Bill > A00426

This bill modifies New York state procurement requirements for end point devices, which are defined as personal computing goods like desktops, laptops, tablets, mobile phones, printers, and multi-functional devices. Specifically, the bill requires that when state agencies and the state commissioner purchase these devices, they must align with relevant standards, guidelines, or guidance developed as part of the National Institute of Standards and Technology (NIST) Cybersecurity Framework. The bill removes previous language that required devices to "meet" specific security standards and instead mandates consistency with NIST cybersecurity guidelines. It also eliminates a previous provision that would have required agencies to update their procurement requirements within one year of any amendments to the security standards. The change appears to provide more flexibility in interpretation while still emphasizing the importance of cybersecurity standards in state technology procurement.

Business and Industry

https://www.nysenate.gov/legislation/bills/2025/A426