Read the full stored bill text
S. B. No. 2654 *SS08/R1242SG* ~ OFFICIAL ~ G1/2
26/SS08/R1242SG
PAGE 1
To: Technology
MISSISSIPPI LEGISLATURE REGULAR SESSION 2026
By: Senator(s) Williams, Blackmon
SENATE BILL NO. 2654
(As Sent to Governor)
AN ACT TO CREATE A STATE SECURITY OPERATIONS CENTER (SSOC) 1
WITHIN THE MISSISSIPPI DEPARTMENT OF INFORMATION TECHNOLOGY 2
SERVICES; TO PROVIDE SERVICES RENDERED BY THE CENTER; TO PROVIDE 3
THE DUTIES AND RESPONSIBILITIES OF THE SSOC; TO OUTLINE THE 4
RESPONSIBILITIES OF AGENCIES; TO GRANT THE EXECUTIVE DIRECTOR OF 5
THE DEPARTMENT CERTAIN ENFORCEMENT POWERS; TO AUTHORIZE THE SSOC 6
TO COLLABORATE WITH CERTAIN PARTIES; TO ESTABLISH AN ANNUAL 7
REPORTING REQUIREMENT; TO AUTHORIZE THE EXECUTIVE DIRECTOR OF THE 8
DEPARTMENT TO ADOPT RULES, STANDARDS AND PROCEDURES NECESSARY TO 9
CARRY OUT THIS ACT; TO CREATE CERTAIN LIMITATIONS; AND FOR RELATED 10
PURPOSES. 11
BE IT ENACTED BY THE LEGISLATURE OF THE STATE OF MISSISSIPPI: 12
SECTION 1. (1) There is created within the Mississippi 13
Department of Information Technology Services (ITS), a State 14
Security Operations Center (SSOC). The SSOC shall operate under 15
the leadership of the Executive Director of ITS and in direct 16
coordination with the Enterprise Security Program established 17
under Section 25-53-201. The SSOC is intended to serve as the 18
operational arm of statewide cybersecurity, complementing but not 19
supplanting the strategic, regulatory and governance authorities 20
already granted under Section 25-53-201. 21
S. B. No. 2654 *SS08/R1242SG* ~ OFFICIAL ~
26/SS08/R1242SG
PAGE 2
(2) The SSOC shall provide centralized statewide 22
cybersecurity operations, including: 23
(a) Continuous monitoring, alerting, threat detection 24
and analysis of state cyberinfrastructure, as defined by ITS; 25
(b) Operational incident response and mitigation; 26
(c) Security orchestration, automation and response 27
functions; 28
(d) Technical support to the Enterprise Security 29
Program regarding enforcement of statewide cybersecurity 30
requirements; and 31
(e) Operational execution of certain responsibilities 32
assigned to ITS under Section 25-53-201. 33
SECTION 2. The SSOC shall: 34
(a) Develop operational cybersecurity procedures to 35
support policies adopted under Section 25-53-201; 36
(b) Provide centralized monitoring, threat 37
intelligence, vulnerability identification and incident response 38
services to all state agencies subject to Section 25-53-201; 39
(c) Coordinate with the Enterprise Security Program to 40
ensure statewide standards and controls are technically 41
implemented and enforced; 42
(d) Notify state agencies of active or emerging cyber 43
threats; 44
(e) Support agencies in the containment, eradication 45
and recovery from cybersecurity incidents; and 46
S. B. No. 2654 *SS08/R1242SG* ~ OFFICIAL ~
26/SS08/R1242SG
PAGE 3
(f) Provide technical support for statewide penetration 47
testing, security validation and continuous monitoring activities 48
required under Section 25-53-201. 49
SECTION 3. (1) All state agencies subject to Section 50
25-53-201 shall: 51
(a) Comply with all cybersecurity policies, standards 52
and controls established under Section 25-53-201; 53
(b) Report suspected cybersecurity incidents to both 54
the Enterprise Security Program and the SSOC within timeframes set 55
by ITS; 56
(c) Cooperate with SSOC monitoring, incident response 57
and vulnerability remediation efforts; and 58
(d) Implement corrective actions or risk mitigation 59
measures required by the Chief Information Security Officer (CISO) 60
under Section 25-53-201, informed by SSOC operational findings. 61
(2) The reporting requirement under this section is in 62
addition to Section 25-53-201(4). 63
SECTION 4. If an agency fails to comply with statewide 64
cybersecurity requirements under Section 25-53-201 or procedures 65
executed by the SSOC under this act, the Executive Director of ITS 66
may: 67
(a) Impose additional oversight, monitoring or 68
cybersecurity audit requirements; 69
(b) Temporarily limit access to ITS-managed systems or 70
services until compliance is restored; or 71
S. B. No. 2654 *SS08/R1242SG* ~ OFFICIAL ~
26/SS08/R1242SG
PAGE 4
(c) Assess additional fees for increased monitoring, 72
remediation or risk exposure. 73
SECTION 5. (1) The SSOC is authorized to collaborate with: 74
(a) The Mississippi Office of Homeland Security; 75
(b) Federal cybersecurity centers and public-sector 76
threat-intelligence partners; and 77
(c) Any other entity necessary to execute operational 78
cybersecurity responsibilities. 79
(2) Additionally, the SSOC is authorized to collaborate with 80
Mississippi's public universities and community colleges, to 81
develop a Cybersecurity Talent Pipeline Program to support the 82
statewide cybersecurity workforce. 83
SECTION 6. On or before January 1 of each year, the SSOC 84
shall submit to the Executive Director of ITS, the Governor, the 85
Lieutenant Governor, the Speaker of the House and the ITS Board a 86
report that includes: 87
(a) Operational performance and activities for the 88
preceding year; 89
(b) A summary of statewide cybersecurity incidents and 90
the SSOC's response actions; 91
(c) Operational challenges and resource needs; and 92
(d) Goals and priorities for the coming year. 93
SECTION 7. The Executive Director of ITS may adopt rules, 94
standards and procedures necessary to carry out this act. 95
SECTION 8. Nothing in this act shall: 96
S. B. No. 2654 *SS08/R1242SG* ~ OFFICIAL ~
26/SS08/R1242SG
PAGE 5
ST: State Security Operations Center; create
within the Mississippi Department of Information
Technology Services.
(a) Modify or reduce the statewide cybersecurity 97
authorities or responsibilities granted under Section 25-53-201; 98
(b) Limit the authority of the Chief Information 99
Security Officer; or 100
(c) Affect the governance, policy-making or regulatory 101
functions of the Enterprise Security Program. 102
SECTION 9. This act shall take effect and be in force from 103
and after July 1, 2026. 104