Bill > S3100

This bill requires businesses in the financial, essential infrastructure, and healthcare industries, referred to as "sensitive businesses," to develop and implement comprehensive cybersecurity programs. These programs must include identifying a responsible individual for cyber risk management, conducting risk assessments, implementing controls, and creating incident response and recovery plans. Sensitive businesses must also adhere to recognized cybersecurity frameworks, such as those from the National Institute of Standards and Technology (NIST), and submit their plans and annual certifications of compliance to the New Jersey Cybersecurity and Communications Integration Cell, a state entity responsible for cybersecurity and communications. Furthermore, these businesses must promptly report any "cybersecurity incident"—an event that compromises the integrity, confidentiality, or availability of computer systems or data—to the same state cell. The bill exempts financial institutions already subject to federal regulations like the Gramm-Leach-Bliley Act.

Budget and Finance, Justice

https://www.njleg.state.nj.us/bill-search/2024/S3100