KLS Keeping Law Simple Legislation in plain English

Straight-ahead summaries built from the official bill text. We keep the source links front and center and leave the decision up to you.

Back to Mississippi

HB1727 • 2026

State Security Operations Center; create within ITS to serve as operational arm of statewide cybersecurity.

AN ACT TO CREATE A STATE SECURITY OPERATIONS CENTER (SSOC) WITHIN THE MISSISSIPPI DEPARTMENT OF INFORMATION TECHNOLOGY SERVICES; TO REQUIRE THE SSOC TO PROVIDE CENTRALIZED STATEWIDE CYBERSECURITY OPERATIONS AND TO COORDINATE WITH THE ENTERPRISE SECURITY PROGRAM TO ENSURE STATEWIDE STANDARDS AND CONTROLS ARE TECHNICALLY IMPLEMENTED AND ENFORCED; TO REQUIRE STATE AGENCIES TO REPORT SUSPECTED CYBERSECURITY INCIDENTS AND COOPERATE WITH SSOC MONITORING, INCIDENT RESPONSE AND VULNERABILITY REMEDIATION EFFORTS; TO REQUIRE SSOC TO SUBMIT ANNUAL REPORTS SUMMARIZING OPERATIONAL PERFORMANCE AND ACTIVITIES, STATEWIDE CYBERSECURITY INCIDENTS, OPERATIONAL CHALLENGES AND RESOURCE NEEDS; TO BRING FORWARD SECTION 25-53-201, MISSISSIPPI CODE OF 1972, FOR THE PURPOSE OF POSSIBLE AMENDMENT; AND FOR RELATED PURPOSES.

Technology
Did Not Pass

The latest official action shows that this bill did not move forward in that session.

Sponsor
Ford (73rd), Zuber
Last action
2026-02-03
Official status
Dead
Effective date
July 1, 20

Plain English Breakdown

The bill's status as 'Did Not Pass' means it did not become law.

Create State Security Operations Center for Cybersecurity

This bill creates a State Security Operations Center (SSOC) within the Mississippi Department of Information Technology Services to handle statewide cybersecurity operations and coordinate with other security programs.

What This Bill Does

  • Creates a State Security Operations Center (SSOC) in the Mississippi Department of Information Technology Services.
  • Requires SSOC to monitor, detect threats, respond to incidents, and enforce cybersecurity standards across state agencies.
  • Makes it mandatory for state agencies to report suspected cyber incidents and cooperate with SSOC's monitoring efforts.
  • Requires SSOC to submit annual reports summarizing its activities and challenges.

Who It Names or Affects

  • State agencies that must comply with cybersecurity policies and report incidents.
  • The Department of Information Technology Services which oversees the SSOC.

Terms To Know

Cybersecurity
Protecting computer systems from theft or damage to their hardware, software, or information
State Security Operations Center (SSOC)
A center within the Mississippi Department of Information Technology Services responsible for statewide cybersecurity operations.

Limits and Unknowns

  • The bill did not pass and was referred to committee where it died.
  • It does not specify funding sources or exact operational details beyond what is outlined in the summary.

Bill History

  1. 2026-02-03 Mississippi Legislative Bill Status System

    02/03 (H) Died In Committee

  2. 2026-01-28 Mississippi Legislative Bill Status System

    01/28 (H) DR - TSDP: TE To AP

  3. 2026-01-19 Mississippi Legislative Bill Status System

    01/19 (H) Referred To Technology;Appropriations A

Official Summary Text

State Security Operations Center; create within ITS to serve as operational arm of statewide cybersecurity.

Current Bill Text

Read the full stored bill text 
H. B. No. 1727 *HR43/R2236* ~ OFFICIAL ~ G1/2
26/HR43/R2236
PAGE 1 (ELS\KP)

To: Technology;
Appropriations A
MISSISSIPPI LEGISLATURE REGULAR SESSION 2026

By: Representatives Ford (73rd), Zuber

HOUSE BILL NO. 1727

AN ACT TO CREATE A STATE SECURITY OPERATIONS CENTER (SSOC) 1
WITHIN THE MISSISSIPPI DEPARTMENT OF INFORMATION TECHNOLOGY 2
SERVICES; TO REQUIRE THE SSOC TO PROVIDE CENTRALIZED STATEWIDE 3
CYBERSECURITY OPERATIONS AND TO COORDINATE WITH THE ENTERPRISE 4
SECURITY PROGRAM TO ENSURE STATEWIDE STANDARDS AND CONTROLS ARE 5
TECHNICALLY IMPLEMENTED AND ENFORCED; TO REQUIRE STATE AGENCIES TO 6
REPORT SUSPECTED CYBERSECURITY INCIDENTS AND COOPERATE WITH SSOC 7
MONITORING, INCIDENT RESPONSE AND VULNERABILITY REMEDIATION 8
EFFORTS; TO REQUIRE SSOC TO SUBMIT ANNUAL REPORTS SUMMARIZING 9
OPERATIONAL PERFORMANCE AND ACTIVITIES, STATEWIDE CYBERSECURITY 10
INCIDENTS, OPERATIONAL CHALLENGES AND RESOURCE NEEDS; TO BRING 11
FORWARD SECTION 25-53-201, MISSISSIPPI CODE OF 1972, FOR THE 12
PURPOSE OF POSSIBLE AMENDMENT; AND FOR RELATED PURPOSES. 13
BE IT ENACTED BY THE LEGISLATURE OF THE STATE OF MISSISSIPPI: 14
SECTION 1. (1) There is created within the Mississippi 15
Department of Information Technology Services (ITS) a State 16
Security Operations Center (SSOC). The SSOC shall operate under 17
the Executive Director of ITS and in direct coordination with the 18
Enterprise Security Program established under Section 25-53-201. 19
The SSOC is intended to serve as the operational arm of statewide 20
cybersecurity, complementing but not supplanting the strategic, 21
regulatory and governance authorities already granted under 22
Section 25-53-201. 23
H. B. No. 1727 *HR43/R2236* ~ OFFICIAL ~
26/HR43/R2236
PAGE 2 (ELS\KP)

(2) The SSOC shall provide centralized statewide 24
cybersecurity operations, including: 25
(a) Continuous monitoring, alerting, threat detection 26
and analysis of state cyberinfrastructure, as defined by ITS; 27
(b) Operational incident response and mitigation; 28
(c) Security orchestration, automation and response 29
functions; 30
(d) Technical support to the Enterprise Security 31
Program regarding enforcement of statewide cybersecurity 32
requirements; and 33
(e) Operational execution of certain responsibilities 34
assigned to ITS under Section 25-53-201. 35
(3) The SSOC shall: 36
(a) Develop operational cybersecurity procedures to 37
support policies adopted under Section 25-53-201; 38
(b) Provide centralized monitoring, threat 39
intelligence, vulnerability identification and incident response 40
services to all state agencies subject to Section 25-53-201; 41
(c) Coordinate with the Enterprise Security Program to 42
ensure statewide standards and controls are technically 43
implemented and enforced; 44
(d) Notify state agencies of active or emerging cyber 45
threats; 46
(e) Support agencies in the containment, eradication 47
and recovery from cybersecurity incidents; and 48
H. B. No. 1727 *HR43/R2236* ~ OFFICIAL ~
26/HR43/R2236
PAGE 3 (ELS\KP)

(f) Provide technical support for statewide penetration 49
testing, security validation and continuous monitoring activities 50
required under Section 25-53-201. 51
(4) All state agencies subject to Section 25-53-201 shall: 52
(a) Comply with all cybersecurity policies, standards 53
and controls established under Section 25-53-201; 54
(b) Report suspected cybersecurity incidents to both 55
the Enterprise Security Program and the SSOC within timeframes set 56
by ITS; 57
(c) Cooperate with SSOC monitoring, incident response 58
and vulnerability remediation efforts; and 59
(d) Implement corrective actions or risk mitigation 60
measures required by the Chief Information Security Officer under 61
Section 25-53-201, informed by SSOC operational findings. 62
The reporting requirement under this subsection (4) is in 63
addition to Section 25-53-201. 64
(5) If an agency fails to comply with statewide 65
cybersecurity requirements under Section 25-53-201 or procedures 66
executed by the SSOC under this section, the Executive Director of 67
ITS may: 68
(a) Impose additional oversight, monitoring or 69
cybersecurity audit requirements; 70
(b) Temporarily limit access to ITS-managed systems or 71
services until compliance is restored; or 72
H. B. No. 1727 *HR43/R2236* ~ OFFICIAL ~
26/HR43/R2236
PAGE 4 (ELS\KP)

(c) Assess additional fees for increased monitoring, 73
remediation, or risk exposure. 74
(6) The SSOC is authorized to collaborate with: 75
(a) The Mississippi Office of Homeland Security; 76
(b) Federal cybersecurity centers and public-sector 77
threat-intelligence partners; and 78
(c) Any other entity necessary to execute operational 79
cybersecurity responsibilities. 80
In addition, the SSOC may collaborate with Mississippi's 81
public universities and community colleges, to develop a 82
Cybersecurity Talent Pipeline Program to support the statewide 83
cybersecurity workforce. 84
(7) On or before January 1 of each year, the SSOC shall 85
submit to the Executive Director of ITS, Governor, Lieutenant 86
Governor, Speaker of the House and board of ITS a report that 87
includes: 88
(a) Operational performance and activities for the 89
preceding year; 90
(b) A summary of statewide cybersecurity incidents and 91
the SSOC's response actions; 92
(c) Operational challenges and resource needs; and 93
(d) Goals and priorities for the coming year. 94
(8) The Executive Director of ITS may adopt rules, standards 95
and procedures necessary to carry out this section. 96
(9) Nothing in this section shall: 97
H. B. No. 1727 *HR43/R2236* ~ OFFICIAL ~
26/HR43/R2236
PAGE 5 (ELS\KP)

(a) Modify or reduce the statewide cybersecurity 98
authorities or responsibilities granted under Section 25-53-201; 99
(b) Limit the authority of the Chief Information 100
Security Officer; or 101
(c) Affect the governance, policy-making or regulatory 102
functions of the Enterprise Security Program. 103
SECTION 2. Section 25-53-201, Mississippi Code of 1972, is 104
brought forward as follows: 105
25-53-201. (1) There is hereby established the Enterprise 106
Security Program which shall provide for the coordinated oversight 107
of the cybersecurity efforts across all state agencies, including 108
cybersecurity systems, services and the development of policies, 109
standards and guidelines. 110
(2) The Mississippi Department of Information Technology 111
Services (MDITS), in conjunction with all state agencies, shall 112
provide centralized management and coordination of state policies 113
for the security of data and information technology resources, 114
which such information shall be compiled by MDITS and distributed 115
to each participating state agency. MDITS shall: 116
(a) Serve as sole authority, within the constraints of 117
this statute, for defining the specific enterprise cybersecurity 118
systems and services to which this statute is applicable; 119
(b) Acquire and operate enterprise technology solutions 120
to provide services to state agencies when it is determined that 121
such operation will improve the cybersecurity posture in the 122
H. B. No. 1727 *HR43/R2236* ~ OFFICIAL ~
26/HR43/R2236
PAGE 6 (ELS\KP)

function of any agency, institution or function of state 123
government as a whole; 124
(c) Provide oversight of enterprise security policies 125
for state data and information technology (IT) resources 126
including, the following: 127
(i) Establishing and maintaining the security 128
standards and policies for all state data and IT resources state 129
agencies shall implement to the extent that they apply; and 130
(ii) Including the defined enterprise security 131
requirements as minimum requirements in the specifications for 132
solicitation of state contracts for procuring data and information 133
technology systems and services; 134
(d) Adhere to all policies, standards and guidelines in 135
the management of technology infrastructure supporting the state 136
data centers, telecommunications networks and backup facilities; 137
(e) Coordinate and promote efficiency and security with 138
all applicable laws and regulations in the acquisition, operation 139
and maintenance of state data, cybersecurity systems and services 140
used by agencies of the state; 141
(f) Manage, plan and coordinate all enterprise 142
cybersecurity systems under the jurisdiction of the state; 143
(g) Develop, in conjunction with agencies of the state, 144
coordinated enterprise cybersecurity systems and services for all 145
state agencies; 146
H. B. No. 1727 *HR43/R2236* ~ OFFICIAL ~
26/HR43/R2236
PAGE 7 (ELS\KP)

(h) Provide ongoing analysis of enterprise 147
cybersecurity systems and services costs, facilities and systems 148
within state government; 149
(i) Develop policies, procedures and long-range plans 150
for the use of enterprise cybersecurity systems and services; 151
(j) Form an advisory council of information security 152
officers from each state agency to plan, develop and implement 153
cybersecurity initiatives; 154
(k) Coordinate the activities of the advisory council 155
to provide education and awareness, identify cybersecurity-related 156
issues, set future direction for cybersecurity plans and policy, 157
and provide a forum for interagency communications regarding 158
cybersecurity; 159
(l) Charge respective user agencies on a reimbursement 160
basis for their proportionate cost of the installation, 161
maintenance and operation of the cybersecurity systems and 162
services; and 163
(m) Require cooperative utilization of cybersecurity 164
systems and services by aggregating users. 165
(3) Each state agency's executive director or agency head 166
shall: 167
(a) Be solely responsible for the security of all data 168
and IT resources under its purview, irrespective of the location 169
of the data or resources. Locations include data residing: 170
(i) At agency sites; 171
H. B. No. 1727 *HR43/R2236* ~ OFFICIAL ~
26/HR43/R2236
PAGE 8 (ELS\KP)

(ii) On agency real property and tangible and 172
intangible assets; 173
(iii) On infrastructure in the State Data Centers; 174
(iv) At a third-party location; 175
(v) In transit between locations; 176
(b) Ensure that an agency-wide security program is in 177
place; 178
(c) Designate an information security officer to 179
administer the agency's security program; 180
(d) Ensure the agency adheres to the requirements 181
established by the Enterprise Security Program, to the extent that 182
they apply; 183
(e) Participate in all Enterprise Security Program 184
initiatives and services in lieu of deploying duplicate services 185
specific to the agency; 186
(f) Develop, implement and maintain written agency 187
policies and procedures to ensure the security of data and IT 188
resources. The agency policies and procedures are confidential 189
information and exempt from public inspection, except that the 190
information must be available to the Office of the State Auditor 191
in performing auditing duties; 192
(g) Implement policies and standards to ensure that all 193
of the agency's data and IT resources are maintained in compliance 194
with state and federal laws and regulations, to the extent that 195
they apply; 196
H. B. No. 1727 *HR43/R2236* ~ OFFICIAL ~
26/HR43/R2236
PAGE 9 (ELS\KP)

(h) Implement appropriate cost-effective safeguards to 197
reduce, eliminate or recover from identified threats to data and 198
IT resources; 199
(i) Ensure that internal assessments of the security 200
program are conducted. The results of the internal assessments 201
are confidential and exempt from public inspection, except that 202
the information must be available to the Office of the State 203
Auditor in performing auditing duties; 204
(j) Include all appropriate cybersecurity requirements 205
in the specifications for the agency's solicitation of state 206
contracts for procuring data and information technology systems 207
and services; 208
(k) Include a general description of the security 209
program and future plans for ensuring security of data in the 210
agency long-range information technology plan; 211
(l) Participate in annual information security training 212
designed specifically for the executive director or agency head to 213
ensure that such individual has an understanding of: 214
(i) The information and information systems that 215
support the operations and assets of the agency; 216
(ii) The potential impact of common types of 217
cyber-attacks and data breaches on the agency's operations and 218
assets; 219
H. B. No. 1727 *HR43/R2236* ~ OFFICIAL ~
26/HR43/R2236
PAGE 10 (ELS\KP)

(iii) How cyber-attacks and data breaches on the 220
agency's operations and assets could impact the operations and 221
assets of other state agencies on the Enterprise State Network; 222
(iv) How cyber-attacks and data breaches occur; 223
(v) Steps to be undertaken by the executive 224
director or agency head and agency employees to protect their 225
information and information systems; and 226
(vi) The annual reporting requirements required of 227
the executive director or agency head. 228
(4) The Mississippi Department of Information Technology 229
Services shall evaluate the Enterprise Security Program. Such 230
evaluation shall include the following factors: 231
(a) Whether the Enterprise Security Program 232
incorporates nationwide best practices; 233
(b) Whether opportunities exist to centralize and 234
coordinate oversight of cybersecurity efforts across all state 235
agencies; 236
(c) A review of the minimum enterprise security 237
requirements that must be incorporated in solicitations for state 238
contracts for procuring data and information technology systems 239
and services; and 240
(d) Whether opportunities exist to expand the 241
Enterprise Security Program, including providing oversight of 242
cybersecurity efforts of those governing authorities as defined in 243
Section 25-53-3(e). 244
H. B. No. 1727 *HR43/R2236* ~ OFFICIAL ~
26/HR43/R2236
PAGE 11 (ELS\KP)

In performing such evaluation, the Mississippi Department of 245
Information Technology Services may retain experts. This 246
evaluation shall be completed by November 1, 2023. All records in 247
connection with this evaluation shall be exempt from the 248
Mississippi Public Records Act of 1983, pursuant to Section 249
25-61-11.2(f) and (k). 250
(5) For the purpose of this subsection, the following words 251
shall have the meanings ascribed herein, unless the context 252
clearly indicates otherwise: 253
(a) "Cyberattack" shall mean any attempt to gain 254
illegal access, including any data breach, to a computer, computer 255
system or computer network for purposes of causing damage, 256
disruption or harm. 257
(b) "Ransomware" shall mean a computer contaminant or 258
lock placed or introduced without authorization into a computer, 259
computer system or computer network that restricts access by an 260
authorized person to the computer, computer system, computer 261
network or any data therein under circumstances in which the 262
person responsible for the placement or introduction of the 263
ransomware demands payment of money or other consideration to 264
remove the computer contaminant, restore access to the computer, 265
computer system, computer network or data, or otherwise remediate 266
the impact of the computer contaminant or lock. 267
(c) From and after July 1, 2023, all state agencies 268
shall notify the Mississippi Department of Information Technology 269
H. B. No. 1727 *HR43/R2236* ~ OFFICIAL ~
26/HR43/R2236
PAGE 12 (ELS\KP)
ST: State Security Operations Center; create
within ITS to serve as operational arm of
statewide cybersecurity.
Services of any cyberattack or demand for payment as a result of 270
ransomware no later than the close of the next business day 271
following the discovery of such cyberattack or demand. The 272
Mississippi Department of Information Technology Services shall 273
develop a reporting format to be utilized by state agencies to 274
provide such notification. The Mississippi Department of 275
Information Technology Services shall periodically analyze all 276
such reports and attempt to identify any patterns or weaknesses in 277
the state's cybersecurity efforts. Such reports shall be exempt 278
from the Mississippi Public Records Act of 1983, pursuant to 279
Section 25-61-11.2(j). 280
SECTION 3. This act shall take effect and be in force from 281
and after July 1, 2026. 282