HLS 20RS-326 ORIGINAL
2020 Regular Session
HOUSE BILL NO. 633
BY REPRESENTATIVE FREIBERG
STATE EMPLOYEES: Provides for the mandatory training in cybersecurity awareness for
all state and local employees, officials, and contractors
1 AN ACT
2To enact R.S. 42:1267, relative to cybersecurity training; to provide for the development of
3 the training; to require all public servants to receive training; to require certain
4 contractors to receive training; and to provide for related matters.
5Be it enacted by the Legislature of Louisiana:
6 Section 1. R.S. 42:1267 is hereby enacted to read as follows:
7 ยง1267. Required training; cybersecurity
8 A.(1) The Department of State Civil Service shall institute, develop, conduct,
9 and otherwise provide for training programs designed to keep state agencies safe
10 from cyberattack. The programs shall be designed to focus on forming information
11 security habits and procedures that protect information resources and teach best
12 practices for detecting, assessing, reporting, and addressing information security
13 threats. The department may make the training available as an online course. The
14 office of technology services shall provide assistance to the Department of State
15 Civil Service in the development of the training program. The cost of instituting,
16 developing, conducting, and otherwise providing cybersecurity awareness training
17 shall be paid in the manner established by R.S. 42:1262.
18 (2) The Department of State Civil Service shall make the education and
19 training on cybersecurity developed pursuant to Paragraph (1) of this Subsection
Page 1 of 3
CODING: Words in struck through type are deletions from existing law; words underscored
are additions. HLS 20RS-326 ORIGINAL
HB NO. 633
1 available to agencies within political subdivisions of the state at as minimal cost as
2 possible to assist those agencies in compliance with the provisions of this Section.
3 B.(1) Each state and local agency shall identify employees or elected
4 officials who have access to the agency's information technology assets and require
5 those employees and elected officials to complete cybersecurity training. Each new
6 state and local agency official or employee with access to the agency's information
7 technology assets shall complete this training within the first thirty days of initial
8 service or employment with the agency.
9 (2) The agency head shall verify and report on the completion of
10 cybersecurity training by agency employees. The agency head shall periodically
11 require an internal review to ensure compliance.
12 (3) An agency shall require any contractor who has access to a state or local
13 government information technology assets to complete cybersecurity training during
14 the term of the contract and during any renewal period.
15 (4) Completion of cybersecurity must be included in the terms of a contract
16 awarded by a state or local government agency to a contractor.
17 (5) The person who oversees contract management for the agency shall
18 report the contractor's completion to the agency head and periodically review agency
19 contracts to ensure compliance.
20 Section 2. This Act shall become effective upon signature by the governor or, if not
21signed by the governor, upon expiration of the time for bills to become law without signature
22by the governor, as provided by Article III, Section 18 of the Constitution of Louisiana. If
23vetoed by the governor and subsequently approved by the legislature, this Act shall become
24effective on the day following such approval.
Page 2 of 3
CODING: Words in struck through type are deletions from existing law; words underscored
are additions. HLS 20RS-326 ORIGINAL
HB NO. 633
DIGEST
The digest printed below was prepared by House Legislative Services. It constitutes no part
of the legislative instrument. The keyword, one-liner, abstract, and digest do not constitute
part of the law or proof or indicia of legislative intent. [R.S. 1:13(B) and 24:177(E)]
HB 633 Original 2020 Regular Session Freiberg
Abstract: Requires certain state agency officials and employees to complete annual
cybersecurity awareness training.
Proposed law provides that the Dept. of State Civil Service shall create and implement
cybersecurity awareness training for state and local agency officials and employees and
contractors who have access to their agency's information technology assets. Additionally
provides that each new state and local agency official or employee with such access shall
complete cybersecurity awareness training within the first 30 days of employment. The cost
of the cybersecurity awareness training shall be paid by agencies employing state classified
employees, by means of fees generated by the program, and by means of any other funds
made available to the Dept. of State Civil Service through the federal government, nonprofit
corporations, or any other source, public or private. Provides that the department shall make
the training available to local agencies at minimal cost.
Effective upon signature of governor or lapse of time for gubernatorial action.
(Adds R.S. 42:1267)
Page 3 of 3
CODING: Words in struck through type are deletions from existing law; words underscored
are additions.