The proposed bill would update current statutes by introducing new provisions that establish a comprehensive cybersecurity framework for state agencies, specifically focusing on the implementation of post-quantum encryption (PQE) systems. It mandates that any state agency processing, storing, or transmitting sensitive data must utilize PQE that meets or exceeds CMMC 2.0 standards. The bill also designates the Auditor General as the custodian of the master encryption key, outlining their responsibilities for secure key management and compliance audits. Additionally, it requires state agencies to validate the operational effectiveness of their cybersecurity systems and prohibits them from retaining sole custody of encryption keys.

Furthermore, the bill includes new accountability measures, such as the requirement for a joint resolution in the corrective action plan for noncompliant agencies, and emphasizes the procurement of cybersecurity systems from U.S.-based vendors. It introduces definitions for key terms relevant to the new requirements and streamlines existing language for clarity. Overall, these updates aim to enhance the cybersecurity posture of state agencies by establishing rigorous standards, oversight mechanisms, and ensuring adherence to regulatory requirements.