Florida Senate - 2022 COMMITTEE AMENDMENT
Bill No. SB 1670
Ì397432*Î397432
LEGISLATIVE ACTION
Senate . House
Comm: RCS .
02/09/2022 .
.
.
.
—————————————————————————————————————————————————————————————————
—————————————————————————————————————————————————————————————————
The Committee on Military and Veterans Affairs, Space, and
Domestic Security (Hutson) recommended the following:
1 Senate Amendment (with title amendment)
2
3 Delete everything after the enacting clause
4 and insert:
5 Section 1. Paragraph (g) of subsection (3) and paragraph
6 (i) of subsection (4) of section 282.318, Florida Statutes, are
7 amended to read:
8 282.318 Cybersecurity.—
9 (3) The department, acting through the Florida Digital
10 Service, is the lead entity responsible for establishing
11 standards and processes for assessing state agency cybersecurity
12 risks and determining appropriate security measures. Such
13 standards and processes must be consistent with generally
14 accepted technology best practices, including the National
15 Institute for Standards and Technology Cybersecurity Framework,
16 for cybersecurity. The department, acting through the Florida
17 Digital Service, shall adopt rules that mitigate risks;
18 safeguard state agency digital assets, data, information, and
19 information technology resources to ensure availability,
20 confidentiality, and integrity; and support a security
21 governance framework. The department, acting through the Florida
22 Digital Service, shall also:
23 (g) Annually provide cybersecurity training to all state
24 agency technology professionals and employees with access to
25 highly sensitive information which that develops, assesses, and
26 documents competencies by role and skill level. The training may
27 be provided in collaboration with the Cybercrime Office of the
28 Department of Law Enforcement, a private sector entity, or an
29 institution of the State University System.
30 (4) Each state agency head shall, at a minimum:
31 (i) Provide cybersecurity awareness training to all state
32 agency employees within in the first 30 days after commencing
33 employment, and annually thereafter, concerning cybersecurity
34 risks and the responsibility of employees to comply with
35 policies, standards, guidelines, and operating procedures
36 adopted by the state agency to reduce those risks. The training
37 may be provided in collaboration with the Cybercrime Office of
38 the Department of Law Enforcement, a private sector entity, or
39 an institution of the State University System.
40 Section 2. Section 282.3185, Florida Statutes, is created
41 to read:
42 282.3185 Local government cybersecurity.—
43 (1) As used in this section, the term “local government”
44 means any county or municipality.
45 (2) The Florida Digital Service:
46 (a) Shall develop a basic cybersecurity practices training
47 curriculum for local government employees. All local government
48 employees with access to the local government’s network must
49 complete the basic cybersecurity training within 30 days after
50 commencing employment and annually thereafter.
51 (b) Shall develop an advanced cybersecurity training
52 curriculum for local governments which is consistent with the
53 cybersecurity training required under s. 282.318(3)(g). All
54 local government technology professionals and employees with
55 access to highly sensitive information must complete the
56 advanced cybersecurity training within 30 days after commencing
57 employment and annually thereafter.
58 (c) May provide the cybersecurity training required by this
59 subsection in collaboration with the Cybercrime Office of the
60 Department of Law Enforcement, a private sector entity, or an
61 institution of the State University System.
62 Section 3. The Legislature finds and declares that this act
63 fulfills an important state interest.
64 Section 4. This act shall take effect July 1, 2022.
65
66 ================= T I T L E A M E N D M E N T ================
67 And the title is amended as follows:
68 Delete everything before the enacting clause
69 and insert:
70 A bill to be entitled
71 An act relating to cybersecurity; amending s. 282.318,
72 F.S.; requiring the Department of Management Services,
73 acting through the Florida Digital Service, to provide
74 annual cybersecurity training to certain persons;
75 requiring state agency heads to annually provide
76 cybersecurity awareness training to certain persons;
77 creating s. 282.3185, F.S.; defining the term “local
78 government”; requiring the Florida Digital Service to
79 develop certain cybersecurity training curricula;
80 requiring certain persons to complete certain training
81 within a specified period and annually thereafter;
82 authorizing the Florida Digital Service to provide
83 certain training in collaboration with certain
84 entities; providing a declaration of important state
85 interest; providing an effective date.