SENATE BILL 99

52nd legislature - STATE OF NEW MEXICO - first session, 2015

INTRODUCED BY

Carlos R. Cisneros and Roberto "Bobby" J. Gonzales

FOR THE REVENUE STABILIZATION AND TAX POLICY COMMITTEE

AN ACT

RELATING TO TAXATION; PROVIDING A GROSS RECEIPTS DEDUCTION FOR RECEIPTS FROM THE SALE OF CERTAIN CYBERSECURITY DEVICES.

BE IT ENACTED BY THE LEGISLATURE OF THE STATE OF NEW MEXICO:

     SECTION 1. A new section of the Gross Receipts and Compensating Tax Act is enacted to read:

     "[NEW MATERIAL] DEDUCTION--GROSS RECEIPTS--CYBERSECURITY DEVICES.--

          A. Prior to July 1, 2025, receipts from the sale of a cybersecurity device that is a port locking device, a port monitoring device or a port monitoring software application may be deducted from gross receipts.

          B. The purpose of the deduction provided by this section is to create jobs in the state in the field of cybersecurity by encouraging businesses that provide defensive barriers for protecting computer systems and networks to move to New Mexico.

          C. A taxpayer allowed a deduction pursuant to this section shall report the amount of the deduction separately in a manner required by the department.

          D. The department shall compile an annual report on the deduction provided by this section that shall include the number of taxpayers that claimed the deduction, the aggregate amount of deductions claimed and any other information necessary to evaluate the effectiveness of the deduction. Beginning in 2018 and every three years thereafter that the deduction is in effect, the department shall compile and present the annual reports to the revenue stabilization and tax policy committee and the legislative finance committee with an analysis of the effectiveness and cost of the deduction and whether the deduction is performing the purpose for which it was created.

          E. For purposes of this section:

                (1) "port locking device" means a physical device that:

                     (a) is a lock that is inserted into and blocks access to an open or unused port of a computer or portable computer device;

                     (b) can be unlocked only with a unique password; and

                     (c) meets the standards required by the Federal Information Security Management Act of 2002, as that act may be amended, for security categorization of federal information and information systems and for minimum security requirements for information and information systems supporting federal agencies and risk-based processes;

                (2) "port monitoring device" means a physical device that:

                     (a) prevents unauthorized access to a computer or portable computer device by monitoring a port of a computer or portable computer device that is in use by a removable media device;

                     (b) is a lock that is inserted into an open or unused port of a computer or portable computer device and can connect removable media to the computer or portable computer device;

                     (c) will lock the port if the removable media device is removed from the port without a password and block the port from accepting any other removable media device;

                     (d) can be unlocked only with a unique password; and

                     (e) meets the standards required by the Federal Information Security Management Act of 2002, as that act may be amended, for security categorization of federal information and information systems and for minimum security requirements for information and information systems supporting federal agencies and risk-based processes; and

                (3) "port monitoring software application" means a software application that can monitor all of the ports on a network or individual computer or portable computer device that can:

                     (a) disallow removable media when connected to a computer or portable computer device through a port;

                     (b) record the date, time, user, computer and the name, manufacturer, serial number, file name and size of the removable media;

                     (c) send notification when an unauthorized removable media device is connected to a computer or portable computer device; and

                     (d) meets the standards required by the Federal Information Security Management Act of 2002, as that act may be amended, for security categorization of federal information and information systems and for minimum security requirements for information and information systems supporting federal agencies and risk-based processes."

     SECTION 2. EFFECTIVE DATE.--The effective date of the provisions of this act is July 1, 2015.

- 4 -