Bill > S0770

Introduced Session

An act relating to cybersecurity; amending s. 110.205, F.S.; exempting the state chief technology officer from the Career Service System; amending s. 282.0041, F.S.; revising definitions of the terms “data” and “open data”; defining the terms “enterprise digital data”; amending s. 282.0051, F.S.; revising the purpose of the Florida Digital Service; revising the timeframes for the Florida Digital Service to issue certain reports to the Governor and the Legislature; requiring that, by a specified date, an annual report on specified alternative standards be provided to the Governor and the Legislature; requiring the Florida Digital Service to support state agencies with the use of electronic credentials in compliance with specified standards; requiring the state chief information officer, in consultation with the Secretary of Management Services, to designate a state chief technology officer; providing requirements for such position; providing the responsibilities of the state chief technology officer; amending s. 282.318, F.S.; revising the standards and processes for assessing state agency cybersecurity risks of the Department of Management Services, acting through the Florida Digital Service; requiring state agencies to report all ransomware and cybersecurity incidents to the Cybersecurity Operations Center and the Cybercrime Office; requiring the Cybersecurity Operations Center to notify the state chief information officer and the state chief information security officer immediately of a reported incident; requiring the state chief information officer, in consultation with the state chief information security officer, to notify the Legislature of certain reported incidents within a specified timeframe; revising the timeframe during which the Cybersecurity Operations Center is required to provide a consolidated incident report to the Governor, the Legislature, and the Florida Cybersecurity Advisory Council; revising the name of an Emergency Support Function from ESF-Cyber to ESF 20; revising the specified date by which a state agency head must designate an information security manager; requiring that the agency strategic cybersecurity plan take the statewide cybersecurity strategic plan into consideration; requiring that such agency operational cybersecurity program include a certain set of measures for a specified purpose; requiring agency heads to require that enterprise digital data be maintained in accordance with specified provisions; providing construction; authorizing designated members of the Legislature and designated members of legislative staff to attend portions of meetings where material exempt from public disclosure is discussed, under certain circumstances; amending s. 282.3185, F.S.; revising the timeframes in which a local government must report a discovery of all ransomware incidents and certain cybersecurity incidents; requiring the Cybersecurity Operations Center to notify immediately the state chief information officer and the state chief information security officer of a reported incident; requiring the state chief information officer, in consultation with the state chief information security officer, to notify the Legislature of incidents of certain severity levels within a specified timeframe; revising the timeframe during which the Cybersecurity Operations Center is required to provide a quarterly consolidated incident report to the Legislature and the Florida Cybersecurity Advisory Council; amending s. 282.319, F.S.; revising the membership of the Florida Cybersecurity Advisory Council; providing an effective date.

AI Summary

Gayle Harrell (R)*, 

Died in Governmental Oversight and Accountability (on 06/16/2025)

Official Document