2023 23LSO-0309
STATE OF WYOMING
HOUSE BILL NO. HB0184
ETS-information security division.
Sponsored by: Joint Appropriations Committee
A BILL
for
1 AN ACT relating to the administration of government;
2 clarifying duties of the department of enterprise
3 technology services; creating and providing duties for the
4 division of information security within the department of
5 enterprise technology services; creating positions; making
6 conforming amendments; requiring reporting; providing
7 rulemaking authority; and providing for effective dates.
8
9 Be It Enacted by the Legislature of the State of Wyoming:
10
11 Section 1. W.S. 9-2-2908 is created to read:
12
13 9-2-2908. Cybersecurity.
14
15 (a) The state chief information officer shall appoint
16 an administrator of the cybersecurity division, who shall
1 HB0184
 2023 STATE OF WYOMING 23LSO-0309
1 act as a state chief information security officer. The
2 division shall possess the mission and resources to assist
3 in ensuring other state agencies' compliance with
4 information security policies and regulations. The division
5 shall further:
6
7 (i) Provide timely technical assistance to
8 operators of agency information systems regarding security
9 incidents, including guidance on detecting and handling
10 information security incidents;
11
12 (ii) Compile and analyze information about
13 incidents that threaten information security;
14
15 (iii) Inform personnel responsible for agency
16 information systems about current and potential information
17 security threats and vulnerabilities; and
18
19 (iv) Provide, as appropriate, intelligence and
20 other information about cyber threats, vulnerabilities and
21 incidents to agencies to assist in risk assessments
22 conducted by agencies in accordance with their individual
23 compliance requirements.
2 HB0184
 2023 STATE OF WYOMING 23LSO-0309
1
2 (b) The state chief information security officer
3 shall:
4
5 (i) Develop and maintain a statewide agency
6 information security program within the division;
7
8 (ii) Develop and maintain information security
9 policies, procedures and control techniques to address all
10 applicable requirements;
11
12 (iii) Assist senior agency officials concerning
13 their information security responsibilities.
14
15 (c) The state chief information security officer
16 shall aid the head of each agency and the head of each
17 agency shall cooperate with the state chief information
18 security officer to:
19
20 (i) Provide information security protections
21 commensurate with the risk and magnitude of the harm that
22 would result from unauthorized access, use, disclosure,
23 disruption, modification or destruction of:
3 HB0184
 2023 STATE OF WYOMING 23LSO-0309
1
2 (A) Information collected or maintained by
3 or on behalf of the agency; and
4
5 (B) Information systems used or operated by
6 an agency or by a contractor of an agency or other
7 organization on behalf of an agency.
8
9 (ii) Comply with the requirements of state chief
10 information officer programs, policies, procedures,
11 standards and guidelines to ensure that information
12 security management processes are integrated with agency
13 strategic, operational and budgetary planning processes;
14
15 (iii) Provide information security for the
16 information and systems that support the operations and
17 assets under the control of the head of each agency,
18 including through:
19
20 (A) Assessing the risk and magnitude of the
21 harm that could result from the unauthorized access, use,
22 disclosure, disruption, modification or destruction of such
23 information or systems;
4 HB0184
 2023 STATE OF WYOMING 23LSO-0309
1
2 (B) Determining the levels of information
3 security appropriate to protect the information and
4 systems;
5
6 (C) Implementing policies and procedures to
7 cost-effectively reduce risks to an acceptable level; and
8
9 (D) Periodically testing and evaluating
10 information security controls and techniques and performing
11 information security audits and assessments to ensure that
12 information security controls and techniques are
13 effectively implemented and to determine any noncompliance
14 with information security requirements.
15
16 (iv) Ensure that sufficient division personnel
17 are available to assist other state agencies in complying
18 with the requirements of this section and related programs,
19 policies, procedures, standards and guidelines.
20
21 (d) The state chief information security officer
22 shall report annually to the governor and the joint
23 appropriations committee on the effectiveness of the agency
5 HB0184
 2023 STATE OF WYOMING 23LSO-0309
1 information security program, including progress of
2 remedial actions.
3
4 Section 2. W.S. 9-2-2902(a) by creating a new
5 paragraph (iii) and 9-2-2904(a) by creating a new paragraph
6 (vi), by renumbering (vi) as (vii), by creating a new
7 paragraph (viii) and by renumbering (vii) through (xi) as
8 (ix) through (xiii) are amended to read:
9
10 9-2-2902. Department divisions.
11
12 (a) The department shall consist of the following
13 divisions in addition to the office of the director of the
14 department:
15
16 (iii) Cybersecurity division.
17
18 9-2-2904. Definitions.
19
20 (a) As used in this article:
21
22 (vi) "Incident" means an occurrence that:
23
6 HB0184
 2023 STATE OF WYOMING 23LSO-0309
1 (A) Actually or imminently jeopardizes,
2 without lawful authority, the integrity, confidentiality or
3 availability of information or an information system; or
4
5 (B) Constitutes a violation or imminent
6 threat of violation of law, security policies, security
7 procedures or acceptable use policies.
8
9 (vi)(vii) "Information processing software"
10 means all purchased, procured or developed software for use
11 on any information technology equipment;
12
13 (viii) "Information security" means protecting
14 information and information systems from unauthorized
15 access, use, disclosure, disruption, modification or
16 destruction in order to provide:
17
18 (A) Integrity, which means guarding against
19 improper information modification or destruction, and
20 includes ensuring information nonrepudiation and
21 authenticity;
22
7 HB0184
 2023 STATE OF WYOMING 23LSO-0309
1 (B) Confidentiality, which means preserving
2 authorized restrictions on access and disclosure, including
3 means for protecting personal privacy and proprietary
4 information; and
5
6 (C) Availability, which means ensuring
7 timely and reliable access to and use of information.
8
9 (vii)(ix) "Information technology equipment"
10 means all business and personal computing devices,
11 intelligent handheld devices including tablets and smart
12 phones, printers and other related peripheral equipment;
13
14 (viii)(x) "Judiciary" means the judicial
15 department of state government established by article 2,
16 section 1 of the Wyoming constitution;
17
18 (ix)(xi) "Legislature" means the legislative
19 department of state government established by article 2,
20 section 1 of the Wyoming constitution;
21
22 (x)(xii) "State chief information officer" means
23 the person appointed in accordance with W.S. 9-2-2903. The
8 HB0184
 2023 STATE OF WYOMING 23LSO-0309
1 state chief information officer shall also function as the
2 director of the department;
3
4 (xi)(xiii) "Telecommunications transport
5 services" means the telecommunication transmission
6 facilities under which voice, data and video communications
7 are distributed between distant locations for use by state
8 agencies, institutions and educational institutions on a
9 shared basis.
10
11 Section 3. The department of enterprise technology
12 services shall promulgate rules to effectuate the
13 requirements of this act.
14
9 HB0184
 2023 STATE OF WYOMING 23LSO-0309
1 Section 4.
2
3 (a) Except as provided in subsection (b) of this act,
4 this act is effective July 1, 2023.
5
6 (b) Sections 3 and 4 of this act are effective
7 immediately upon completion of all acts necessary for a
8 bill to provide a law as provided by Article 3, Section 8
9 of the Wyoming Constitution.
10
11 (END)
10 HB0184


Statutes affected:
Introduced: 9-2-2902, 9-2-2904