Bill Text: TX SB717 | 2023-2024 | 88th Legislature | Introduced
Bill Title: Relating to public school cybersecurity controls and requirements and technical assistance and cybersecurity risk assessments for public schools provided by the Department of Information Resources.
Spectrum: Partisan Bill (Republican 1-0)
Status: (Introduced - Dead) 2023-03-01 - Referred to Education [SB717 Detail]
Download: Texas-2023-SB717-Introduced.html
| By: Paxton | S.B. No. 717 | |
|
|
||
|
|
||
| relating to public school cybersecurity controls and requirements | ||
| and technical assistance and cybersecurity risk assessments for | ||
| public schools provided by the Department of Information Resources. | ||
| BE IT ENACTED BY THE LEGISLATURE OF THE STATE OF TEXAS: | ||
| SECTION 1. Section 11.175(c), Education Code, is amended to | ||
| read as follows: | ||
| (c) A school district's cybersecurity policy must comply | ||
| with the cybersecurity controls and requirements adopted by the | ||
| commissioner under Section 32.351 and may not conflict with the | ||
| information security standards for institutions of higher | ||
| education adopted by the Department of Information Resources under | ||
| Chapters 2054 and 2059, Government Code. | ||
| SECTION 2. Chapter 32, Education Code, is amended by adding | ||
| Subchapter H to read as follows: | ||
| SUBCHAPTER H. CYBERSECURITY | ||
| Sec. 32.351. CYBERSECURITY CONTROLS AND REQUIREMENTS. (a) | ||
| The commissioner shall adopt cybersecurity controls and | ||
| requirements for school districts, open-enrollment charter | ||
| schools, and district and school vendors in consultation with and | ||
| as recommended by the Department of Information Resources. | ||
| (b) Each school district and open-enrollment charter school | ||
| shall implement the cybersecurity controls and requirements | ||
| adopted by the commissioner under this section. | ||
| (c) To implement this section, the agency may contract with: | ||
| (1) a regional education service center; | ||
| (2) a private entity; or | ||
| (3) a regional network security center under | ||
| Subchapter E, Chapter 2059, Government Code. | ||
| (d) The commissioner shall adopt rules as necessary to | ||
| implement this section. | ||
| (e) Not later than September 1 of each even-numbered year, | ||
| the commissioner shall review the rules adopted under this section | ||
| and amend the rules as necessary to ensure that the cybersecurity | ||
| controls and requirements continue to provide effective | ||
| cybersecurity protection for school districts and open-enrollment | ||
| charter schools. | ||
| SECTION 3. Subchapter C, Chapter 2054, Government Code, is | ||
| amended by adding Sections 2054.0561 and 2054.0595 to read as | ||
| follows: | ||
| Sec. 2054.0561. TECHNICAL ASSISTANCE FOR PUBLIC SCHOOLS. | ||
| (a) The department may provide technical assistance to school | ||
| districts and open-enrollment charter schools regarding the | ||
| implementation of cybersecurity controls, requirements, and | ||
| network operations under Sections 11.175 and 32.351, Education | ||
| Code. In providing technical assistance to districts and schools, | ||
| the department may: | ||
| (1) use services offered by third parties; | ||
| (2) procure technology and services for districts and | ||
| schools; | ||
| (3) recommend to the Legislative Budget Board that | ||
| school districts and open-enrollment charter schools migrate | ||
| services to the State Data Center located on the campus of Angelo | ||
| State University; and | ||
| (4) use the services of a regional network security | ||
| center established under Section 2059.202. | ||
| (b) The department may adopt rules as necessary to | ||
| implement this section. | ||
| Sec. 2054.0595. CYBERSECURITY RISK ASSESSMENTS FOR PUBLIC | ||
| SCHOOLS. The department may perform a cybersecurity risk | ||
| assessment of a school district or open-enrollment charter school | ||
| at the request of: | ||
| (1) the commissioner of the Texas Education Agency; | ||
| (2) the superintendent of the district or the person | ||
| who serves the function of superintendent of the school, as | ||
| applicable; or | ||
| (3) the Texas Division of Emergency Management after a | ||
| cybersecurity incident affecting the district or school. | ||
| SECTION 4. Section 2059.058(b), Government Code, is amended | ||
| to read as follows: | ||
| (b) In addition to the department's duty to provide network | ||
| security services to state agencies under this chapter, the | ||
| department by agreement may provide network security to: | ||
| (1) each house of the legislature; | ||
| (2) an agency that is not a state agency, including a | ||
| legislative agency; | ||
| (3) a political subdivision of this state, including a | ||
| county, municipality, or special district; | ||
| (4) an independent organization, as defined by Section | ||
| 39.151, Utilities Code; [ |
||
| (5) a public junior college; and | ||
| (6) an open-enrollment charter school established | ||
| under Subchapter D, Chapter 12, Education Code. | ||
| SECTION 5. Section 2059.201, Government Code, is amended to | ||
| read as follows: | ||
| Sec. 2059.201. ELIGIBLE PARTICIPATING ENTITIES. A state | ||
| agency or an entity listed in Sections 2059.058(b)(3)-(6) | ||
| [ |
||
| support and network security provided by a regional network | ||
| security center under this subchapter. | ||
| SECTION 6. Section 11.175(g), Education Code, as added by | ||
| Chapter 1045 (S.B. 1267), Acts of the 87th Legislature, Regular | ||
| Session, 2021, is repealed. | ||
| SECTION 7. Not later than March 31, 2024, the Texas | ||
| Education Agency and the Department of Information Resources shall | ||
| adopt rules necessary to implement the changes in law made by this | ||
| Act. | ||
| SECTION 8. To the extent of any conflict, this Act prevails | ||
| over another Act of the 88th Legislature, Regular Session, 2023, | ||
| relating to nonsubstantive additions to and corrections in enacted | ||
| codes. | ||
| SECTION 9. This Act takes effect September 1, 2023. | ||
