MD HB1309

Local school systems must comply with State minimum cybersecurity standards beginning in 2026 and certify compliance to the Office of Security Management by June 30, 2026, and every 2 years thereafter

Each local school system must conduct a cybersecurity maturity assessment every 2 years and provide sufficient cybersecurity staffing as determined by the State Chief Information Security Officer

The Department of Information Technology must assign at least 3 information security officers to support local school systems with compliance, assessments, and remediation efforts

The Office of Security Management must annually review and update the State minimum cybersecurity standards, and the Office of Legislative Audits must be guided by these standards when conducting audits

County boards must submit annual reports by August 15 detailing IT staffing (including dedicated cybersecurity professionals) and cybersecurity expenditures related to State minimum standards