The proposed bill would update current statutes by introducing a new article that establishes a statewide cybersecurity system utilizing post-quantum encryption for state agencies handling sensitive information. This new framework includes definitions for key terms such as "CMMC 2.0," "post-quantum encryption," "state agency," and "vendor," which are essential for clarity in the legislation. The bill mandates that the cybersecurity system must meet or exceed the Cybersecurity Maturity Model Certification (CMMC) 2.0 standards and requires that procurement processes adhere to the Arizona Procurement Code, with eligible vendors being U.S.-based companies that comply with stringent cybersecurity standards.

Furthermore, the bill designates the Office of the Auditor General (OAG) as the custodian of the master encryption keys, outlining their responsibilities for secure key management, compliance audits, and certification. It requires state agencies to install and maintain the encryption system while ensuring ongoing compliance with security requirements. Non-compliance could lead to corrective action plans, legislative oversight hearings, and budget restrictions. Overall, the bill aims to significantly enhance the security of state data against emerging cyber threats, particularly those related to advancements in quantum computing.