Bill Text: TX HB3834 | 2019-2020 | 86th Legislature | Enrolled
Bill Title: Relating to the requirement that certain state and local government employees and state contractors complete a cybersecurity training program certified by the Department of Information Resources.
Spectrum: Partisan Bill (Republican 2-0)
Status: (Passed) 2019-06-14 - Effective immediately [HB3834 Detail]
Download: Texas-2019-HB3834-Enrolled.html
| H.B. No. 3834 | ||
|
|
||
| relating to the requirement that certain state and local government | ||
| employees and state contractors complete a cybersecurity training | ||
| program certified by the Department of Information Resources. | ||
| BE IT ENACTED BY THE LEGISLATURE OF THE STATE OF TEXAS: | ||
| SECTION 1. The heading to Subchapter N-1, Chapter 2054, | ||
| Government Code, is amended to read as follows: | ||
| SUBCHAPTER N-1. [ |
||
| SECTION 2. Section 2054.518(a), Government Code, is amended | ||
| to read as follows: | ||
| (a) The department shall develop a plan to address | ||
| cybersecurity risks and incidents in this state. The department | ||
| may enter into an agreement with a national organization, including | ||
| the National Cybersecurity Preparedness Consortium, to support the | ||
| department's efforts in implementing the components of the plan for | ||
| which the department lacks resources to address internally. The | ||
| agreement may include provisions for: | ||
| (1) [ |
||
|
|
||
|
|
||
|
|
||
| [ |
||
|
|
||
|
|
||
| [ |
||
|
|
||
|
|
||
|
|
||
|
|
||
| [ |
||
| support preparedness for and response to cybersecurity risks and | ||
| incidents; | ||
| (2) [ |
||
| simulation exercises for state agencies to encourage coordination | ||
| in defending against and responding to cybersecurity risks and | ||
| incidents; | ||
| (3) [ |
||
| cybersecurity information-sharing programs to disseminate | ||
| information related to cybersecurity risks and incidents; and | ||
| (4) [ |
||
| incident prevention and response methods into existing state | ||
| emergency plans, including continuity of operation plans and | ||
| incident response plans. | ||
| SECTION 3. Subchapter N-1, Chapter 2054, Government Code, | ||
| is amended by adding Sections 2054.519, 2054.5191, and 2054.5192 to | ||
| read as follows: | ||
| Sec. 2054.519. STATE CERTIFIED CYBERSECURITY TRAINING | ||
| PROGRAMS. (a) The department, in consultation with the | ||
| cybersecurity council established under Section 2054.512 and | ||
| industry stakeholders, shall annually: | ||
| (1) certify at least five cybersecurity training | ||
| programs for state and local government employees; and | ||
| (2) update standards for maintenance of certification | ||
| by the cybersecurity training programs under this section. | ||
| (b) To be certified under Subsection (a), a cybersecurity | ||
| training program must: | ||
| (1) focus on forming information security habits and | ||
| procedures that protect information resources; and | ||
| (2) teach best practices for detecting, assessing, | ||
| reporting, and addressing information security threats. | ||
| (c) The department may identify and certify under | ||
| Subsection (a) training programs provided by state agencies and | ||
| local governments that satisfy the training requirements described | ||
| by Subsection (b). | ||
| (d) The department may contract with an independent third | ||
| party to certify cybersecurity training programs under this | ||
| section. | ||
| (e) The department shall annually publish on the | ||
| department's Internet website the list of cybersecurity training | ||
| programs certified under this section. | ||
| (f) Notwithstanding Subsection (a), a local government that | ||
| employs a dedicated information resources cybersecurity officer | ||
| may offer to its employees a cybersecurity training program that | ||
| satisfies the requirements described by Subsection (b). | ||
| Sec. 2054.5191. CYBERSECURITY TRAINING REQUIRED: CERTAIN | ||
| EMPLOYEES. (a) Each state agency shall identify state employees | ||
| who use a computer to complete at least 25 percent of the employee's | ||
| required duties. At least once each year, an employee identified by | ||
| the state agency and each elected or appointed officer of the agency | ||
| shall complete a cybersecurity training program certified under | ||
| Section 2054.519. | ||
| (a-1) At least once each year, a local government shall | ||
| identify local government employees who have access to a local | ||
| government computer system or database and require those employees | ||
| and elected officials of the local government to complete a | ||
| cybersecurity training program certified under Section 2054.519 or | ||
| offered under Section 2054.519(f). | ||
| (b) The governing body of a local government may select the | ||
| most appropriate cybersecurity training program certified under | ||
| Section 2054.519 or offered under Section 2054.519(f) for employees | ||
| of the local government to complete. The governing body shall: | ||
| (1) verify and report on the completion of a | ||
| cybersecurity training program by employees of the local government | ||
| to the department; and | ||
| (2) require periodic audits to ensure compliance with | ||
| this section. | ||
| (c) A state agency may select the most appropriate | ||
| cybersecurity training program certified under Section 2054.519 | ||
| for employees of the state agency. The executive head of each state | ||
| agency shall verify completion of a cybersecurity training program | ||
| by employees of the state agency in a manner specified by the | ||
| department. | ||
| (d) The executive head of each state agency shall | ||
| periodically require an internal review of the agency to ensure | ||
| compliance with this section. | ||
| Sec. 2054.5192. CYBERSECURITY TRAINING REQUIRED: CERTAIN | ||
| STATE CONTRACTORS. (a) In this section, "contractor" includes a | ||
| subcontractor, officer, or employee of the contractor. | ||
| (b) A state agency shall require any contractor who has | ||
| access to a state computer system or database to complete a | ||
| cybersecurity training program certified under Section 2054.519 as | ||
| selected by the agency. | ||
| (c) The cybersecurity training program must be completed by | ||
| a contractor during the term of the contract and during any renewal | ||
| period. | ||
| (d) Required completion of a cybersecurity training program | ||
| must be included in the terms of a contract awarded by a state | ||
| agency to a contractor. | ||
| (e) A contractor required to complete a cybersecurity | ||
| training program under this section shall verify completion of the | ||
| program to the contracting state agency. The person who oversees | ||
| contract management for the agency shall: | ||
| (1) report the contractor's completion to the | ||
| department; and | ||
| (2) periodically review agency contracts to ensure | ||
| compliance with this section. | ||
| SECTION 4. Section 2054.518(c), Government Code, is | ||
| repealed. | ||
| SECTION 5. The changes in law made by this Act apply to a | ||
| contract entered into or renewed on or after the effective date of | ||
| this Act. A contract entered into or renewed before the effective | ||
| date of this Act is governed by the law in effect on the date the | ||
| contract was entered into or renewed, and the former law is | ||
| continued in effect for that purpose. | ||
| SECTION 6. This Act takes effect immediately if it receives | ||
| a vote of two-thirds of all the members elected to each house, as | ||
| provided by Section 39, Article III, Texas Constitution. If this | ||
| Act does not receive the vote necessary for immediate effect, this | ||
| Act takes effect September 1, 2019. | ||
| ______________________________ | ______________________________ | |
| President of the Senate | Speaker of the House | |
| I certify that H.B. No. 3834 was passed by the House on April | ||
| 25, 2019, by the following vote: Yeas 130, Nays 2, 1 present, not | ||
| voting; and that the House concurred in Senate amendments to H.B. | ||
| No. 3834 on May 24, 2019, by the following vote: Yeas 140, Nays 0, | ||
| 2 present, not voting. | ||
| ______________________________ | ||
| Chief Clerk of the House | ||
| I certify that H.B. No. 3834 was passed by the Senate, with | ||
| amendments, on May 22, 2019, by the following vote: Yeas 31, Nays | ||
| 0. | ||
| ______________________________ | ||
| Secretary of the Senate | ||
| APPROVED: __________________ | ||
| Date | ||
| __________________ | ||
| Governor | ||
