FL H1297

Establishes the Department of Management Services, acting through the Florida Digital Service, as the lead entity for state cybersecurity standards, processes, and oversight.

Creates the position of state chief information security officer responsible for development, operation, and oversight of cybersecurity for state technology systems and mandates notification of all confirmed or suspected incidents to the state chief information officer and Governor.

Creates the Florida Cybersecurity Advisory Council within the Department of Management Services with up to 19 members including state officials, law enforcement representatives, private sector experts, and critical infrastructure sector representatives; council must meet quarterly and submit annual legislative recommendations beginning June 30, 2022.

Requires state agency heads to designate information security managers, develop strategic and operational cybersecurity plans, conduct risk assessments every 3 years, establish incident response teams, and provide cybersecurity training to employees within 30 days of hire.

Makes portions of cybersecurity records containing network configurations, detection practices, and incident information confidential and exempt from public disclosure if disclosure would facilitate unauthorized access or system damage.