Bill > S2088

This bill establishes a Cybersecurity Control and Review Commission to recommend standards for cybersecurity data collaboration, state hardware and software acquisitions, state employee training, and protection of state data. The standards will be based on the National Institute of Standards and Technology Cybersecurity Framework. Private and public sector agencies may have to follow the general cybersecurity recommendations as well as applicable sector-specific recommendations for healthcare, banking, utilities, or academia. The commission will also create a process for cybersecurity accreditation for businesses that demonstrate a pattern of following the cybersecurity standards. Any business that contracts with state agencies or handles critical infrastructure or data will be required to adopt the commission's standards for its specific sector. The commission will submit an annual confidential report to the legislature with recommendations to ensure the sustainability of the commonwealth's critical infrastructure and data protection cybersecurity standards and preparedness, and a condensed public version of the report will also be made available.

Budget and Finance, Government Affairs

https://malegislature.gov/Bills/192/S2088