Florida Senate - 2022                        COMMITTEE AMENDMENT
       Bill No. SB 1670
       
       
       
       
       
       
                                Ì397432*Î397432                         
       
                              LEGISLATIVE ACTION                        
                    Senate             .             House              
                  Comm: RCS            .                                
                  02/09/2022           .                                
                                       .                                
                                       .                                
                                       .                                
       —————————————————————————————————————————————————————————————————




       —————————————————————————————————————————————————————————————————
       The Committee on Military and Veterans Affairs, Space, and
       Domestic Security (Hutson) recommended the following:
       
    1         Senate Amendment (with title amendment)
    2  
    3         Delete everything after the enacting clause
    4  and insert:
    5         Section 1. Paragraph (g) of subsection (3) and paragraph
    6  (i) of subsection (4) of section 282.318, Florida Statutes, are
    7  amended to read:
    8         282.318 Cybersecurity.—
    9         (3) The department, acting through the Florida Digital
   10  Service, is the lead entity responsible for establishing
   11  standards and processes for assessing state agency cybersecurity
   12  risks and determining appropriate security measures. Such
   13  standards and processes must be consistent with generally
   14  accepted technology best practices, including the National
   15  Institute for Standards and Technology Cybersecurity Framework,
   16  for cybersecurity. The department, acting through the Florida
   17  Digital Service, shall adopt rules that mitigate risks;
   18  safeguard state agency digital assets, data, information, and
   19  information technology resources to ensure availability,
   20  confidentiality, and integrity; and support a security
   21  governance framework. The department, acting through the Florida
   22  Digital Service, shall also:
   23         (g) Annually provide cybersecurity training to all state
   24  agency technology professionals and employees with access to
   25  highly sensitive information which that develops, assesses, and
   26  documents competencies by role and skill level. The training may
   27  be provided in collaboration with the Cybercrime Office of the
   28  Department of Law Enforcement, a private sector entity, or an
   29  institution of the State University System.
   30         (4) Each state agency head shall, at a minimum:
   31         (i) Provide cybersecurity awareness training to all state
   32  agency employees within in the first 30 days after commencing
   33  employment, and annually thereafter, concerning cybersecurity
   34  risks and the responsibility of employees to comply with
   35  policies, standards, guidelines, and operating procedures
   36  adopted by the state agency to reduce those risks. The training
   37  may be provided in collaboration with the Cybercrime Office of
   38  the Department of Law Enforcement, a private sector entity, or
   39  an institution of the State University System.
   40         Section 2. Section 282.3185, Florida Statutes, is created
   41  to read:
   42         282.3185Local government cybersecurity.—
   43         (1)As used in this section, the term “local government”
   44  means any county or municipality.
   45         (2)The Florida Digital Service:
   46         (a)Shall develop a basic cybersecurity practices training
   47  curriculum for local government employees. All local government
   48  employees with access to the local government’s network must
   49  complete the basic cybersecurity training within 30 days after
   50  commencing employment and annually thereafter.
   51         (b)Shall develop an advanced cybersecurity training
   52  curriculum for local governments which is consistent with the
   53  cybersecurity training required under s. 282.318(3)(g). All
   54  local government technology professionals and employees with
   55  access to highly sensitive information must complete the
   56  advanced cybersecurity training within 30 days after commencing
   57  employment and annually thereafter.
   58         (c)May provide the cybersecurity training required by this
   59  subsection in collaboration with the Cybercrime Office of the
   60  Department of Law Enforcement, a private sector entity, or an
   61  institution of the State University System.
   62         Section 3. The Legislature finds and declares that this act
   63  fulfills an important state interest.
   64         Section 4. This act shall take effect July 1, 2022.
   65  
   66  ================= T I T L E  A M E N D M E N T ================
   67  And the title is amended as follows:
   68         Delete everything before the enacting clause
   69  and insert:
   70                        A bill to be entitled                      
   71         An act relating to cybersecurity; amending s. 282.318,
   72         F.S.; requiring the Department of Management Services,
   73         acting through the Florida Digital Service, to provide
   74         annual cybersecurity training to certain persons;
   75         requiring state agency heads to annually provide
   76         cybersecurity awareness training to certain persons;
   77         creating s. 282.3185, F.S.; defining the term “local
   78         government”; requiring the Florida Digital Service to
   79         develop certain cybersecurity training curricula;
   80         requiring certain persons to complete certain training
   81         within a specified period and annually thereafter;
   82         authorizing the Florida Digital Service to provide
   83         certain training in collaboration with certain
   84         entities; providing a declaration of important state
   85         interest; providing an effective date.