The proposed bill would update current statutes by granting the National Guard of Arizona the authority to conduct cybersecurity assessments, including penetration testing and vendor-capability verification, as part of its cyberattack prevention and response activities. This addition to the National Guard's responsibilities is significant as it currently lacks explicit authority for such assessments. The bill also requires the Adjutant General to include a report on these activities in their annual report, thereby enhancing transparency and accountability in cybersecurity efforts.

Additionally, the bill introduces a new section, 26-108, which mandates that the Department of Emergency and Military Affairs' cybersecurity team assess technology products requested by the legislative branch, including penetration testing and compliance verifications. It establishes a seven-year data encryption and cybersecurity study to be implemented by the Arizona Department of Homeland Security, with specific requirements for encryption systems to be U.S.-owned and compliant with Department of Defense-level security. The bill also allows for ongoing audits and reporting on the encryption system's effectiveness, with certain cybersecurity study requirements set to be repealed after July 1, 2034, streamlining the legislative framework surrounding cybersecurity in Arizona.

Statutes affected:
House Engrossed Version: 26-108