MD HB957

Local school systems must designate a cybersecurity point of contact and notify the State Chief Information Security Officer of that designation and any updates

Beginning in 2027, local school systems must comply with State minimum cybersecurity standards and conduct cybersecurity maturity assessments every 2 years, with compliance certification due to the Office of Security Management by June 30, 2027 and biennially thereafter

County boards must submit annual technology reports by August 15 (changed from November 15) that now include cybersecurity expenditures related to State minimum standards

The Office of Security Management must annually review and update State minimum cybersecurity standards, and Department information security officers must support local school systems with compliance, assessments, and remediation

Repeals the requirement that county boards prioritize digital device purchases with educational technology funds; effective July 1, 2026