Revision: Jan. 10, 2021, 10:27 a.m.
HB 425-FN - AS INTRODUCED
2021 SESSION
21-0546
05/08
HOUSE BILL 425-FN
SPONSORS: Rep. L. Ober, Hills. 37
COMMITTEE: Executive Departments and Administration
-----------------------------------------------------------------
ANALYSIS
This bill establishes the positions of chief information security officer and deputy chief information security officer in the department of information technology.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Explanation: Matter added to current law appears in bold italics.
Matter removed from current law appears [in brackets and struckthrough.]
Matter which is either (a) all new or (b) repealed and reenacted appears in regular type.
21-0546
05/08
STATE OF NEW HAMPSHIRE
In the Year of Our Lord Two Thousand Twenty One
Be it Enacted by the Senate and House of Representatives in General Court convened:
1 New Section; Department of Information Technology; Positions Established. Amend RSA 21-R by inserting after section 3 the following new section:
21-R:3-a Chief Information Security Officer and Deputy Chief Information Security Officer; Positions Established. The commissioner of the department of information technology shall appoint a chief information security officer (CISO) and a deputy CISO with the advice and consent of the information technology council, established in RSA 21-R:6, and the director of homeland security and emergency management. The CISO and deputy CISO shall be qualified to hold the position by reason of education and experience, and shall perform such duties as assigned by the commissioner, which may include, but not be limited to, the authority and power with approval of the commissioner to direct and oversee the cybersecurity functions and security posture of the department of information technology and executive branch agencies. The CISO and deputy CISO shall serve continuously until resignation or replacement.
2 Chief Information Security Officer; Deputy Chief Information Security Officer; Salary. The salaries for the unclassified positions established in section 1 of this act shall be determined after assessment and review of the appropriate temporary letter grade allocation in RSA 94:1-a, I(b), which shall be conducted pursuant to RSA 94:1-d and RSA 14:14-c.
3 New Paragraphs; Department of Information Technology; Technical Committees. Amend RSA 21-R:7 by inserting after paragraph VI the following new paragraphs:
VII. Cyber security.
VIII. Cloud technologies or strategies.
4 New Section; Cyber security Advisory Committee. Amend RSA 21-R by inserting after section 15 the following new section:
21-R:16 Cybersecurity Advisory Committee
I. There is hereby established the cybersecurity advisory committee (CAC) which shall be chaired by the chief information security officer.
II. The committee shall advise the commissioner or the commissioner's designee on cybersecurity concerns, promote awareness, develop effective policies and solutions, and obtain consensus on enterprise-wide initiatives that advance the cybersecurity of information assets and technology resources.
III. All executive departments and agencies shall identify and appoint an employee with cybersecurity responsibilities to spearhead agency cybersecurity matters including information security, confidentiality, privacy, and regulatory compliance, and to represent the agency on the CAC. Contributors to the CAC may include representatives with cybersecurity responsibilities from the New Hampshire National Guard, New Hampshire political subdivisions, academic institutions, and select private industry representatives as identified by the CAC.
5 Effective Date. This act shall take effect July 1, 2021.
21-0546
1/6/21
HB 425-FN- FISCAL NOTE
AS INTRODUCED
FISCAL IMPACT: [ X ] State [ ] County [ ] Local [ ] None
|
| |||
| Estimated Increase / (Decrease) | |||
STATE: | FY 2021 | FY 2022 | FY 2023 | FY 2024 |
Appropriation | $0 | Indeterminable | Indeterminable | Indeterminable |
Revenue | $0 | $0 | $0 | $0 |
Expenditures | $0 | Indeterminable | Indeterminable | Indeterminable |
Funding Source: | [ X ] General [ ] Education [ ] Highway [ X ] Other |
METHODOLOGY:
This bill establishes the position of chief information security officer and deputy chief information security officer in the department of information technology. The commissioner of the department of information technology shall appoint a chief information security officer (CISO) and a deputy CISO with the advice and consent of the information technology council, established in RSA 21-R:6, and the director of homeland security and emergency management. The salaries for these unclassified positions shall be determined after assessment and review of the appropriate temporary letter grade allocation in RSA 94:1-a, I(b), which shall be conducted pursuant to RSA 94:1-d and RSA 14:14-c.
The unclassified positions of chief information security officer and deputy chief information security officer currently exist and are fully funded, but are subject to a different appointment process. Because the bill does not transfer existing appropriations and abolish the existing positions, the legislation creates duplicative positions.
AGENCIES CONTACTED:
Department of Information Technology