Florida Senate - 2024 CS for CS for CS for SB 1662
By the Committee on Appropriations; the Appropriations Committee
on Agriculture, Environment, and General Government; the
Committee on Governmental Oversight and Accountability; and
Senator Collins
576-03801-24 20241662c3
1 A bill to be entitled
2 An act relating to cybersecurity; amending s.
3 287.0591, F.S.; providing that certain firms are
4 disqualified from being awarded specified state
5 contracts if certain conditions exist; amending s.
6 1004.444, F.S.; providing that the Florida Center for
7 Cybersecurity may also be referred to as “Cyber
8 Florida”; providing that the center is established
9 under the direction of the president of the University
10 of South Florida, or his or her designee; revising the
11 mission and goals of the center; authorizing the
12 center to take certain actions relating to certain
13 initiatives; requiring the Department of Management
14 Services to contract with an independent verification
15 and validation provider for specified services for all
16 agency staff and vendor work to implement the
17 enterprise cybersecurity resiliency program; requiring
18 such provider to complete an assessment of the current
19 program by a specified date; requiring that the
20 assessment include recommendations based on certain
21 evaluations; requiring that the contract require that
22 monthly reports and deliverables be simultaneously
23 provided to specified entities and parties; providing
24 an effective date.
25
26 Be It Enacted by the Legislature of the State of Florida:
27
28 Section 1. Subsection (7) is added to section 287.0591,
29 Florida Statutes, to read:
30 287.0591 Information technology; vendor disqualification.—
31 (7) To protect the state’s digital infrastructure from
32 foreign invasion and digital terrorism, if a firm registered
33 with the state’s information technology state term contract or
34 any firm performing information technology, systems integration,
35 digital solution engineering, or technology management
36 consulting work for state agencies has been found to have shared
37 security information, including, but not limited to, login and
38 password credentials, with companies or individuals in non
39 United States Trade Agreements Act compliant nations without the
40 prior written consent of the contracting governmental client in
41 dealings with state or federal contracts in the United States or
42 its territories in the past 7 years, the firm must be
43 disqualified from being awarded any state contract for work to
44 be performed for the state, any special district, or any
45 municipal subdivision.
46 Section 2. Section 1004.444, Florida Statutes, is amended
47 to read:
48 1004.444 Florida Center for Cybersecurity.—
49 (1) The Florida Center for Cybersecurity, which may also be
50 referred to as “Cyber Florida,” is established within the
51 University of South Florida, under the direction of the
52 president of the university or the president’s designee.
53 (2) The mission and goals of the center are to:
54 (a) Position Florida as the national leader in
55 cybersecurity and its related workforce primarily through
56 advancing and funding education and, research and development
57 initiatives in cybersecurity and related fields, with a
58 secondary emphasis on, and community engagement and
59 cybersecurity awareness.
60 (b) Assist in the creation of jobs in the state’s
61 cybersecurity industry and enhance the existing cybersecurity
62 workforce through education, research, applied science, and
63 engagements and partnerships with the private and military
64 sectors.
65 (c) Act as a cooperative facilitator for state business and
66 higher education communities to share cybersecurity knowledge,
67 resources, and training.
68 (d) Seek out research and development agreements and other
69 partnerships with major military installations and affiliated
70 contractors to assist, when possible, in homeland cybersecurity
71 defense initiatives.
72 (e) Attract cybersecurity companies and jobs to this the
73 state, with an emphasis on the defense, finance, health care,
74 transportation, and utility sectors.
75 (f) Conduct, fund, and facilitate research and applied
76 science that leads to the creation of new technologies and
77 software packages that have military and civilian applications
78 and that can be transferred for military and homeland defense
79 purposes or for sale or use in the private sector.
80 (3) Upon receiving a request for assistance from the
81 Department of Management Services, the Florida Digital Service,
82 or another state agency, the center is authorized, but may not
83 be compelled by the agency, to conduct, consult on, or otherwise
84 assist any state-funded initiatives related to:
85 (a) Cybersecurity training, professional development, and
86 education for state and local government employees, including
87 school districts and the judicial branch; and
88 (b) Increasing the cybersecurity effectiveness of the
89 state’s and local governments’ technology platforms and
90 infrastructure, including school districts and the judicial
91 branch.
92 Section 3. (1) In order to ensure the use of best practices
93 and seamless functionality within the enterprise, the Department
94 of Management Services shall contract with an independent
95 verification and validation (IV&V) provider to provide IV&V
96 services for all agency staff and vendor work needed to
97 implement the enterprise cybersecurity resiliency program.
98 (2) The IV&V provider shall complete an assessment of the
99 current program by December 1, 2024. The assessment must
100 include, but need not be limited to, recommendations based on
101 the evaluation of:
102 (a) The use of Cybersecurity Operations Center tools
103 relative to their inherent capabilities to enhance efficiency
104 and effectiveness;
105 (b) The existing processes to identify and address
106 inefficiencies and areas requiring improvement;
107 (c) The interoperability among different systems to ensure
108 compatibility and facilitate smooth data exchange;
109 (d) The alignment of strategic initiatives and resource
110 allocation with organizational objectives; and
111 (e) The effectiveness of established communication channels
112 to facilitate collaboration and dissemination of information
113 across state entities.
114 (3) The IV&V contract must require that monthly reports and
115 deliverables be simultaneously provided to the Department of
116 Management Services, the Executive Office of the Governor’s
117 Office of Policy and Budget, the chair of the Senate
118 Appropriations Committee, and the chair of the House of
119 Representatives Appropriations Committee.
120 Section 4. This act shall take effect July 1, 2024.