ASSEMBLY, No. 3542

STATE OF NEW JERSEY

218th LEGISLATURE

 

INTRODUCED MARCH 5, 2018

 


 

Sponsored by:

Assemblywoman  ANNETTE QUIJANO

District 20 (Union)

 

 

 

 

SYNOPSIS

     Requires State, county, and municipal employees and certain State contractors to complete cybersecurity awareness training.

 

CURRENT VERSION OF TEXT

     As introduced.

  


An Act requiring State, county, and municipal employees and certain State contractors to complete cybersecurity awareness training and supplementing various parts of the statutory law. 

 

     Be It Enacted by the Senate and General Assembly of the State of New Jersey:

 

     1.    All State officers and employees in a State agency in the Executive Branch and in the Judicial Branch of State government shall complete a cybersecurity awareness training program at least once in each calendar year.  An officer and employee shall verify completion of the program in the manner specified by the Chief Technology Officer, or a designee, of the New Jersey Office of Information Technology. 

     The Chief Technology Officer, or a designee, shall approve the format and content of the program.  The program shall be provided online.  The program may include content which addresses certain identified groups of officers or employees, such as those who are involved in contracting processes.

     The Chief Technology Officer shall require periodic audits by appropriate persons or agencies to ensure compliance with the requirement set forth in this section.

     As used in this section: 

     "State agency in the Executive Branch" means any of the principal departments in the Executive Branch of  State  government, and any division, board, bureau, office, commission, or other instrumentality within or created by a department, and any independent State authority, commission, instrumentality, or agency, including any public institution of higher education.

     "State officer and employee" means a person employed and compensated to serve in a full time or part time capacity.

 

     2.    All county and municipal officers and employees shall complete, at least once in each calendar year, the cybersecurity awareness training program approved by the Chief Technology Officer, or a designee, pursuant to section 1 of P.L.   , c.        (C.    ) (pending before the Legislature as this bill).  An officer and employee shall verify completion of the program to the governing body of each county and municipality, as appropriate.  The governing body of each county and municipality, as appropriate, shall report completion of the program to the Chief Technology Officer, or a designee. 

     The governing body of each county and municipality, as appropriate, shall require periodic audits by appropriate persons to ensure compliance with the requirement set forth in this section.

     As used in this section:

     "County" means any county of any class of this State, and any authority, commission, agency, or instrumentality of a county.

     "Municipality" means any city of any class, any town, township, village, or borough of this State, other than a county or a school district, and any authority, commission, agency, or instrumentality of a municipality.

 

     3.    The members of the Legislature and the State officers and employees in the Legislative Branch of State government shall complete, at least once in each calendar year, the cybersecurity awareness training program approved by the Chief Technology Officer, or a designee, pursuant to section 1 of P.L.   , c.        (C.    ) (pending before the Legislature as this bill).  A member, officer, and employee shall verify completion of the program to the Office of Legislative Services.  The Office of Legislative Services shall report completion of the program to the Chief Technology Officer, or a designee.  The President of the Senate, Speaker of the General Assembly, and Executive Director of the Office of Legislative Services shall require  periodic audits by appropriate persons to ensure compliance with the requirement set forth in this section.

 

     4.    Notwithstanding any other provision of law to the contrary, a State contractor and a subcontractor of a State contractor, and an officer and employee of the contractor and subcontractor, who has access to a computer system of the State or a database of the State shall complete the cybersecurity awareness training program approved by the Chief Technology Officer, or a designee, pursuant to section 1 of P.L.   , c.        (C.    ) (pending before the Legislature as this bill), except that the Chief Technology Officer, or a designee, may include content in the program which addresses contractors and their officers and employees.  The program shall be completed once by each contractor, subcontractor, officer, and employee during each contract period and each renewal period.

     The completion of the program shall be required by the terms and conditions of the contract or agreement awarded by the State.  Each contractor, subcontractor, officer, and employee shall verify completion of the program in the manner specified by the Chief Technology Officer, or a designee.  The State contract manager, or a designee, shall report completion of the program to the Chief Technology Officer, or a designee.  The State contract manager, or a designee, shall conduct periodic audits to ensure compliance with the requirement set forth in this section. 

     The requirement of this section shall apply to contracts awarded or renewed after the effective date of P.L.    , c.       (pending before the Legislature as this bill).

 

     5.    This act shall take effect on the 90th day following enactment, except that the Chief Technology Officer may take such anticipatory administrative action in advance as shall be necessary for the implementation of this act. 

STATEMENT

 

     This bill provides for a cybersecurity awareness training program for all State, county, and municipal officers and employees and certain State contractors.

     This bill, all State officers and employees in the Executive Branch and the Judicial Branch of State government will be required to complete a cybersecurity awareness training program in each calendar year.  The Chief Technology Officer of the Office of Information Technology will approve the format and content of the training program, which will be provided online.  The program may include content which addresses certain identified groups of officers or employees, such as those who are involved in contracting processes.  The requirement in this bill includes officers and employees of State authorities and of public institutions of higher education.

     Members of the Legislature and the officers and employees in the Legislative Branch, as well as officers and employees of the counties and municipalities in the State, will also be required to complete the program approved by the Chief Technology Officer. 

     Finally, this bill requires State contractors and subcontractors and their officers and employees who have access to the State computer system or a State database to complete the same cybersecurity awareness training program as a term and condition of the State contract, except that the Chief Technology Officer may include content in the program which addresses contractors and their officers and employees.

     The bill requires periodic audits to ensure compliance with the requirements of this bill.