The proposed bill would update current statutes by granting the National Guard of Arizona the authority to conduct cybersecurity assessments, including penetration testing and vendor-capability verification, which is a new responsibility not currently authorized. Additionally, it requires the Adjutant General to include a report on these cybersecurity activities in their annual report, thereby enhancing accountability. The bill also introduces a new section, 26-108, mandating the Department of Emergency and Military Affairs' cybersecurity team to assess technology products requested by the legislative branch, with results made public within 48 hours of completion.

Moreover, the bill establishes a seven-year data encryption and cybersecurity study to be implemented by the Arizona Department of Homeland Security, which includes specific requirements for encryption systems and emphasizes the use of U.S.-based vendors. It also sets forth criteria for proposed data encryption systems and mandates annual audits by the auditor general for seven years following implementation. The previous study requirements will be repealed by July 1, 2034, as part of the bill's efforts to strengthen Arizona's cybersecurity infrastructure and response capabilities.

Statutes affected:
House Engrossed Version: 26-108