HB 487 - AS INTRODUCED
2021 SESSION
21-0822
04/08
HOUSE BILL 487
AN ACT establishing an information technology supply chain risk authority.
SPONSORS: Rep. Somssich, Rock. 27; Rep. Meuse, Rock. 29; Rep. Woods, Merr. 23; Rep.
Hamblet, Rock. 31; Rep. Gould, Hills. 7; Rep. Ward, Rock. 28; Rep. Ammon, Hills.
40
COMMITTEE: Science, Technology and Energy
─────────────────────────────────────────────────────────────────
ANALYSIS
This bill establishes an information technology supply chain risk authority.
---------------------------------------------------------------------------
Explanation: Matter added to current law appears in bold italics.
Matter removed from current law appears [in brackets and struckthrough.]
Matter which is either (a) all new or (b) repealed and reenacted appears in regular type.
 HB 487 - AS INTRODUCED
21-0822
04/08
STATE OF NEW HAMPSHIRE
In the Year of Our Lord Two Thousand Twenty One
AN ACT establishing an information technology supply chain risk authority.
Be it Enacted by the Senate and House of Representatives in General Court convened:
1 1 Department of Information Technology; Subdivision Heading Amended. Amend the
2 subdivision heading preceding RSA 21-R:15 to read as follows:
3 [Cybersecurity Software]
4 Information Technology Supply Chain Risk Authority
5 2 Department of Information Technology; Information Technology Supply Chain Risk Authority
6 RSA 21-R:15 is repealed and reenacted to read as follows:
7 21-R:15 Information Technology Supply Chain Risk Authority Established.
8 I. There is hereby created an information technology supply chain risk authority
9 ("authority") within the department of information technology.
10 II. The members of the authority shall be as follows:
11 (a) Three members of the house of representatives, appointed by the speaker of the
12 house of representatives.
13 (b) Two senators, appointed by the president of the senate.
14 (c) Four members with expertise in information technology supply chain security,
15 appointed by the governor.
16 (d) The chief justice of the superior court, or designee.
17 (e) The attorney general, or designee.
18 (f) The commissioner of the department of information technology, or designee.
19 (g) The commissioner of the department of administrative services, or designee.
20 III. Legislative members of the authority shall receive mileage at the legislative rate when
21 attending to the duties of the authority. Members of the authority shall serve terms coterminous
22 with their terms in office, except that the member appointed under subparagraph (c) shall serve 3-
23 year terms and may be reappointed. Vacancies shall be filled in the same manner as the original
24 appointment.
25 IV. The members of the commission shall elect a chairperson from among the members. The
26 first named house member shall call the first meeting of the commission. Seven members of the
27 commission shall constitute a quorum.
28 V. The authority shall develop policies to govern and approve or deny all information
29 technology acquisitions and procurements statewide for all branches of state government and all
30 state departments and agencies, including the purchase or acquisition of any software, hardware, or
31 telecommunication services to ensure security and minimize risk. The authority may veto an
 HB 487 - AS INTRODUCED
- Page 2 -
1 acquisition or purchase request if it determines that it would present a security risk to the state's
2 information technology infrastructure. The authority shall only review acquisitions or purchases
3 proposed or made on or after the effective date of this section.
4 VI. Beginning November 1, 2022, and annually thereafter, the authority shall submit an
5 annual report of its activities for the year, including any findings and recommendations for proposed
6 legislation to the president of the senate, the speaker of the house of representatives, the senate
7 clerk, the house clerk, the governor, and the state library.
8 3 Effective Date. This act shall take effect 60 days after its passage.