Bill
Bill > S02671
NY S02671
NY S02671Directs that state agencies require that procurement of end point devices be consistent with any relevant standards, guidelines, or guidance developed as part of the National Institute of Standards and Technology (NIST) Cybersecurity Framework.
summary
Introduced
01/22/2025
01/22/2025
In Committee
01/22/2025
01/22/2025
Crossed Over
Passed
Dead
Introduced Session
2025-2026 General Assembly
Bill Summary
AN ACT to amend the state finance law, in relation to procurement requirements for end point device security
AI Summary
This bill amends the state finance law to modify procurement requirements for end point devices, which are defined as personal computing goods like desktops, laptops, tablets, mobile phones, printers, and multi-functional devices. Specifically, the bill requires that when state agencies purchase these devices, they must ensure the procurement is consistent with standards, guidelines, or guidance developed as part of the National Institute of Standards and Technology (NIST) Cybersecurity Framework. The bill removes previous language that required devices to "meet" certain security standards and eliminates a provision that would have required agencies to update their procurement requirements within one year of any amendments to security standards. By aligning procurement with the NIST Cybersecurity Framework, the bill aims to enhance the cybersecurity of state agency technology infrastructure and ensure that purchased devices meet current best practices for digital security.
Sponsors (1)
Last Action
Companion passed 2025-02-14 (on 02/14/2025)
Official Document
bill text
bill summary
Loading...
bill summary
Loading...
bill summary
| Document Type | Source Location |
|---|---|
| State Bill Page | https://www.nysenate.gov/legislation/bills/2025/S2671 |
| BillText | https://assembly.state.ny.us/leg/?default_fld=&bn=S02671&term=2025&Summary=Y&Actions=Y&Text=Y&Committee%26nbspVotes=Y&Floor%26nbspVotes=Y#S02671 |
Loading...