Amendment ID: S2806-18

Amendment 18

Mandatory Public Employee Cybersecurity Training

Messrs. Moore, Montigny and Tarr move that the proposed new text be amended by inserting after section __ the following section:-

"SECTION __. Chapter 7D of the general laws is hereby amended by inserting at the end there of the following new section:-

Section 12. Statewide Public Employee Cybersecurity Training.

The executive office of technology services and security, in consultation with the office of the comptroller, shall prepare and update from time to time the following online training programs, which the executive office shall publish on its official website: (1) a program which shall provide general cybersecurity training; and (2) special programs, which may be tailored to an entity, profession, role, or other factors that are necessary to further cybersecurity within the commonwealth. Every state, county, and municipal employee shall, within 30 days after becoming such an employee, and every year thereafter, complete the general cybersecurity training, and shall complete such special programs as necessary. Upon completion of the online training programs, the employee shall provide notice of such completion to be retained for 6 years by the appropriate employer.

The executive office shall consult benchmarks and standards established by the Center for Internet Security, National Institute for Standards and Technology and the Workforce Framework for Cybersecurity in developing the cybersecurity trainings.

The executive office shall establish procedures for implementing this section and ensuring compliance.

For the purposes of this section, the terms state, county, and municipal employee shall have the same meaning as section 1 of chapter 268A."