KLS Keeping Law Simple Legislation in plain English

Straight-ahead summaries built from the official bill text. We keep the source links front and center and leave the decision up to you.

Back to Wyoming

HB0184 • 2023

ETS-information security division.

AN ACT relating to the administration of government; clarifying duties of the department of enterprise technology services; creating and providing duties for the division of information security within the department of enterprise technology services; creating positions; making conforming amendments; requiring reporting; providing rulemaking authority; and providing for effective dates.

Budget Technology
Did Not Pass

The latest official action shows that this bill did not move forward in that session.

Sponsor
Appropriations
Last action
2023-02-06
Official status
inactive
Effective date
3/1/2023

Plain English Breakdown

The official source material does not provide a detailed summary or digest text, which limits the ability to verify certain claims.

Creating an Information Security Division

This act establishes an information security division within the Department of Enterprise Technology Services to assist state agencies in adhering to cybersecurity policies and regulations.

What This Bill Does

  • Creates a new division called the Cybersecurity Division inside the Department of Enterprise Technology Services.
  • Appoints a State Chief Information Security Officer who will lead this new division.
  • Gives the division responsibilities like providing technical support for security incidents, analyzing threats, and helping agencies with risk assessments.
  • Requires the State Chief Information Security Officer to report annually on how well state agencies are following cybersecurity rules.

Who It Names or Affects

  • The Department of Enterprise Technology Services
  • State agencies that use technology and need to follow cybersecurity policies

Terms To Know

Incident
An occurrence that actually or imminently jeopardizes the integrity, confidentiality, or availability of information or an information system.
Information Security
Protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction to ensure integrity, confidentiality, and availability.

Limits and Unknowns

  • The bill did not pass and was not considered for further action.
  • It does not specify how the division will be funded.
  • Effective dates are set but depend on whether the bill passes in future sessions.

Amendments

These notes stay tied to the official amendment files and metadata from the legislature.

HB0184HS001

Standing Committee • House Appropriations Committee

Filed

Plain English: The amendment adds a condition that the department of enterprise technology services does not need to follow certain regulations when providing information technology services to entities exempt under Wyoming Statute 9-2-2904(a)(i).

  • Adds an exception to the department's duty to comply with specific regulations when providing IT services to certain exempt entities.
  • The amendment does not specify which exact regulations are being referred to, only that there is an exemption for certain entities under Wyoming Statute 9-2-2904(a)(i).

Bill History

  1. 2023-02-06 House

    H COW:H Did not consider for COW

  2. 2023-01-25 House

    H Placed on General File

  3. 2023-01-25 House

    H02 - Appropriations:Recommend Amend and Do Pass 7-0-0-0-0

  4. 2023-01-20 House

    H Introduced and Referred to H02 - Appropriations

  5. 2023-01-18 House

    H Received for Introduction

  6. 2023-01-17 LSO

    Bill Number Assigned

Current Bill Text

Read the full stored bill text 
23LSO-0309
2023
STATE OF WYOMING
23LSO-0309
Numbered
2.0

HOUSE BILL NO. HB0184

ETS-information security division.

Sponsored by: Joint Appropriations Committee

A BILL

for

AN ACT relating to the administration of government; clarifying duties of the department of enterprise technology services; creating and providing duties for the division of information security within the department of enterprise technology services; creating positions; making conforming amendments; requiring reporting; providing rulemaking authority; and providing for effective dates.

Be It Enacted by the Legislature of the State of Wyoming:

Section 1
.

W.S. 9
‑
2
‑
2908 is created to read:

9
‑
2
‑
2908.

Cybersecurity.

(a)

The state chief information officer shall appoint an administrator of the cybersecurity division, who shall act as a state chief information security officer.

The division shall possess
the mission and resources to assist in ensuring other state agencies' compliance with information security policies and regulations
. The division shall further
:

(i)

Provide timely technical assistance to operators of agency information systems regarding security incidents, including guidance on detecting and handling information security incidents;

(ii)

Compile and analyze information about incidents that threaten information security;

(iii)

Inform personnel responsible for agency information systems about current and potential information security threats and vulnerabilities; and

(iv)

Provide, as appropriate, intelligence and other information about cyber threats, vulnerabilities and incidents to agencies to assist in risk assessments conducted by agencies in accordance with their individual compliance requirements.

(b)

The state chief information security officer shall:

(i)

Develop and maintain a statewide agency information security program within the division;

(ii)

Develop and maintain information security policies, procedures and control techniques to address all applicable requirements;

(iii)

Assist senior agency officials concerning their information security responsibilities.

(c)

The state chief information security officer shall aid the head of each agency and the head of each agency shall cooperate with the state chief information security officer to:

(i)

Provide information security protections commensurate with the risk and magnitude of the harm that would result from unauthorized access, use, disclosure, disruption, modification or destruction of:

(A)

Information collected or maintained by or on behalf of the agency; and

(B)

Information systems used or operated by an agency or by a contractor of an agency or other organization on behalf of an agency
.

(ii)

Comply with the requirements of state chief information officer programs, policies, procedures, standards and guidelines to ensure that information security management processes are integrated with agency strategic, operational and budgetary planning processes;

(iii)

Provide information security for the information and systems that support the operations and assets under the control of the head of each agency, including through:

(A)

Assessing the risk and magnitude of the harm that could result from the unauthorized access, use, disclosure, disruption, modification or destruction of such information or systems;

(B)

Determining the levels of information security appropriate to protect the information and systems;

(C)

Implementing policies and procedures to cost
‑
effectively reduce risks to an acceptable level; and

(D)

Periodically testing and evaluating information security controls and techniques
and performing information security audits and assessments
to ensure that information security controls and techniques are effectively implemented and to determine any noncompliance with information security requirements.

(iv)

Ensure that sufficient division personnel are available to assist other state agencies in complying with the requirements of this section and related programs, policies, procedures, standards and guidelines.

(d)

The state chief information security officer shall report annually to the governor and the joint appropriations committee on the effectiveness of the agency information security program, including progress of remedial actions.

Section 2.

W.S. 9
‑
2
‑
2902(a) by creating a new paragraph (iii) and 9
‑
2
‑
2904(a) by creating a new paragraph (vi), by renumbering (vi) as (vii), by creating a new paragraph (viii) and by renumbering (vii) through (xi) as (ix) through (xiii) are amended to read:

9
‑
2
‑
2902.

Department divisions.

(a)

The department shall consist of the following divisions in addition to the office of the director of the department:

(iii)

Cybersecurity division.

9
‑
2
‑
2904.

Definitions.

(a)

As used in this article:

(vi)

"
Incident" means an occurrence that:

(A)

Actually or imminently jeopardizes, without lawful authority, the integrity, confidentiality or availability of information or an information system; or

(B)

Constitutes a violation or imminent threat of violation of law, security policies, security procedures or acceptable use policies.

(vi)
(vii)

"Information processing software" means all purchased, procured or developed software for use on any information technology equipment;

(viii)

"Information security" means protecting information and information systems from unauthorized access, use, disclosure, disruption, modification or destruction in order to provide:

(A)

Integrity, which means guarding against improper information modification or destruction, and includes ensuring information nonrepudiation and authenticity;

(B)

Confidentiality, which means preserving authorized restrictions on access and disclosure, including means for protecting personal privacy and proprietary information; and

(C)

Availability, which means ensuring timely and reliable access to and use of information.

(vii)
(ix)

"Information technology equipment" means all business and personal computing devices, intelligent handheld devices including tablets and smart phones, printers and other related peripheral equipment;

(viii)
(x)

"Judiciary" means the judicial department of state government established by article 2, section 1 of the Wyoming constitution;

(ix)
(xi)

"Legislature" means the legislative department of state government established by article 2, section 1 of the Wyoming constitution;

(x)
(xii)

"State chief information officer" means the person appointed in accordance with W.S. 9
‑
2
‑
2903.

The state chief information officer shall also function as the director of the department;

(xi)
(xiii)

"Telecommunications transport services" means the telecommunication transmission facilities under which voice, data and video communications are distributed between distant locations for use by state agencies, institutions and educational institutions on a shared basis.

Section 3.

The department of enterprise technology services shall promulgate rules to effectuate the requirements of this act.

Section 4
.

(a)

Except as provided in subsection (b) of this act, this act is effective July 1, 2023
.

(b)

Sections 3 and 4 of this act are effective immediately upon completion of all acts necessary for a bill to provide a law as provided by Article 3, Section 8 of the Wyoming Constitution.

(END)

1
HB0184