PA SB373

Chief Information Officer within the Office of Administration must establish statewide IT security standards covering data classification, management, communications, and encryption, with annual reviews and authority to take over security for non-compliant agencies

All IT security purchases using taxpayer money require authorization to operate from agency heads, with risk assessments including penetration testing and social-engineered threat testing required before security audits

Independent certified security auditors must conduct information security audits of state agencies on a continuous schedule, with detailed findings kept confidential and general results published on the Office of Administration website

Creates Joint Cybersecurity Oversight Committee with approximately 25 members including legislators, agency IT officers, four Governor-appointed private cybersecurity experts, State Police, National Guard, and county commissioners representation to meet quarterly

Committee must review cybersecurity policies, discuss emerging threats, and report activities to the Governor, legislative leadership, and Court Administrator of Pennsylvania