HOUSE GOVERNMENT, ELECTIONS AND INDIAN AFFAIRS

COMMITTEE SUBSTITUTE FOR

HOUSE BILL 388

56th legislature - STATE OF NEW MEXICO - first session, 2023

 

 

 

 

 

 

 

AN ACT

RELATING TO CYBERSECURITY; CREATING THE CYBERSECURITY FUND; ESTABLISHING PURPOSES.

 

BE IT ENACTED BY THE LEGISLATURE OF THE STATE OF NEW MEXICO:

     SECTION 1. [NEW MATERIAL] CYBERSECURITY FUND--CREATED--PURPOSE.--

          A. The "cybersecurity fund" is created as a nonreverting fund in the state treasury and shall be administered by the department of information technology for the purposes stated in Subsection B of this section; provided that upon Senate Bill 280 of the first session of the fifty-sixth legislature becoming law, the fund shall be administered by the cybersecurity office in accordance with the rules adopted pursuant to Subsection C of this section. The fund consists of appropriations, bequests, distributions, donations, gifts, grants or money that otherwise accrues to the fund.

          B. Money in the cybersecurity fund shall be used for cyber attack response and recovery services of information technology systems or databases operated or owned by any branch of state government, its political subdivisions, public schools or tribal entities.

          C. Pursuant to the State Rules Act, the department of information technology, or upon Senate Bill 280 of the first session of the fifty-sixth legislature becoming law, the cybersecurity office, as applicable, shall promulgate rules to govern administration of the cybersecurity fund. The rules shall specify the:

                (1) application process for a disbursements from the fund;

                (2) criteria for disbursements from the fund;

                (3) review process for disbursement applications;

                (4) oversight process and requirements for how disbursements are used; and

                (5) requirements for reversions to the fund.

          D. Expenditures from the cybersecurity fund for cyber attack response and recovery services for:

                (1) executive state agencies, political subdivisions of the state, public schools or tribal entities shall be made on warrants drawn by the secretary of finance and administration pursuant to vouchers signed by the secretary of information technology; provided that upon Senate Bill 280 of the first session of fifty-sixth legislature becoming law, the vouchers shall be signed by the state chief information security officer;

                (2) legislative state agencies shall be made on warrants drawn by the secretary of finance and administration pursuant to vouchers signed by the director of the legislative council service; and

                (3) judicial branch state agencies shall be made on warrants drawn by the secretary of finance and administration pursuant to vouchers signed by the director of the administrative office of the courts.

- 3 -