This bill mandates the secretary of state to establish a public vulnerability disclosure program for election systems, enhancing the security of voter registration and election processes. The program must align with the guidelines from the "Guide to Vulnerability Reporting for America's Election Administrators" published by the Cybersecurity and Infrastructure Security Agency. The secretary of state is required to implement this program within 180 days of the bill's effective date, which includes oversight from the cybersecurity advisory committee. The program will cover critical information technology systems related to elections, such as the centralized voter registration database and user interfaces for various election officials and voters.

Additionally, the bill outlines the responsibilities of the secretary of state in addressing identified security vulnerabilities, allowing a reasonable period for corrective measures before public disclosure. If vulnerabilities remain unresolved beyond the agreed remediation period, the cybersecurity advisory committee will decide on the necessity of disclosure to protect election security. The bill also introduces a new paragraph in RSA 21-R:16, assigning the cybersecurity advisory committee the duty to oversee the vulnerability disclosure program. The act will take effect immediately upon passage.

Statutes affected:
Introduced: 652:23, 21-R:16
As Amended by the House: 652:23, 21-R:16