HI HB2755

Chief Information Officer must develop and maintain an incident response plan for each executive branch department in the State.

Incident response plans must enable departments to complete vulnerability assessments, identify potential cyber-attacks, mitigate losses from cyber-attacks, and recover quickly and efficiently from cyber-attacks.

Chief Information Officer may request assistance from other departments, agencies, and private companies inside and outside the State to carry out these cybersecurity duties.

Existing security audit authority for the Chief Information Officer remains unchanged, including the ability to contract with private firms and direct remedial actions to address insufficient controls.

Effective date: July 1, 2030.