OH HB283

Political subdivisions (counties, townships, municipal corporations) must adopt a cybersecurity program consistent with NIST and Center for Internet Security best practices to safeguard data availability, confidentiality, and integrity

Ransom payments during ransomware incidents are prohibited unless the legislative authority formally approves payment through a resolution or ordinance stating why it serves the subdivision's best interest

Cybersecurity or ransomware incidents must be reported to the Division of Homeland Security within 7 days and to the Auditor of State within 30 days of discovery

All employees must receive cybersecurity training tailored to their duties, with state-provided training and Ohio Cyber Range Institute programs satisfying this requirement

Cybersecurity program documents, incident reports, and records identifying security-related software, hardware, and vendor information are exempt from public records disclosure