Bill > HB1549

This bill establishes the Arkansas Cybersecurity Act of 2025, which creates a State Cybersecurity Office managed by a State Information Security Officer to centralize and improve cybersecurity efforts across state agencies. The bill defines key terms like cybersecurity (protecting systems, networks, and data from threats) and establishes the office's primary responsibilities, which include directing cybersecurity functions for all state agencies, maximizing cybersecurity resources, and establishing governance policies and standards. The office will be responsible for creating comprehensive cybersecurity protocols such as data classification, threat detection, cybersecurity awareness training, and incident response planning. Notably, the bill requires cybersecurity personnel from each state agency to functionally report to the State Cybersecurity Office while maintaining their original agency's funding and daily management. The office must report its audit and enforcement findings to the Joint Committee on Advanced Communications and Information Technology at least twice per year. State agencies must comply with the office's governance standards, though they may implement more stringent requirements, and federal standards will take precedence when they are stricter. The bill emphasizes protecting state information technology systems and infrastructure while ensuring that existing legal protections for sensitive data remain intact.

Government Affairs, Transportation and Infrastructure

https://arkleg.state.ar.us/Bills/Detail?id=hb1549&ddBienniumSession=2025%2F2025R