date each year. |
| Maryland |
MD HB 898 |
Failed |
Establishes the Office of Domestic Terrorism Response within the State Department of Emergency Management for the purpose of developing strategies and resources to prepare for, prevent, and recover from domestic terrorism activities, requires the office to coordinate with federal, state, and local agencies, consult with the academic community, and work with public health professionals for certain purposes, requires by December 1 each year a report to the General Assembly on the activities of the office. |
| Maryland |
MD HB 1202 |
Vetoed |
Establishes the Cyber Preparedness Unit in the Department of Emergency Management, establishes certain responsibilities of the Unit, requires local governments to report certain cybersecurity incidents in a certain manner and under certain circumstances, requires the State Security Operations Center to notify appropriate agencies of a cybersecurity incident in a certain manner, establishes the Cybersecurity Fusion Center in the Department of Emergency Management. |
| Maryland |
MD HB 1205 |
Enacted |
Requires a certain water or sewer system to, on or before a certain date, assess its vulnerability to a cyber attack, develop a cybersecurity plan if appropriate, and submit a certain report to the General Assembly, authorizes the Water Quality Financing Administration to provide financial assistance to a public water or wastewater system to assess system cybersecurity vulnerabilities and develop a cybersecurity plan, establishes the Local Cybersecurity Support Fund as a special, nonlapsing fund. |
| Maryland |
MD HB 1284 |
Failed |
Authorizes a credit against the State income tax for a certain small business that employs 50 or fewer employees for costs incurred by the small business during the taxable year for certain cybersecurity measures undertaken by the small business, makes the credit refundable. |
| Maryland |
MD HB 1334 |
Failed |
Establishes the Cybersecurity Workforce Accelerator Program at the University of Maryland Baltimore County to increase the cybersecurity workforce in the State, increase the investment of the State in cybersecurity workforce programs and educational programs at certain institutions, and for other purposes related to the cybersecurity workforce in the State, requires the Department of Commerce and the Maryland Department of Labor to assist in administering the Accelerator Program as necessary. |
| Maryland |
MD HB 1339 |
Failed |
Authorizes the Department of Emergency Management to take action to reduce the disaster risk and vulnerability of critical infrastructure, establishes the Critical Infrastructure Cybersecurity Grant Program in the Department to leverage certain funds to make cybersecurity improvements to critical infrastructure, alters the duties and staffing requirements of the Public Service Commission to include cybersecurity, authorizes the Office of People's Counsel to retain or hire an expert in cybersecurity. |
| Maryland |
MD HB 1346 |
Vetoed |
Establishes the Office of Security Management within the Department of Information Technology, establishes certain responsibilities and authority of the Office of Security Management, establishing the Cybersecurity Coordinating Council, requires the Secretary of Information Technology to develop and maintain a statewide cybersecurity strategy, requires certain IT units to certify compliance with certain cybersecurity standards. |
| Maryland |
MD SB 4 |
Enacted |
Alters certain criteria for the Cybersecurity Public Service Scholarship Program, including increasing the number of years a recipient may hold an award, expanding the qualifying positions for a scholarship recipient to fulfill a work obligation, and establishing criteria for part time students to be eligible for the scholarship, hold an award, and fulfill a work obligation, requires the State Department of Education to provide information on the Program to high school students. |
| Maryland |
MD SB 107 |
Failed |
Relates to state government, provides cybersecurity training for state and local government employees and contractors. |
| Maryland |
MD SB 162 |
Failed |
Relates to Public Schools with regards to the Cyber Safety Guide and Training Course Development, Implementation, and Reporting. |
| Maryland |
MD SB 207 |
Enacted |
Establishes certain cybersecurity standards applicable to insurance carriers, including health maintenance organizations and third party administrators, requires a carrier to take certain actions related to cybersecurity, including developing, implementing, and maintaining a certain information security program, identifying certain threats, and establishing a certain incident response plan, requires a carrier to notify the Insurance Commissioner that a cybersecurity event occurred. |
| Maryland |
MD SB 290 |
Enacted |
Makes the proposed appropriations contained in the State Budget for the fiscal year ending on specified date, in accordance with Article III, Section 52 of the Maryland Constitution, relates to appropriations and budgetary provisions. |
| Maryland |
MD SB 390 |
Failed |
Codifies the establishment of the Office of Security Management within the Department of Information Technology, the position of State Chief Information Security Officer, and the Maryland Cybersecurity Coordinating Council, alters the membership of the Council, requires each unit of the Legislative Branch or Judicial Branch of State government that uses a certain network to certify certain compliance to the Department by specified date each year. |
| Maryland |
MD SB 633 |
Enacted |
Makes alterations to the 9-1-1 Emergency Telephone System in the State, alters the classification of 9-1-1 specialists, authorizes 9-1-1 specialists to seek certain treatment confidentially, requires the Maryland 9-1-1 Board to establish certain procedures governing vacancies on the Board, alters the Powers and duties of the Board with respect to public safety answering point personnel and cybersecurity standards. |
| Maryland |
MD SB 749 |
Failed |
Establishes the Maryland 3-1-1 Board to establish requirements, procedures, and standards for the establishment of statewide and county 3-1-1 systems, establishes a statewide 3-1-1 system under the Maryland Department of Emergency Management to provide certain nonemergency information, subject to certain requirements, requires a county to be responsible for certain costs and expenses associated with a county 3-1-1 system. |
| Maryland |
MD SB 753 |
Failed |
Establishes the Cybersecurity Workforce Accelerator Program at the University of Maryland Baltimore County to increase the cybersecurity workforce in the State, increase the investment of the State in cybersecurity workforce programs and educational programs at certain institutions, and for other purposes related to the cybersecurity workforce in the State, requires the Department of Commerce and the Maryland Department of Labor to assist in administering the Accelerator Program as necessary. |
| Maryland |
MD SB 754 |
Enacted |
Establishes the Cyber Preparedness Unit in the Maryland Department of Emergency Management, establishes certain responsibilities of the Unit, requires local governments to report certain cybersecurity incidents in a certain manner and under certain circumstances, requires the State Security Operations Center to notify appropriate agencies of a cybersecurity incident in a certain manner, establishes the Cybersecurity Fusion Center in the Maryland Department of Emergency Management. |
| Maryland |
MD SB 780 |
Failed |
Establishes the Office of Security Management within the Department of Information Technology, certain Office positions, and the Maryland Cybersecurity Coordinating Council, establishes certain responsibilities and authority of the Office, centralizes authority and control of the procurement of all information technology for the Executive Branch of State government in the Department of Information Technology. |
| Maryland |
MD SB 782 |
Failed |
Establishes the Workgroup on the Post Coronavirus Crisis Economic Transition to make recommendations regarding how the State may adjust its economic development and other strategies in the context of changes resulting from crises in certain sectors, requires the Workgroup to submit an interim report on or before a specified date, and a final report on or before a specified date to the Governor and the General Assembly. |
| Maryland |
MD SB 810 |
Failed |
Authorizes the Department of Emergency Management to take action to reduce the disaster risk and vulnerability of critical infrastructure, establishes the Critical Infrastructure Cybersecurity Grant Program in the Department to leverage certain funds to make cybersecurity improvements to critical infrastructure, alters the duties and staffing requirements of the Public Service Commission to include cybersecurity, authorizes the Office of People's Counsel to retain or hire an expert in cybersecurity. |
| Maryland |
MD SB 811 |
Failed |
Authorizes the Maryland Stadium Authority to issue bonds and, in consultation with the Department of Information Technology, finance projects related to information technology and cybersecurity-related State government infrastructure, establishes an Information Technology and Cybersecurity Infrastructure Fund as a special, non-lapsing fund, establishes a Statewide Reporting Framework and Oversight Commission in the Department. |
| Maryland |
MD SB 812 |
Enacted |
Establishes the Office of Security Management within the Department of Information Technology and the Maryland Cybersecurity Coordinating Council, centralizes authority and control of the procurement of all information technology for the Executive Branch of State government, exempts meetings of the Council from the Open Meetings Act, requires each unit of the Executive Branch of State government and certain local entities to report certain cybersecurity incidents. |
| Massachusetts |
MA HB 107 |
Pending |
Regulates privacy and technology in education. |
| Massachusetts |
MA HB 122 |
Pending |
Relates to cyber procurement insurance. |
| Massachusetts |
MA HB 349 |
Pending |
Relates to the security of personal financial information. |
| Massachusetts |
MA HB 3132 |
Pending |
Establishes a task force to study the need for increased cyber security within government agencies. |
| Massachusetts |
MA HB 3133 |
Pending |
Relates to cybersecurity standards in state contracts or procurements. |
| Massachusetts |
MA HB 4514 |
Pending |
Establishes the Massachusetts Information Privacy and Security Act. |
| Massachusetts |
MA HB 4720 |
Pending |
Invests in Future Opportunities for Resiliency, Workforce, and Revitalized Downtowns. |
| Massachusetts |
MA HD 4731 |
Pending |
Finances the general governmental infrastructure of the Commonwealth. |
| Massachusetts |
MA SB 51 |
Pending |
Creates an office of data protection, cybersecurity, and privacy. |
| Massachusetts |
MA SB 55 |
Pending |
Relates to cyber crime prevention in schools. |
| Massachusetts |
MA SB 2088 |
Pending |
Establishes a Cybersecurity Control and Review Commission. |
| Massachusetts |
MA SB 2633 |
Adopted |
Relates to granting the committee on advanced information technology, the internet and cybersecurity until April 30, 2022 within which time to make its final report on certain current Senate and House documents relates to advanced information technology, the internet and cybersecurity. |
| Massachusetts |
MA SB 2683 |
Pending |
Authorizes the joint committee on Advanced Information Technology, the Internet and Cybersecurity to make an investigation and study of certain current Senate documents relative to advanced information technology, the internet and cybersecurity matters. |
| Massachusetts |
MA SB 2687 |
Pending |
Relates to establishing the Massachusetts Information Privacy and Security Act. |
| Michigan |
MI HB 5036 |
Enacted |
Provides technology, management, and budget department to create resources concerning digital literacy and cyber safety on public website to House Communications and Technology Committee. |
| Michigan |
MI SB 520 |
Pending |
Provides technology, management, and budget department to create resources concerning digital literacy and cyber safety on public website. |
| Michigan |
MI SB 672 |
Pending |
Provides for an affirmative defense for covered entities with cybersecurity programs under certain circumstances. |
| Minnesota |
MN HB 4069 |
Failed |
Relates to state government, appropriates money in the data security account. |
| Minnesota |
MN HB 4125 |
Failed |
Relates to the financing of State government, appropriates money for certain constitutional offices, State agencies, and Veterans Affairs, modifies data practices provisions, establishes the Office of Enterprise Translations and the language access service account, establishes county and local cybersecurity grants, modifies provisions governing burial grounds and cemeteries, modifies provisions governing military veterans, establishes a Veterans Service Organization grant program. |
| Minnesota |
MN HB 4568 |
Failed |
Relates to emergency management, protects information and telecommunications technology systems and services during emergencies. |
| Minnesota |
MN SB 3468 |
Failed |
Relates to state government, appropriates money in the data security account. |
| Minnesota |
MN SB 4002 |
Failed |
Relates to the financing of state government, appropriates money for certain constitutional offices, state agencies, and Veterans Affairs, modifies data practices provisions, establishes the Office of Enterprise Translations and the language access service account, establishes county and local cybersecurity grants, modifies provisions governing burial grounds and cemeteries, modifies provisions governing military veterans, establishes a Veterans Service Organization grant program. |
| Minnesota |
MN SB 4388 |
Failed |
Relates to emergency management, protects information and telecommunications technology systems and services during emergencies. |
| Missouri |
MO HB 1878 |
Enacted |
Relates to elections, with penalty provisions, provides that the secretary of state shall have the authority to, at his or her discretion, audit the list of registered voters for any local election authority to ensure accuracy. Provides for cybersecurity reviews and other measures. |
| Missouri |
MO HB 2436 |
Failed |
Creates a grant program for employers to enhance cybersecurity. |
| Missouri |
MO SB 674 |
Failed |
Relates to grants to employers for the purpose of enhancing cybersecurity. |
| Missouri |
MO SB 1215 |
Failed |
Creates provisions relating to a task force on cyber crimes. |
| Mississippi |
MS SB 2530 |
Vetoed |
Establishes the State Enterprise Security Program, for purpose of possible amendment. |
| Nebraska |
NE L 904 |
Failed |
Appropriates federal funds to the University of Nebraska for an Artificial Intelligence, Cybersecurity, and Holland Computer Center facility. |
| New Hampshire |
NH HB 1277 |
Enacted |
Defines cybersecurity incident and requires that political subdivisions report such incidents to the Department of Information Technology. |
| New Hampshire |
NH LSR 546 |
Pending |
Establishes the position of chief information security officer and deputy chief information security officer in the department of information technology. |
| New Jersey |
NJ AB 493 |
Pending |
Requires public agencies report cybersecurity incidents to New Jersey Office of Homeland Security and Preparedness. |
| New Jersey |
NJ AB 1450 |
Pending |
Concerns information security standards and guidelines for state and local government. |
| New Jersey |
NJ AB 1671 |
Pending |
Requires state, county, and municipal employees and certain state contractors to complete cybersecurity awareness training. |
| New Jersey |
NJ AB 1703 |
Pending |
Requires certain persons and business entities to maintain comprehensive information security program. |
| New Jersey |
NJ AB 1848 |
Pending |
Requires state employees to receive best cybersecurity practices. |
| New Jersey |
NJ AB 1962 |
Pending |
Directs state Cybersecurity and Communications Integration Cell, Office of Information Technology, and state Big Data Alliance to develop advanced cyberinfrastucture strategic plan. |
| New Jersey |
NJ AB 1979 |
Pending |
Requires businesses in financial, essential infrastructure, and health care industries to report cybersecurity incidents. |
| New Jersey |
NJ AB 1980 |
Pending |
Establishes cybersecurity employment grant program for qualified businesses, appropriates funds. |
| New Jersey |
NJ AB 1981 |
Pending |
Requires businesses in financial, essential infrastructure, and health care industries to develop cybersecurity plans. |
| New Jersey |
NJ AB 1982 |
Pending |
Requires instruction on cybersecurity in grades nine through 12, requires Office of Secretary of Higher Education to develop cybersecurity model curricula, establishes loan redemption programs for individuals in certain cybersecurity occupations. |
| New Jersey |
NJ AB 1983 |
Pending |
Requires municipalities, counties, and school districts to report cybersecurity incidents, provides for reimbursement. |
| New Jersey |
NJ AB 3379 |
Pending |
Requires public institutions of higher education to establish plans concerning cyber security and prevention of cyber attacks. |
| New Jersey |
NJ AB 4013 |
Pending |
Requires each principal department in Executive Branch and each State college to conduct review of department's or college's cybersecurity infrastructure and make recommendations. |
| New Jersey |
NJ AB 4050 |
Pending |
Provides protections for social media users, creates private cause of action for social media users whose accounts have been hacked and not restored by social media websites under certain circumstances. |
| New Jersey |
NJ AB 4184 |
Pending |
Requires shared service incentive programs to allow hiring of information technology and cyber security professionals. |
|
| New Jersey |
NJ AB 4444 |
Pending |
Requires certain persons and business entities to maintain comprehensive information security program. |
| New Jersey |
NJ AJR 66 |
Pending |
Establishes state Cybersecurity Task Force. |
| New Jersey |
NJ AJR 119 |
Pending |
Designates October of each year as Cyber Security Awareness Month. |
| New Jersey |
NJ SB 297 |
Pending |
Provides that every public agency and government contractor shall report cybersecurity incidents to the New Jersey Office of Homeland Security and Preparedness, provides that the report shall be made within a specified number of hours of when the public agency or government contractor reasonably believes that a cybersecurity incident has occurred. |
| New Jersey |
NJ SB 423 |
Pending |
Directs the state Cybersecurity and Communications Integration Cell, Office of Information Technology, and the State Big Data Alliance to develop an advanced cyber infrastructure strategic plan. |
| New Jersey |
NJ SB 484 |
Pending |
Requires each government entity in the state to conduct review of cybersecurity infrastructure and make recommendations. |
| New Jersey |
NJ SB 1860 |
Pending |
Creates affirmative defense for certain breaches of security. |
| New Jersey |
NJ SB 2827 |
Pending |
Requires shared service incentive programs to allow hiring of information technology and cyber security professionals. |
| New Jersey |
NJ SJR 12 |
Pending |
Establishes State Cybersecurity Task Force. |
| New Mexico |
NM HB 2 |
Enacted |
Makes general appropriations and authorizing expenditures by state agencies required by law. Provides funding to assist public postsecondary educational institutions and school districts and charter schools in performing risk-based vulnerability management and penetration testing to identify, deter, protect against, detect, remediate and respond to cyber threats and ransomware. Provides that the office of the chief information security officer of the department of information technology will act in an oversight capacity and serve to certify cyber security projects. |
| New Mexico |
NM HB 122 |
Failed |
Makes an appropriation to the Department of Information Technology for the development of a cybersecurity program for all school districts, charter schools and state special schools and the statewide education technology infrastructure network by the end of fiscal year 2026. |
| New Mexico |
NM SB 98 |
Failed |
Relates to Cybersecurity Act. |
| New York |
NY AB 322 |
Pending |
Relates to the security of connected devices. |
| New York |
NY AB 535 |
Pending |
Enacts the New York Grid Modernization Act to address the aging infrastructure, establishes the grid modernization program, defines terms, creates the smart grid advisory council, makes related changes. |
| New York |
NY AB 749 |
Pending |
Authorizes continuing care retirement communities to adopt a written cybersecurity policy, requires such policies to be self-certified and approved by the superintendent. |
| New York |
NY AB 3847 |
Pending |
Establishes the crime of disruption of an online public meeting when a person with intent to cause public inconvenience, annoyance or alarm, without lawful authority, and acting through a computer service, he or she disturbs any lawful assembly or meeting of persons open to the public conducted through a computer service, makes such crime a class B misdemeanor. |
| New York |
NY AB 3900 |
Pending |
Establishes a commission to study the European Union's general protection data regulation and the current state of cybersecurity in the state. |
| New York |
NY AB 3904 |
To Governor |
Relates to critical energy infrastructure security and responsibility. |
| New York |
NY AB 4567 |
Pending |
Establishes the School District Cyber Crime Prevention Services Program to provide school districts with information on strategies, best practices and programs offering training and assistance in the prevention of cyber crimes in school districts or otherwise affecting school districts, provides further that information on eligibility and applications for financial assistance be made available to school districts. |
| New York |
NY AB 4581 |
Pending |
Establishes the misdemeanor of interfering in the election process by electronic means. |
| New York |
NY AB 4640 |
Pending |
Requires the Department of Education to provide annual notifications to school districts to combat cyber crime. |
| New York |
NY AB 4892 |
Pending |
Creates the crime of cyberterrorism and calculating damages caused by computer tampering, cyberterrorism shall be a class B felony. |
| New York |
NY AB 6774 |
Pending |
Relates to contracts pertaining to information technology cloud services, requires bidders for such contracts to be certified by the federal risk authorization management program. |
| New York |
NY AB 6984 |
Pending |
Establishes civilian cyber security reserve Forces within the New York state militia to be capable of being expanded and trained to educate and protect state, county, and local government entities, critical infrastructure, including election systems, businesses and citizens of the state from cyber attacks, makes related provisions. |
| New York |
NY AB 7983 |
Pending |
Relates to computer-related crimes, Creates the crimes unlawful disruption of computer services in the first and second degree, unlawful computer access assistance in the first and second degree, unauthorized use of internet domain name or profile, and unlawful introduction of a computer contaminant, allows for a civil action for compensatory damages for victims of such crimes. |
| New York |
NY AB 9641 |
Pending |
Amends the Chap 57 of 2005, requires the New York state higher education capital matching grant board to award matching capital grants totaling two million dollars for projects to implement, modify, or otherwise enhance cyber security infrastructure, makes related provisions. |
| New York |
NY AB 9951 |
Pending |
Directs that state agencies require that procurement of personal computing goods, services and solutions meet the National Institute of Standards and Technology Cybersecurity Framework. |
| New York |
NY AB 9952 |
Pending |
Enacts the Critical Infrastructure Standards and Procedures Act. |
| New York |
NY AB 9995 |
Pending |
Creates a cyber security enhancement fund to be used for the purpose of upgrading cyber security in local governments, including but not limited to, villages, towns and cities with a population of one million or less, restricts the use of taxpayer moneys in paying ransoms in response to ransomware attacks. |
| New York |
NY SB 118 |
Pending |
Establishes the misdemeanor of interfering in the election process by electronic means. |
| New York |
NY SB 348 |
Pending |
Requires the Department of Education to provide annual notifications to school districts to combat cyber crime. |
| New York |
NY SB 349 |
Pending |
Establishes the school district cyber crime prevention services program. |
| New York |
NY SB 2087 |
Pending |
Amends the Tax Law, relates to a business tax credit for purchase of data breach insurance. |
| New York |
NY SB 2652 |
Pending |
Amends the State Technology Law, requires governmental entities to implement multifactor authentication for local and remote network access. |
| New York |
NY SB 3213 |
Pending |
Directs that state agencies require that procurement of personal computing goods, services and solutions meet the National Institute of Standards and Technology Cybersecurity Framework. |
| New York |
NY SB 3830 |
Pending |
Requires manufacturers of connected devices to equip such devices with reasonable security features. |
| New York |
NY SB 5186 |
Pending |
Relates to computer-related crimes, creates the crimes unlawful disruption of computer services in the first and second degree, unlawful computer access assistance in the first and second degree, unauthorized use of internet domain name or profile, and unlawful introduction of a computer contaminant, allows for a civil action for compensatory damages for victims of such crimes. |
| New York |
NY SB 5410 |
Pending |
Elevates all computer tampering offenses by one degree in severity. |
| New York |
NY SB 5579 |
Pending |
Provides that the Public Service Commission shall have the power to provide for an annual audit of gas corporations and electric corporations relating to the adequacy of cyber security policies, protocols, procedures and protections including, but not limited to, as such policies, protocols, procedures and protections relate to critical energy infrastructure and also to customer privacy. |
| New York |
NY SB 6068 |
Pending |
Establishes a commission to study the European Union's general protection data regulation and the current state of cybersecurity in the state. |
| New York |
NY SB 6154 |
Pending |
Creates a Cyber Security Enhancement Fund to be used for the purpose of upgrading cyber security in local governments, including but not limited to, villages, towns and cities with a population of one million or less, restricts the use of taxpayer moneys in paying ransoms in response to ransomware attacks. |
| New York |
NY SB 6515 |
Pending |
Requires all state agencies to utilize third-party, commercial cloud computing solutions for any new information technology or telecommunications investments on or before a specified date. |
| New York |
NY SB 6806 |
Pending |
Prohibits governmental entities, business entities and health care entities from paying a ransom in the event of a cyber incident or a cyber ransom or ransomware attack. |
| New York |
NY SB 7312 |
Pending |
Enacts the "Critical Infrastructure Standards and Procedures (CRISP) Act". |
| New York |
NY SB 7512 |
Pending |
Requires the New York state higher education capital matching grant board to award matching capital grants totaling two million dollars for projects to implement, modify, or otherwise enhance cyber security infrastructure, makes related provisions. |
| New York |
NY SB 9005 |
Pending |
Establishes the Secure Our Data Act, relates to state entities preparing for and protecting against a ransomware attack. |
| North Carolina |
NC HB 1132 |
Pending |
Appropriates funds for cybersecurity improvements at constituent institutions of the University of North Carolina identified as public historically minority-serving institutions. |
| North Carolina |
NC SB 621 |
Failed |
Appropriates additional funds to support a dedicated North Carolina Defense Cyber Office in the NC Military Business Center. |
| Ohio |
OH HB 116 |
Pending |
Enacts the Computer Crimes Act. |
| Ohio |
OH HB 230 |
Pending |
Regards the state's information technology systems and shared services, makes an appropriation. |
| Ohio |
OH HB 432 |
Pending |
Amends section 1347.12, enacts section 125.184 of the Revised Code regarding data breaches on state agency computer systems. |
| Oklahoma |
OK HB 3064 |
Failed |
Relates to technology, enacts the State Cyber Security Act of 2022, provides for noncodification, provides an effective date. |
| Oklahoma |
OK HCR 1017 |
Failed |
Declares the need for grid modernization technologies and cybersecurity, provides for distribution. |
| Oklahoma |
OK SB 1802 |
Enacted |
Relates to multiple versions of statutes, amends, merges, consolidates and repeals multiple versions of statutes. Requires the Information Services Division of the Office of Management and Enterprise Services to create a standard security risk assessment for state agency information technology systems. Provides that a state agency with an IT system that is not consolidated under the Information Technology Consolidation and Coordination Act is required to have an information security audit that is based upon the most current version of the NIST Cyber-Security Framework. |
| Oregon |
OR D 261 |
Failed |
Modifies composition and duties, powers and functions of Oregon Cybersecurity Advisory Council. |
| Oregon |
OR D 295 |
Failed |
Modifies composition and duties, powers and functions of Oregon Cybersecurity Advisory Council as governing body of Oregon Cybersecurity Center of Excellence, establishes Oregon Cybersecurity Center of Excellence as independent, nonprofit public corporation charged with overseeing, coordinating, funding and providing cybersecurity education, awareness and training for public, private and nonprofit sectors, cybersecurity workforce development and cybersecurity-related goods and services. |
| Oregon |
OR HB 4155 |
Failed |
Relate to cybersecurity, modifies composition and duties, powers and functions of Oregon Cybersecurity Advisory Council. |
| Pennsylvania |
PA HB 40 |
Pending |
Establishes the Office of Information Technology and the Information Technology Fund, provides for administrative and procurement procedures and for the joint cybersecurity oversight committee, imposes duties on the office of information technology, provides for administration of statewide radio network, imposes penalties. |
| Pennsylvania |
PA HB 1362 |
Pending |
Provides for Cybersecurity Coordination Board. |
| Pennsylvania |
PA HB 1397 |
Pending |
Amends the Public Utility Confidential Security Information Disclosure Protection Act, provides for procedures for submitting, challenging and protecting confidential security information, for applicability to other law and for prohibition. |
| Pennsylvania |
PA HB 2499 |
Pending |
Provides for insurance data security, establishes penalties. |
| Pennsylvania |
PA SB 482 |
Pending |
Establishes the Office of Information Technology and the Information Technology Fund, provides for administrative and procurement procedures and for the Joint Cybersecurity Oversight Committee, imposes duties on the Office of Information Technology, provides for administration of Statewide Radio Network, imposes penalties. |
| Pennsylvania |
PA SB 597 |
Pending |
Provides that beginning no later than 18 months after specified date, a water system operator shall annually submit an asset management plan, including a cybersecurity plan. |
| Pennsylvania |
PA SB 696 |
Pending |
Provides for the notification of residents whose personal information data was or may have been disclosed due to a security system breach, imposes penalties, further providing for title of act, for definitions and for notification of breach, prohibits employees of the Commonwealth from using nonsecured Internet connections, provides for Commonwealth policy and for entities subject to the Health Insurance Portability and Accountability Act of 1996, provides for notice exemption. |
| Pennsylvania |
PA SB 726 |
Pending |
Provides for the offense of ransomware, imposes duties on the Office of Administration. |
| Pennsylvania |
PA SB 1048 |
Pending |
Provides for requirements for multifactor authentication to verify claimants for unemployment compensation benefits. |
| Rhode Island |
RI HB 5200 |
Pending |
Adopts the National Association of Insurance Commissioners Cybersecurity Act which establishes the current cybersecurity standard for insurers doing business in this state. |
| Rhode Island |
RI HB 6004 |
Pending |
Relates to elections, relates to mail ballots, entitles disabled and military voters to utilize electronically transmitted ballots. |
| Rhode Island |
RI HB 6042 |
Pending |
Relates to elections, authorizes the secretary of state and board of elections to conduct an extensive cybersecurity assessment of our election systems and facilities and to establish a cybersecurity review board to review and assess our election system, creates a cybersecurity incident response group to adopt protocols in the event of any agency or public body breaches of cybersecurity. |
| Rhode Island |
RI HB 6668 |
Pending |
Authorizes the Secretary of State and Board of Elections to conduct an extensive cybersecurity assessment of our election systems and facilities and to establish a cybersecurity review board to review and assess our election system, creates a cybersecurity incident response group to adopt protocols in the event of any agency or public body breaches of cybersecurity. |
| Rhode Island |
RI HB 7732 |
Enacted |
Authorizes the secretary of state and board of elections to conduct an extensive cybersecurity assessment of our election systems and facilities and to establish a cybersecurity review board to review and assess our election system, creates a cybersecurity incident response group to adopt protocols in the event of any agency or public body breaches of cybersecurity. |
| Rhode Island |
RI HB 7777 |
Pending |
Relates to the National Association of Insurance Commissioners Model Act regarding data security to establish standards for data security and standards for the investigation of and notification to the commissioner of a cybersecurity event, provides that all documents, materials or other information in the control of the Department of Business Regulation, Division of Insurance furnished by a licensee or that are obtained by the commissioner in an investigation. |
| Rhode Island |
RI HB 7883 |
Pending |
Creates a cybersecurity incident response group that would promulgate cybersecurity breach related protocols for agencies and public bodies, require immediate notice of a breach within twenty four hours to the cybersecurity incident response group and the attorney general, and notice to the affected individuals no later than a specified number of days after the discovery of the breach. |
| Rhode Island |
RI SB 340 |
Pending |
Establishes that manufacturers of devices capable of connecting to the Internet equip the devices with reasonable security features. |
| Rhode Island |
RI SB 835 |
Pending |
Authorizes the secretary of state and board of elections to conduct an extensive cybersecurity assessment of our election systems and facilities and to establish a cybersecurity review board to review and assess our election system, creates a cybersecurity incident response group to adopt protocols in the event of any agency or public body breaches of cybersecurity. |
| Rhode Island |
RI SB 2031 |
Pending |
Would establish that manufacturers of devices capable of connecting to the Internet equip the devices with reasonable security features. This act would take effect on January 1, 2023. |
| Rhode Island |
RI SB 2664 |
Pending |
Provides identity theft protections by requiring reporting of breaches by certain municipal and state agencies, requires notice to collective bargaining agents where required and requires an explanation of remediation services. |
| Rhode Island |
RI SB 2744 |
Pending |
Adopts the National Association of Insurance Commissioners Model Act regarding data security. |
| Rhode Island |
RI SB 2809 |
Enacted |
Authorizes the secretary of state and board of elections to conduct an extensive cybersecurity assessment of election systems and facilities and to establish a cybersecurity review board to review and assess our election system, creates a cybersecurity incident response group to adopt protocols in the event of any agency or public body breaches of cybersecurity. |
| South Carolina |
SC HB 5150 |
Enacted |
Makes appropriations and to provide revenues to meet the ordinary expenses of state government for the fiscal year beginning on a specified date, regulates the expenditure of such funds, provides further for the operation of state government during this fiscal year and for other purposes. Requires all state agencies to adopt and implement cyber security policies, guidelines and standards developed by the Department of Administration. The department may conduct audits on state agencies as necessary to monitor compliance with established cyber security policies, guidelines and standards. |
| South Dakota |
SD HB 1092 |
Enacted |
Appropriates funds for purposes of creating the precision agriculture cybersecurity CyberAg partnership initiative between South Dakota State University and Dakota State University, developing undergraduate and graduate curricula, engaging in research, and providing associated outreach programming and communication to address agricultural security threats. |
| Tennessee |
TN SB 2282 |
Enacted |
Provides that by specified date, or within one (1) year after a utility is formed, whichever is later, a utility shall prepare and implement a cyber security plan to provide for the protection of the utilitys facilities from unauthorized use, alteration, ransom, or destruction of electronic data. |
| Utah |
UT HB 280 |
Enacted |
Creates the Cybersecurity Commission to gather information and share best practices on cybersecurity, repeals the Data Security Management Council, creates the Cybersecurity Commission, directs the appointment of members to the commission, directs the commission to gather information about cybersecurity, authorizes the commission to share information it gathers with the governor, directs the commission to establish guidelines and best practices with respect to cybersecurity protections. |
| Utah |
UT HB 457 |
Failed |
Amends provisions related to the protection of personal information. |
| Utah |
UT SB 15 |
Enacted |
Amends provisions relating to the Department of Government Operations, permits the Data Security Management Council to hold a closed meeting to conduct business relating to information technology security, modifies provisions relating to rulemaking authority, clarifies provisions relating to the setting of rates and fees, clarifies provisions relating to risk management, modifies provisions relating to the duties of the Division of Archives and Records Services. |
| Virginia |
VA HB 30 |
Enacted |
Relates to Budget Bill, provides for all appropriations of the Budget submitted by the Governor of Virginia in accordance with the provisions of Section 2.2-1509, Code of Virginia, and to provide a portion of revenues for the two years ending respectively on the thirtieth day of June, 2023, and the thirtieth day of June, 2024. Provides funding for the Commonwealth Cyber Initiative (CCI) for resources for faculty recruiting and to the Cybersecurity Public Service Grant Program (the Program) as a public-private initiative for the purpose of attracting to and retaining in qualified employment talented recent graduates and veterans to meet qualified employers' growing demand for cybersecurity professionals. |
| Virginia |
VA HB 442 |
Failed |
Relates to income tax credit, relates to employers of G3 Program or cybersecurity graduates, creates a nonrefundable individual and corporate income tax credit for employers that hire eligible employees who are graduates of the Get Skilled, Get a Job, Give Back Program (G3 Program) or graduates with a degree in cybersecurity from a Virginia four-year institution of higher education, provides that the credit is available for taxable years 2022 through 2026, is equal to $1,000 per eligible employee hired. |
| Virginia |
VA HB 466 |
Failed |
Relates to register of volunteer cybersecurity and information technology professionals, directs the Secretary of Administration to establish a register of cybersecurity and information technology professionals interested in volunteering to assist localities and school divisions, in collaborating on workforce development, and in providing mentorship opportunities. |
| Virginia |
VA HB 1290 |
Enacted |
Relates to public bodies, relates to security of government databases and data communications. |
| Virginia |
VA SB 764 |
Enacted |
Relates to public bodies, relates to security of government databases and data communications. Requires every public body to report all (i) known incidents that threaten the security of the Commonwealth's data or communications or result in exposure of data protected by federal or state laws and (ii) other incidents compromising the security of the public body's information technology systems with the potential to cause major disruption to normal activities of the public body or other public bodies. Such reports shall be made to the Virginia Fusion Intelligence Center within 24 hours from when the incident was discovered. The Virginia Fusion Intelligence Center shall share such reports with the Chief Information Officer or his designee at the Virginia Information Technologies Agency, promptly upon receipt. |
| Vermont |
VT HB 515 |
Enacted |
Makes various amendments to Vermont law pertaining to banking, securities, and insurance regulation, including with respect to travel insurance, data security, and whistleblower awards and protection. |
| Washington |
WA HB 1190 |
Failed |
Fosters economic growth in Washington by supporting emerging businesses in the new space economy. |
| Washington |
WA HB 2044 |
Failed |
Concerns the protection of critical constituent and state operational data against the financial and personal harm caused by ransomware and other malicious cyber activities. |
| Washington |
WA SB 5693 |
Enacted |
Makes 2021-2023 fiscal biennium supplemental operating appropriations, defines certain terms, provides for conditions and limitations on certain appropriations. Provides funding for the security operations center, including identified needs for expanded operations, systems, technology tools, training resources; additional staff dedicated to the cyber and physical security of election operations at the office and county election offices; expanding security assessments, threat monitoring, enhanced security training; and providing grants to county partners to address identified threats and expand existing grants and contracts with other public and private organizations such as the Washington military department, national guard, private companies providing cyber security, and county election offices. Provides funding for cybersecurity initiatives in the workforce education investment account. |
| Washington |
WA SB 5916 |
Failed |
Concerns the protection of critical constituent and state operational data against the financial and personal harm caused by ransomware and other malicious cyber activities. |
| Washington |
WA SB 5956 |
Failed |
Concerns insurance data security. |
| Wisconsin |
WI AB 147 |
Failed |
Imposes requirements related to insurance data cybersecurity, grants rule making authority. |
| Wisconsin |
WI AB 818 |
Failed |
Concerns cybersecurity standards for state government entities, grants rule making authority. |
| Wisconsin |
WI SB 786 |
Failed |
Concerns cybersecurity standards for state government entities, grants rule making authority. |
| West Virginia |
WV HB 4498 |
Failed |
Increases the financial penalties in regard to ransomware attacks. |
| West Virginia |
WV SB 529 |
Enacted |
Relates to computer science education in schools, recognizes a need to provide coursework on computational thinking, block based programming, text based programming, network communication, computer architecture, coding, application development, digital literacy, and cyber security, requires the board to update and build upon prior computer science education plans and policy to include additional subject matter, removes obsolete language. |
| Puerto Rico |
PR HR 468 |
Pending |
Orders the House Committee on Finance and Budget to carry out an investigation into the cyber attack caused by ransomware in 2017, causing a state of emergency in the Department of the Treasury. |
| Puerto Rico |
PR SB 118 |
Pending |
Amends Law 20 of 2017, the Law of the Department of Security, in order to add functions and powers to the Office of Security Information Management, which are essential to really achieve the implementation of the system interoperability of communications and that it has a proper and accurate operation. |