| 1 | 1 | | S.B. No. 621 |
|---|
| 2 | 2 | | |
|---|
| 3 | 3 | | |
|---|
| 4 | 4 | | AN ACT |
|---|
| 5 | 5 | | relating to the position of chief information security officer in |
|---|
| 6 | 6 | | the Department of Information Resources. |
|---|
| 7 | 7 | | BE IT ENACTED BY THE LEGISLATURE OF THE STATE OF TEXAS: |
|---|
| 8 | 8 | | SECTION 1. Subchapter N-1, Chapter 2054, Government Code, |
|---|
| 9 | 9 | | is amended by adding Section 2054.510 to read as follows: |
|---|
| 10 | 10 | | Sec. 2054.510. CHIEF INFORMATION SECURITY OFFICER. (a) In |
|---|
| 11 | 11 | | this section, "state information security program" means the |
|---|
| 12 | 12 | | policies, standards, procedures, elements, structure, strategies, |
|---|
| 13 | 13 | | objectives, plans, metrics, reports, services, and resources that |
|---|
| 14 | 14 | | establish the information resources security function for this |
|---|
| 15 | 15 | | state. |
|---|
| 16 | 16 | | (b) The executive director, using existing funds, shall |
|---|
| 17 | 17 | | employ a chief information security officer. |
|---|
| 18 | 18 | | (c) The chief information security officer shall oversee |
|---|
| 19 | 19 | | cybersecurity matters for this state including: |
|---|
| 20 | 20 | | (1) implementing the duties described by Section |
|---|
| 21 | 21 | | 2054.059; |
|---|
| 22 | 22 | | (2) responding to reports received under Section |
|---|
| 23 | 23 | | 2054.1125; |
|---|
| 24 | 24 | | (3) developing a statewide information security |
|---|
| 25 | 25 | | framework; |
|---|
| 26 | 26 | | (4) overseeing the development of statewide |
|---|
| 27 | 27 | | information security policies and standards; |
|---|
| 28 | 28 | | (5) collaborating with state agencies, local |
|---|
| 29 | 29 | | governmental entities, and other entities operating or exercising |
|---|
| 30 | 30 | | control over state information systems or state-controlled data to |
|---|
| 31 | 31 | | strengthen this state's cybersecurity and information security |
|---|
| 32 | 32 | | policies, standards, and guidelines; |
|---|
| 33 | 33 | | (6) overseeing the implementation of the policies, |
|---|
| 34 | 34 | | standards, and guidelines developed under Subdivisions (3) and (4); |
|---|
| 35 | 35 | | (7) providing information security leadership, |
|---|
| 36 | 36 | | strategic direction, and coordination for the state information |
|---|
| 37 | 37 | | security program; |
|---|
| 38 | 38 | | (8) providing strategic direction to: |
|---|
| 39 | 39 | | (A) the network security center established |
|---|
| 40 | 40 | | under Section 2059.101; and |
|---|
| 41 | 41 | | (B) statewide technology centers operated under |
|---|
| 42 | 42 | | Subchapter L; and |
|---|
| 43 | 43 | | (9) overseeing the preparation and submission of the |
|---|
| 44 | 44 | | report described by Section 2054.0591. |
|---|
| 45 | 45 | | SECTION 2. This Act takes effect September 1, 2023. |
|---|
| 46 | 46 | | ______________________________ ______________________________ |
|---|
| 47 | 47 | | President of the Senate Speaker of the House |
|---|
| 48 | 48 | | I hereby certify that S.B. No. 621 passed the Senate on |
|---|
| 49 | 49 | | March 23, 2023, by the following vote: Yeas 31, Nays 0; and that |
|---|
| 50 | 50 | | the Senate concurred in House amendment on May 19, 2023, by the |
|---|
| 51 | 51 | | following vote: Yeas 31, Nays 0. |
|---|
| 52 | 52 | | ______________________________ |
|---|
| 53 | 53 | | Secretary of the Senate |
|---|
| 54 | 54 | | I hereby certify that S.B. No. 621 passed the House, with |
|---|
| 55 | 55 | | amendment, on May 17, 2023, by the following vote: Yeas 143, |
|---|
| 56 | 56 | | Nays 1, one present not voting. |
|---|
| 57 | 57 | | ______________________________ |
|---|
| 58 | 58 | | Chief Clerk of the House |
|---|
| 59 | 59 | | Approved: |
|---|
| 60 | 60 | | ______________________________ |
|---|
| 61 | 61 | | Date |
|---|
| 62 | 62 | | ______________________________ |
|---|
| 63 | 63 | | Governor |
|---|