HLS 20RS-326 ENGROSSED
2020 Regular Session
HOUSE BILL NO. 633
BY REPRESENTATIVE FREIBERG
STATE EMPLOYEES: Provides for the mandatory training in cybersecurity awareness for
all state and local employees, officials, and contractors
1 AN ACT
2To enact R.S. 42:1267, relative to cybersecurity training; to provide for the development of
3 the training; to require all public servants to receive training; to require certain
4 contractors to receive training; and to provide for related matters.
5Be it enacted by the Legislature of Louisiana:
6 Section 1. R.S. 42:1267 is hereby enacted to read as follows:
7 ยง1267. Required training; cybersecurity
8 A.(1) The Department of State Civil Service shall institute, develop, conduct,
9 and otherwise provide for training programs designed to keep state agencies safe
10 from cyberattack. The programs shall be designed to focus on forming information
11 security habits and procedures that protect information resources and teach best
12 practices for detecting, assessing, reporting, and addressing information security
13 threats. The department may make the training available as an online course. The
14 office of technology services shall provide assistance to the Department of State
15 Civil Service in the development of the training program. The cost of instituting,
16 developing, conducting, and otherwise providing cybersecurity awareness training
17 shall be paid in the manner established by R.S. 42:1262.
18 (2) The Department of State Civil Service shall make the education and
19 training on cybersecurity developed pursuant to Paragraph (1) of this Subsection
Page 1 of 3
CODING: Words in struck through type are deletions from existing law; words underscored
are additions. HLS 20RS-326 ENGROSSED
HB NO. 633
1 available to agencies within political subdivisions of the state at as minimal cost as
2 possible to assist those agencies in compliance with the provisions of this Section.
3 B.(1) Each state and local agency shall identify employees or elected
4 officials who have access to the agency's information technology assets and require
5 those employees and elected officials to complete cybersecurity training. Each new
6 state and local agency official or employee with access to the agency's information
7 technology assets shall complete this training within the first thirty days of initial
8 service or employment with the agency.
9 (2) The agency head shall verify and report to the Department of State Civil
10 Service on the completion of cybersecurity training by agency employees. The
11 agency head shall periodically require an internal review to ensure compliance.
12 (3)(a) An agency shall require any contractor who has access to state or local
13 government information technology assets to complete cybersecurity training during
14 the term of the contract and during any renewal period.
15 (b) Completion of cybersecurity shall be included in the terms of a contract
16 awarded by a state or local government agency to a contractor who has access to its
17 information technology assets.
18 (c) The person who oversees contract management for the agency shall
19 report each such contractor's completion to the agency head and periodically review
20 agency contracts to ensure compliance.
21 (d) The agency head shall verify and report to the Department of State Civil
22 Service on the completion of cybersecurity training by each such contractor.
23 Section 2. This Act shall become effective upon signature by the governor or, if not
24signed by the governor, upon expiration of the time for bills to become law without signature
25by the governor, as provided by Article III, Section 18 of the Constitution of Louisiana. If
26vetoed by the governor and subsequently approved by the legislature, this Act shall become
27effective on the day following such approval.
Page 2 of 3
CODING: Words in struck through type are deletions from existing law; words underscored
are additions. HLS 20RS-326 ENGROSSED
HB NO. 633
DIGEST
The digest printed below was prepared by House Legislative Services. It constitutes no part
of the legislative instrument. The keyword, one-liner, abstract, and digest do not constitute
part of the law or proof or indicia of legislative intent. [R.S. 1:13(B) and 24:177(E)]
HB 633 Engrossed 2020 Regular Session Freiberg
Abstract: Requires certain state agency officials and employees to complete annual
cybersecurity awareness training.
Proposed law provides that the Dept. of State Civil Service shall create and implement
cybersecurity awareness training for state and local agency officials and employees and
contractors who have access to their agency's information technology assets. Additionally
provides that each new state and local agency official or employee with such access shall
complete cybersecurity awareness training within the first 30 days of employment. An
agency head shall verify and report to the Dept. of State Civil Service on the completion of
cybersecurity training by such agency employees and contractors. The agency head shall
periodically require an internal review to ensure compliance. The cost of the cybersecurity
awareness training shall be paid by agencies employing state classified employees, by means
of fees generated by the program, and by means of any other funds made available to the
Dept. of State Civil Service through the federal government, nonprofit corporations, or any
other source, public or private. Provides that the department shall make the training
available to local agencies at minimal cost.
Effective upon signature of governor or lapse of time for gubernatorial action.
(Adds R.S. 42:1267)
Summary of Amendments Adopted by House
The Committee Amendments Proposed by House Committee on House and
Governmental Affairs to the original bill:
1. Add provision to specify that reports on the completion of training be submitted
to the Dept. of State Civil Service.
Page 3 of 3
CODING: Words in struck through type are deletions from existing law; words underscored
are additions.