Bill > S1887

This bill establishes a Cybersecurity Control and Review Commission to develop and implement cybersecurity standards for the Commonwealth of Massachusetts. The Commission will consist of 13 members, including state officials and representatives from various industries such as healthcare, banking, utilities, and academia. The key provisions of the bill are: 1. The Commission will recommend standards for interagency cybersecurity data collaboration, state hardware and software acquisitions, state employee cybersecurity training, and protection of state data, based on the National Institute of Standards and Technology (NIST) Cybersecurity Framework. 2. The Commission will make these cybersecurity standards available to businesses operating within the Commonwealth and create a process for cybersecurity accreditation for businesses that demonstrate a pattern of following the standards. 3. Private sector businesses contracted with state agencies or handling critical infrastructure or critical data will be required to adopt the Commission's standards for their specific sector. 4. The Commission will tailor its recommendations to the five specific industries with representatives on the Commission, and also produce generalized recommendations for all private and public sector agencies. 5. The Commission will submit an annual confidential report to the Special Senate Committee on Cyber Security and the Massachusetts State Legislature, describing recommendations to ensure the sustainability of the Commonwealth's critical infrastructure and data protection cybersecurity standards and preparedness. The Commission will also produce a publicly viewable version of the report by the end of each year.

Government Affairs

https://malegislature.gov/Bills/191/S1887