MD SB601

Local school systems must designate a cybersecurity point of contact and notify the State Chief Information Security Officer of the designation and any updates

Beginning in 2027, local school systems must comply with State minimum cybersecurity standards and conduct cybersecurity maturity assessments every 2 years, with compliance certification due to the Office of Security Management by June 30, 2027 and biennially thereafter

County boards must submit annual reports by August 15 detailing technology spending, device/connectivity percentages, and cybersecurity expenditures related to State minimum standards

The Office of Security Management within the Department of Information Technology must annually review and update State minimum cybersecurity standards and support local school systems with compliance, assessments, and remediation

Removes the requirement that county boards prioritize digital device purchases with educational technology funds; effective date July 1, 2026