The bill amends the Cybersecurity Act to update the definitions, structure, and responsibilities of the Cybersecurity Office and the Cybersecurity Advisory Committee in New Mexico. Key changes include the creation of the "office of cybersecurity," which will be managed by the state chief information security officer, and the establishment of new definitions related to cybersecurity, information security, and information technology. The office will oversee cybersecurity functions for state agencies, develop minimum security standards, and create a centralized reporting process for cybersecurity incidents.

Additionally, the membership and duties of the Cybersecurity Advisory Committee are revised. The committee will now include representatives from various governmental agencies and will assist the office in developing a statewide cybersecurity plan and best practices. The security officer will chair the committee but will recuse themselves from discussions regarding their own supervision and compensation. The committee is required to meet regularly and report on the status of cybersecurity preparedness to legislative committees and the governor, with the first report due by November 30, 2023.

Statutes affected:
introduced version: 9-27A-3, 9-27A-5
RU substitute: 9-27A-2, 9-27A-3, 9-27A-5