87R2931 MWC-D
By: Paxton S.B. No. 345
A BILL TO BE ENTITLED
AN ACT
relating to state agency and local government compliance with
cybersecurity training requirements.
BE IT ENACTED BY THE LEGISLATURE OF THE STATE OF TEXAS:
SECTION 1. Subchapter A, Chapter 772, Government Code, is
amended by adding Section 772.012 to read as follows:
Sec. 772.012. COMPLIANCE WITH CYBERSECURITY TRAINING
REQUIREMENTS. (a) In this section, "local government" has the
meaning assigned by Section 2054.003.
(b) To apply for a grant under this chapter, a local
government must submit with the grant application a written
certification of the local government's compliance with the
cybersecurity training required by Section 2054.5191.
(c) On a determination by the criminal justice division
established under Section 772.006 that a local government awarded a
grant under this chapter has not complied with the cybersecurity
training required by Section 2054.5191, the local government shall
pay to this state an amount equal to the amount of the grant award.
A local government that is the subject of a determination described
by this subsection is ineligible for another grant under this
chapter until the second anniversary of the date the local
government is determined ineligible.
SECTION 2. The heading to Section 2054.5191, Government
Code, is amended to read as follows:
Sec. 2054.5191. CYBERSECURITY TRAINING REQUIRED: CERTAIN
EMPLOYEES AND OFFICIALS.
SECTION 3. Sections 2054.5191(a-1) and (b), Government
Code, are amended to read as follows:
(a-1) At least once each year, a local government shall:
(1) identify local government employees and elected
and appointed officials who have access to a local government
computer system or database and use a computer to perform at least
25 percent of the employee's or official's required duties; and
(2) require the [those] employees and [elected]
officials identified under Subdivision (1) [of the local
government] to complete a cybersecurity training program certified
under Section 2054.519 or offered under Section 2054.519(f).
(b) The governing body of a local government may select the
most appropriate cybersecurity training program certified under
Section 2054.519 or offered under Section 2054.519(f) for employees
and officials of the local government to complete. The governing
body shall:
(1) verify and report on the completion of a
cybersecurity training program by employees and officials of the
local government to the department; and
(2) require periodic audits to ensure compliance with
this section.
SECTION 4. Section 2056.002(b), Government Code, is amended
to read as follows:
(b) The Legislative Budget Board and the governor's office
shall determine the elements required to be included in each
agency's strategic plan. Unless modified by the Legislative Budget
Board and the governor's office, and except as provided by
Subsection (c), a plan must include:
(1) a statement of the mission and goals of the state
agency;
(2) a description of the indicators developed under
this chapter and used to measure the output and outcome of the
agency;
(3) identification of the groups of people served by
the agency, including those having service priorities, or other
service measures established by law, and estimates of changes in
those groups expected during the term of the plan;
(4) an analysis of the use of the agency's resources to
meet the agency's needs, including future needs, and an estimate of
additional resources that may be necessary to meet future needs;
(5) an analysis of expected changes in the services
provided by the agency because of changes in state or federal law;
(6) a description of the means and strategies for
meeting the agency's needs, including future needs, and achieving
the goals established under Section 2056.006 for each area of state
government for which the agency provides services;
(7) a description of the capital improvement needs of
the agency during the term of the plan and a statement, if
appropriate, of the priority of those needs;
(8) identification of each geographic region of this
state, including the Texas-Louisiana border region and the
Texas-Mexico border region, served by the agency, and if
appropriate the agency's means and strategies for serving each
region;
(9) a description of the training of the agency's
contract managers under Section 656.052;
(10) an analysis of the agency's expected expenditures
that relate to federally owned or operated military installations
or facilities, or communities where a federally owned or operated
military installation or facility is located;
(11) an analysis of the strategic use of information
resources as provided by the instructions prepared under Section
2054.095; [and]
(12) a written certification of the agency's
compliance with the cybersecurity training required under Sections
2054.5191 and 2054.5192; and
(13) other information that may be required.
SECTION 5. (a) Section 772.012, Government Code, as added
by this Act, applies only to a grant application submitted by a
local government on or after September 1, 2021.
(b) Section 2056.002(b), Government Code, as amended by
this Act, applies only to a strategic plan submitted by a state
agency on or after January 1, 2022.
SECTION 6. This Act takes effect immediately if it receives
a vote of two-thirds of all the members elected to each house, as
provided by Section 39, Article III, Texas Constitution. If this
Act does not receive the vote necessary for immediate effect, this
Act takes effect September 1, 2021.