CHAPTER 135
HB 519-FN - FINAL VERSION
2023 SESSION
23-0488
06/10
HOUSE BILL 519-FN
SPONSORS: Rep. Edwards, Rock. 31; Rep. Spillane, Rock. 2; Sen. Lang, Dist 2
COMMITTEE: Executive Departments and Administration
─────────────────────────────────────────────────────────────────
ANALYSIS
This bill establishes a chief information security officer for the department of information technology.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Explanation: Matter added to current law appears in bold italics.
Matter removed from current law appears [in brackets and struckthrough.]
Matter which is either (a) all new or (b) repealed and reenacted appears in regular type.
23-0488
06/10
STATE OF NEW HAMPSHIRE
In the Year of Our Lord Two Thousand Twenty Three
Be it Enacted by the Senate and House of Representatives in General Court convened:
135:1 New Paragraph; Department of Information Technology; Commissioner; Directors; Chief Information Security Officer. Amend RSA 21-R:3 by inserting after paragraph I-a the following new paragraph:
I-b. The commissioner shall appoint a chief information security officer, who shall be qualified to hold that position by reason of education and experience. The chief information security officer shall perform such duties described in RSA 21-R:4-a and as may be assigned by the commissioner, which may include, but not be limited to, the authority and power with approval of the commissioner to direct the formulation and implementation of cybersecurity and information security strategy, direction, policy, procedures, and standards across the executive branch of the state government.
135:2 Department of Information Technology; Commissioner; Directors; Compensation; Chief Information Security Officer. Amend RSA 21-R:3, III to read as follows:
III. The salaries of the commissioner, deputy commissioner, chief information security officer, and division directors shall be as specified in RSA 94:1-a.
135:3 New Paragraph; Department of Information Technology; Duties of the Commissioner; Establishing Cybersecurity Integration Center. Amend RSA 21-R:4 by inserting after paragraph XX the following new paragraph:
XXI. Establish and maintain within the department a cybersecurity integration center to serve as the unified state center for coordinating cybersecurity monitoring, sharing information, distributing cybersecurity threat analysis, and enabling situational awareness between and among executive branch agencies and departments.
135:4 New Section; Duties of the Chief Information Security Officer. Amend RSA 21-R by inserting after section 4 the following new section:
21-R:4-a Duties of the Chief Information Security Officer. The chief information security officer shall be responsible for the following:
I. Chairing the cybersecurity advisory committee.
II. Developing, publishing, maintaining, and interpreting the statewide information security manual’s policies and standards.
III. Developing, managing, and executing the statewide cyber disruption plan and an information security event response process.
IV. Staffing and training members of ESF-17 under the state emergency operations plan.
V. Identifying security requirements to limit the risks associated with identified executive branch business objectives as defined by the governor and the heads of state agencies.
VI. Providing information security subject matter expertise to the executive branch of the New Hampshire state government.
VII. Drafting and implementing an information security awareness and training program to be used by all state agencies.
VIII. Providing security metrics to track the performance of the information security program.
IX. Developing an information security governance and risk program, including, but not limited to:
(a) Coordinating and conducting risk assessments of agencies and their information assets.
(b) Conducting and managing vulnerability assessments of agency networks, applications, databases, and systems.
(c) Conducting penetration tests of agency networks, applications, databases, and systems.
(d) Conducting information security risk assessments of third parties with access to state of New Hampshire information assets.
X. Serving as the chief of the New Hampshire cyber integration center.
135:5 Effective Date. This act shall take effect 60 days after its passage.
Approved: June 30, 2023
Effective Date: August 29, 2023
| Date | Body | Type |
|---|---|---|
| Feb. 1, 2023 | House | Hearing |
| Feb. 1, 2023 | House | Floor Vote |
| March 20, 2023 | House | Exec Session |
| March 21, 2023 | House | Floor Vote |
| April 19, 2023 | Senate | Hearing |
| May 11, 2023 | Senate | Floor Vote |
| Feb. 1, 2023 | House | Exec Session |
| Feb. 1, 2023 | House | Floor Vote |
| March 20, 2023 | House | Exec Session |
| March 21, 2023 | House | Floor Vote |
March 21, 2023: Committee Report: Ought to Pass 03/21/2023 (Vote 25-0; CC)
July 12, 2023: Signed by Governor Sununu 06/30/2023; Chapter 135; Eff: 08/29/2023 HJ 17
June 21, 2023: Enrolled (in recess of) 06/15/2023 HJ 16 P. 15
June 21, 2023: Enrolled Adopted, VV, (In recess 06/15/2023); SJ 20
May 11, 2023: Ought to Pass: MA, VV; OT3rdg; 05/11/2023; SJ 14
April 20, 2023: Committee Report: Ought to Pass, 05/11/2023; Vote 5-0; CC; SC 21
April 12, 2023: Hearing: 04/19/2023, Room 103, SH, 09:30 am; SC 18
April 11, 2023: Introduced 03/30/2023 and Referred to Executive Departments and Administration; SJ 13
April 6, 2023: Ought to Pass: MA VV 04/06/2023 HJ 12
March 21, 2023: Committee Report: Ought to Pass 03/21/2023 (Vote 25-0; CC)
March 16, 2023: Executive Session: 03/20/2023 01:00 pm LOB 210-211
Feb. 16, 2023: Division Work Session: 02/21/2023 01:00 pm LOB 212
March 16, 2023: Executive Session: 03/20/2023 01:00 pm LOB 210-211
Feb. 16, 2023: Division Work Session: 02/21/2023 01:00 pm LOB 212
Feb. 7, 2023: Committee Report: Ought to Pass 02/01/2023 (Vote 18-0; CC) HC 11 P. 7
Feb. 14, 2023: Referred to Finance 02/14/2023 HJ 5
Feb. 14, 2023: Ought to Pass: MA VV 02/14/2023 HJ 5
Oct. 11, 2023: Executive Session: 02/01/2023 10:00 am LOB 306-308
Feb. 7, 2023: Committee Report: Ought to Pass 02/01/2023 (Vote 18-0; CC) HC 11 P. 7
Jan. 25, 2023: Public Hearing: 02/01/2023 10:00 am LOB 306-308
Jan. 11, 2023: Introduced (in recess of) 01/05/2023 and referred to Executive Departments and Administration HJ 3 P. 19