Bill Text: TX HB1118 | 2021-2022 | 87th Legislature | Enrolled
Bill Title: Relating to state agency and local government compliance with cybersecurity training requirements.
Spectrum: Slight Partisan Bill (Republican 2-1)
Status: (Passed) 2021-05-18 - Effective immediately [HB1118 Detail]
Download: Texas-2021-HB1118-Enrolled.html
| H.B. No. 1118 | ||
|
|
||
| relating to state agency and local government compliance with | ||
| cybersecurity training requirements. | ||
| BE IT ENACTED BY THE LEGISLATURE OF THE STATE OF TEXAS: | ||
| SECTION 1. Subchapter A, Chapter 772, Government Code, is | ||
| amended by adding Section 772.012 to read as follows: | ||
| Sec. 772.012. COMPLIANCE WITH CYBERSECURITY TRAINING | ||
| REQUIREMENTS. (a) In this section, "local government" has the | ||
| meaning assigned by Section 2054.003. | ||
| (b) To apply for a grant under this chapter, a local | ||
| government must submit with the grant application a written | ||
| certification of the local government's compliance with the | ||
| cybersecurity training required by Section 2054.5191. | ||
| (c) On a determination by the criminal justice division | ||
| established under Section 772.006 that a local government awarded a | ||
| grant under this chapter has not complied with the cybersecurity | ||
| training required by Section 2054.5191, the local government shall | ||
| pay to this state an amount equal to the amount of the grant award. | ||
| A local government that is the subject of a determination described | ||
| by this subsection is ineligible for another grant under this | ||
| chapter until the second anniversary of the date the local | ||
| government is determined ineligible. | ||
| SECTION 2. The heading to Section 2054.5191, Government | ||
| Code, is amended to read as follows: | ||
| Sec. 2054.5191. CYBERSECURITY TRAINING REQUIRED: CERTAIN | ||
| EMPLOYEES AND OFFICIALS. | ||
| SECTION 3. Section 2054.5191, Government Code, is amended | ||
| by amending Subsections (a-1) and (b) and adding Subsections (a-2), | ||
| (e), and (f) to read as follows: | ||
| (a-1) At least once each year, a local government shall: | ||
| (1) identify local government employees and elected | ||
| and appointed officials who have access to a local government | ||
| computer system or database and use a computer to perform at least | ||
| 25 percent of the employee's or official's required duties; and | ||
| (2) require the [ |
||
| officials identified under Subdivision (1) [ |
||
| under Section 2054.519 [ |
||
| (a-2) The governing body of a local government or the | ||
| governing body's designee may deny access to the local government's | ||
| computer system or database to an individual described by | ||
| Subsection (a-1)(1) who the governing body or the governing body's | ||
| designee determines is noncompliant with the requirements of | ||
| Subsection (a-1)(2). | ||
| (b) The governing body of a local government may select the | ||
| most appropriate cybersecurity training program certified under | ||
| Section 2054.519 [ |
||
| employees and officials of the local government to complete. The | ||
| governing body shall: | ||
| (1) verify and report on the completion of a | ||
| cybersecurity training program by employees and officials of the | ||
| local government to the department; and | ||
| (2) require periodic audits to ensure compliance with | ||
| this section. | ||
| (e) The department shall develop a form for use by state | ||
| agencies and local governments in verifying completion of | ||
| cybersecurity training program requirements under this section. | ||
| The form must allow the state agency and local government to | ||
| indicate the percentage of employee completion. | ||
| (f) The requirements of Subsections (a) and (a-1) do not | ||
| apply to employees and officials who have been: | ||
| (1) granted military leave; | ||
| (2) granted leave under the federal Family and Medical | ||
| Leave Act of 1993 (29 U.S.C. Section 2601 et seq.); | ||
| (3) granted leave related to a sickness or disability | ||
| covered by workers' compensation benefits, if that employee no | ||
| longer has access to the state agency's or local government's | ||
| database and systems; | ||
| (4) granted any other type of extended leave or | ||
| authorization to work from an alternative work site if that | ||
| employee no longer has access to the state agency's or local | ||
| government's database and systems; or | ||
| (5) denied access to a local government's computer | ||
| system or database by the governing body of the local government or | ||
| the governing body's designee under Subsection (a-2) for | ||
| noncompliance with the requirements of Subsection (a-1)(2). | ||
| SECTION 4. Section 2056.002(b), Government Code, is amended | ||
| to read as follows: | ||
| (b) The Legislative Budget Board and the governor's office | ||
| shall determine the elements required to be included in each | ||
| agency's strategic plan. Unless modified by the Legislative Budget | ||
| Board and the governor's office, and except as provided by | ||
| Subsection (c), a plan must include: | ||
| (1) a statement of the mission and goals of the state | ||
| agency; | ||
| (2) a description of the indicators developed under | ||
| this chapter and used to measure the output and outcome of the | ||
| agency; | ||
| (3) identification of the groups of people served by | ||
| the agency, including those having service priorities, or other | ||
| service measures established by law, and estimates of changes in | ||
| those groups expected during the term of the plan; | ||
| (4) an analysis of the use of the agency's resources to | ||
| meet the agency's needs, including future needs, and an estimate of | ||
| additional resources that may be necessary to meet future needs; | ||
| (5) an analysis of expected changes in the services | ||
| provided by the agency because of changes in state or federal law; | ||
| (6) a description of the means and strategies for | ||
| meeting the agency's needs, including future needs, and achieving | ||
| the goals established under Section 2056.006 for each area of state | ||
| government for which the agency provides services; | ||
| (7) a description of the capital improvement needs of | ||
| the agency during the term of the plan and a statement, if | ||
| appropriate, of the priority of those needs; | ||
| (8) identification of each geographic region of this | ||
| state, including the Texas-Louisiana border region and the | ||
| Texas-Mexico border region, served by the agency, and if | ||
| appropriate the agency's means and strategies for serving each | ||
| region; | ||
| (9) a description of the training of the agency's | ||
| contract managers under Section 656.052; | ||
| (10) an analysis of the agency's expected expenditures | ||
| that relate to federally owned or operated military installations | ||
| or facilities, or communities where a federally owned or operated | ||
| military installation or facility is located; | ||
| (11) an analysis of the strategic use of information | ||
| resources as provided by the instructions prepared under Section | ||
| 2054.095; [ |
||
| (12) a written certification of the agency's | ||
| compliance with the cybersecurity training required under Sections | ||
| 2054.5191 and 2054.5192; and | ||
| (13) other information that may be required. | ||
| SECTION 5. Section 2054.519(f), Government Code, as added | ||
| by Chapter 1308 (H.B. 3834), Acts of the 86th Legislature, Regular | ||
| Session, 2019, is repealed. | ||
| SECTION 6. (a) Section 772.012, Government Code, as added | ||
| by this Act, applies only to a grant application submitted by a | ||
| local government on or after September 1, 2021. | ||
| (b) Section 2056.002(b), Government Code, as amended by | ||
| this Act, applies only to a strategic plan submitted by a state | ||
| agency on or after January 1, 2022. | ||
| SECTION 7. This Act takes effect immediately if it receives | ||
| a vote of two-thirds of all the members elected to each house, as | ||
| provided by Section 39, Article III, Texas Constitution. If this | ||
| Act does not receive the vote necessary for immediate effect, this | ||
| Act takes effect September 1, 2021. | ||
| ______________________________ | ______________________________ | |
| President of the Senate | Speaker of the House | |
| I certify that H.B. No. 1118 was passed by the House on April | ||
| 8, 2021, by the following vote: Yeas 149, Nays 0, 1 present, not | ||
| voting; and that the House concurred in Senate amendments to H.B. | ||
| No. 1118 on May 5, 2021, by the following vote: Yeas 143, Nays 0, 1 | ||
| present, not voting. | ||
| ______________________________ | ||
| Chief Clerk of the House | ||
| I certify that H.B. No. 1118 was passed by the Senate, with | ||
| amendments, on April 29, 2021, by the following vote: Yeas 31, | ||
| Nays 0. | ||
| ______________________________ | ||
| Secretary of the Senate | ||
| APPROVED: __________________ | ||
| Date | ||
| __________________ | ||
| Governor | ||
