Bill
Bill > S1176
NJ S1176
NJ S1176Requires certain procedures and training for municipalities, counties, and school districts in response to cybersecurity incidents.
summary
Introduced
01/13/2026
01/13/2026
In Committee
01/13/2026
01/13/2026
Crossed Over
Passed
Dead
Introduced Session
2026-2027 Regular Session
Bill Summary
The bill expands on certain cybersecurity requirements for municipalities, counties, and school districts, as defined in the bill. In the event that a cybersecurity incident impacts a municipality, county, or school district, no later than 30 days after receiving a cybersecurity incident notification, the New Jersey Office of Homeland Security and Preparedness (office) is required to contract with an independent cybersecurity company to audit the cybersecurity program of the municipality, county, or school district, and to audit any actions the municipality, county, or school district took in response to the cybersecurity incident. The audit is to be paid for by the office and is to be provided to the municipality, county, or school district by the cybersecurity company upon completion. The bill requires that, within six months of an audit in response to a cybersecurity incident but not more than once per calendar year, all municipal and county officers and employees, including all school district employees, are to complete a cybersecurity awareness training program developed by the office, in consultation with the Attorney General, and verify completion as required by the bill. The bill requires that the governing body of each municipality, county, or school district, as appropriate, complete periodic audits to ensure compliance with this training requirement. The bill permits a municipality, county, or school district to apply to the office for reimbursement for any costs incurred pursuant to the requirements of the bill, and provides that the municipality, county, or school district is to submit the audit completed by the independent cybersecurity company and any corrective action plans derived from the audit to the office. Any information collected and shared pursuant to specific provisions of the bill are not to be subject to the provisions of the open public records act.
AI Summary
This bill requires municipalities, counties, and school districts to undergo specific procedures and training in response to cybersecurity incidents, which are defined as malicious or suspicious events that compromise the integrity, confidentiality, or availability of computer systems and data. If a cybersecurity incident affects one of these entities, the New Jersey Office of Homeland Security and Preparedness (the office) must hire an independent cybersecurity company to audit the entity's cybersecurity program and its response to the incident within 30 days of notification. This audit, paid for by the office, will identify threats, vulnerabilities, and weaknesses, and suggest strategies for improvement. Within six months of the audit, all municipal, county, and school district employees must complete a cybersecurity awareness training program developed by the office in consultation with the Attorney General, with governing bodies responsible for ensuring compliance through periodic audits. Municipalities, counties, and school districts can apply to the office for reimbursement of costs incurred due to these requirements, and information collected and shared under these provisions will be exempt from public disclosure under the open public records act.
Committee Categories
Housing and Urban Affairs
Sponsors (2)
Last Action
Introduced in the Senate, Referred to Senate Community and Urban Affairs Committee (on 01/13/2026)
Official Document
bill text
bill summary
Loading...
bill summary
Loading...
bill summary
| Document Type | Source Location |
|---|---|
| State Bill Page | https://www.njleg.state.nj.us/bill-search/2026/S1176 |
| BillText | https://pub.njleg.gov/Bills/2026/S1500/1176_I1.HTM |
Loading...