BILL NUMBER: S2671
SPONSOR: BASKIN
 
TITLE OF BILL:
An act to amend the state finance law, in relation to procurement
requirements for end point device security
 
PURPOSE:
This is a chapter amendment that makes changes to provisions of L.2024,
c.608, to amend the requirements for end point device procurement to
ensure that their procurement is consistent with relevant National
Institute of Standards and Technology (NISI) standards or guidance.
 
SUMMARY OF PROVISIONS:
Section one amends subdivision 9 of section 165 of the State Finance Law
to ensure that in procuring end point devices, such as computers, agen-
cies ensure that such devices are consistent with any relevant stand-
ards, guidelines, or guidance developed as part of the National Insti-
tute of Standards and Technology(NIST)Cybersecurity Framework. The
section also repeals language that would require each agency to update
guidelines on cybersecurity, since the Office of Information Technology
Services (ITS) is responsible for making such rules.
Section 2 is the effective date.
 
EXISTING LAW:
None.
 
JUSTIFICATION:
This legislation is a negotiated change to the underlying chapter.
 
LEGISLATIVE HISTORY:
Chapter amendment to Chapter 608 of the Laws of 2024. S.5615 and A.2833,
which passed the Assembly in May 2024 and the Senate on June.
 
FISCAL IMPLICATIONS:
None
 
EFFECTIVE DATE:
This act shall take effect on the same date and in the same manner as a
chapter of the laws of 2024 amending the state finance law relating to
procurement requirements for end point device security, as proposed in
legislative bills numbers S. 5615 and A. 2833, takes effect.