The bill amends various sections of Florida Statutes to strengthen the state's cybersecurity framework and improve information technology management. Key changes include exempting the state chief technology officer from the Career Service System and introducing new definitions for "data," "open data," and "enterprise digital data." The Florida Digital Service's role is expanded to include the development of enterprise IT and cybersecurity standards, and it is tasked with supporting state agencies in the use of electronic credentials. Additionally, the bill requires state agencies to report all ransomware and cybersecurity incidents to the Cybersecurity Operations Center, which must inform relevant officials and the Legislature of significant incidents within specified timeframes.

Further provisions establish new reporting requirements for the Florida Digital Service, including quarterly reports on high-risk IT projects and annual compliance assessments for state agencies. The bill also revises the membership of the Florida Cybersecurity Advisory Council, allowing for the appointment of local government and higher education representatives, and introduces the Chief Inspector General as a nonvoting member. Incident reporting requirements are modified, reducing the timeframe for reporting ransomware incidents from 12 hours to 6 hours and ensuring timely notifications of cybersecurity incidents to relevant authorities. Overall, the legislation aims to enhance Florida's cybersecurity posture and ensure better protection of digital assets across state and local governments.

Statutes affected:
S 770 Filed: 110.205, 282.0051, 282.3185, 282.319