Florida Senate - 2026                                    SB 1522
       
       
        
       By Senator Rodriguez
       
       
       
       
       
       40-01439-26                                           20261522__
    1                        A bill to be entitled                      
    2         An act relating to security of state information
    3         technology systems; creating s. 282.3187, F.S.;
    4         requiring state agencies to deploy certain cloud
    5         native cybersecurity platforms; requiring state
    6         agencies to use platforms that meet specified
    7         criteria; requiring the state chief information
    8         officer to brief legislative committees on specified
    9         information by a specified date; providing an
   10         effective date.
   11          
   12  Be It Enacted by the Legislature of the State of Florida:
   13  
   14         Section 1. Section 282.3187, Florida Statutes, is created
   15  to read:
   16         282.3187 Security of state technology systems.—
   17         (1) As the state continues to implement its cloud-first
   18  policy and transition agency applications and datasets into
   19  modern cloud environments, each state agency shall deploy cloud
   20  native cybersecurity platforms designed to safeguard cloud and
   21  hybrid infrastructure.
   22         (2) State agencies shall use platforms that:
   23         (a) Provide unified visibility across multi-cloud and
   24  hybrid environments;
   25         (b) Enable continuous posture management, misconfiguration
   26  detection, and automated risk prioritization to reduce cloud
   27  attack surface;
   28         (c) Support secure cloud application development, including
   29  code-to-runtime protection;
   30         (d) Deliver real-time threat detection and response within
   31  cloud workloads and identities; and
   32         (e) Provide automated compliance monitoring across state
   33  and federal cybersecurity frameworks.
   34         (3) By October 1, 2026, the state chief information officer
   35  shall brief the appropriate committees of the Legislature on all
   36  of the following:
   37         (a) The state’s progress in continuously monitoring the
   38  security of all cloud, on-premises, and hybrid application
   39  environments.
   40         (b) The identification of systemic risks and
   41  misconfigurations across agency cloud deployments.
   42         (c) The development of a future artificial intelligence
   43  security roadmap, including recommendations for securing
   44  artificial intelligence systems, models, and automated
   45  decisionmaking tools used by state agencies.
   46         Section 2. This act shall take effect July 1, 2026.