Sponsored by:
Assemblyman HERB CONAWAY, JR.
District 7 (Burlington)
SYNOPSIS
Establishes State and local government purchasing and use requirements for cybersecurity systems.
CURRENT VERSION OF TEXT
As introduced.
An Act concerning the purchase and use of cybersecurity systems and supplementing Title 52 of the Revised Statutes and P.L.1971, c.198.
Be It Enacted by the Senate and General Assembly of the State of New Jersey:
1. a. The Division of Purchase and Property in the Department of the Treasury shall award a Statewide cybersecurity system contract for use by all State agencies. The contract shall include a provision to allow for the purchase and use by any local contracting unit. The local contracting unit shall submit notification of purchase and use to the Division of Purchase and Property.
b. Notwithstanding the provisions of any other law, rule, or regulation to the contrary, the Director of the Division of Purchase and Property, the Chief Technology Officer of the Office of Information Technology in the Department of the Treasury, and any State agency having authority to contract for the purchase of goods or services, shall, whenever technically feasible, use or require the use of the Statewide cybersecurity contract, before entering into a separate contract for the purchase of cybersecurity systems.
c. The Office of Information Technology shall develop and publish on its website standards for cybersecurity systems to be used when implementing the requirement established pursuant to subsections a. and b. of this section. The standards shall be equivalent to the standards of the National Institute of Standards and Technology or any other substantially similar federal entity.
d. When preparing the specifications for a contract for the purchase of cybersecurity systems, the Division of Purchase and Property or any other State agency shall include in the invitation to bid, when relevant, a statement that any response to the invitation shall provide a cybersecurity system that meets the standards developed and published by the Office of Information Technology.
e. The provisions of this section shall not apply to:
(1) any binding contractual obligations for the purchase of goods or services entered into prior to the effective date of this act, P.L. , c. (C. ) (pending before the Legislature as this bill);
(2) requests for proposals advertised to the public prior to the effective date of this act;
(3) any amendment, modification, or renewal of a contract, when the contract was entered into prior to the effective date of this act and when the application of this act would delay timely completion of a project or involve an increase in the total costs to be paid by the State under that contract; or
(4) a contract when the Director of the Division of Purchase and Property, the Chief Technology Officer of the Office of Information Technology, or the head of any State agency having authority to contract for the purchase of goods or services determines, in their sole discretion, that the use of the Statewide contract for cybersecurity systems would increase the cost of the contract by an unreasonable amount.
f. As used in this section:
Cybersecurity system means the application of technologies, processes, and controls to protect systems, networks, programs, devices, and data from unauthorized access or criminal use.
State agency means any of the principal departments in the Executive Branch of the State Government, and any division, board, bureau, agency, office, commission, authority, or other instrumentality within or created by such department.
2. a. Notwithstanding the provisions of any other law, rule, or regulation to the contrary, a local contracting unit having authority to contract for the purchase of goods or services in accordance with the Local Public Contracts Law, P.L.1971, c.198 (C.40A:11-1 et seq.) shall, whenever technically feasible, use or require the use of the Statewide cybersecurity contract awarded pursuant to subsection a. of section 1 of P.L. , c. (C. ) (pending before the Legislature as this bill), before entering into a separate contract for the purchase of cybersecurity systems.
b. When preparing the specifications for a contract for the purchase of cybersecurity systems, the local contracting unit shall include in the invitation to bid, when relevant, a statement that any response to the invitation shall provide a cybersecurity system that meets the standards developed and published by the Office of Information Technology pursuant to subsection c. of section 1 of this act.
c. The provisions of this section shall not apply to:
(1) any binding contractual obligations for the purchase of goods or services entered into prior to the effective date of this act;
(2) requests for proposals advertised to the public prior to the effective date of this act;
(3) any amendment, modification, or renewal of a contract, when the contract was entered into prior to the effective date of this act and when the application of this act would delay timely completion of a project or involve an increase in the total costs to be paid by the municipality under that contract; or
(4) a contract when the local contracting unit determines, in its sole discretion, that the use of the Statewide contract for cybersecurity systems would increase the cost of the contract by an unreasonable amount.
d. As used in this section,
cybersecurity system means the application of technologies, processes, and
controls to protect systems, networks, programs, devices, and data from unauthorized
access or criminal use.
3. This act shall take effect immediately.
STATEMENT
This bill establishes State and local government purchasing and use requirements for cybersecurity systems.
Under this bill, cybersecurity system means the application of technologies, processes, and controls to protect systems, networks, programs, devices, and data from unauthorized access or criminal use.
This bill requires the Division of Purchase and Property in the Department of the Treasury to award a cybersecurity contract for use by all State agencies. Any State agency or local contracting unit will be required to, whenever technically feasible, use or require the use of this Statewide cybersecurity contract.
This bill also requires the Office of Information Technology to develop and publish cybersecurity system standards on its website, which must be equivalent to the standards of the National Institute of Standards and Technology or any other substantially similar federal entity.
In preparing specification for a contract, the Division of Purchase and Property or any State agency or a local contracting unit will be required to include in an invitation to bid, when relevant, a statement that any response to the invitation has to provide a cybersecurity system that meets the standards developed and published by the Office of Information Technology.
This bill will apply to all State agencies in the Executive Branch and counties, municipalities and any board, commission, auth