Summary: The Public Agency Cyber Security Act prohibits public agencies from using hardware, software, or services that have been prohibited by the U.S. Department of Homeland Security for use on federal systems, such as products from Kaspersky Lab.
Based upon Virginia SB 1233 (2019)
SECTION 1. SHORT TITLE
This Act shall be called the “Public Agency Cyber Security Act.”
SECTION 2. FINDINGS AND PURPOSE
(A) FINDINGS—The legislature finds that:
(B) PURPOSE—This law is enacted to help improve security for confidential information held by public agencies.
SECTION 3. PROHIBITION
After section XXX, the following new section XXX shall be inserted:
(A) DEFINITIONS—In this section:
“Public agency” means any legislative body; any court; any authority, board, bureau, commission, district, or agency of the state; any political subdivision of the state, including counties, cities, and towns, city councils, boards of supervisors, school boards, planning commissions, and governing boards of institutions of higher education; and other organizations, corporations, or agencies in the state supported wholly or principally by public funds. “Public agency” includes any committee, subcommittee, or other entity however designated of the public agency or formed to advise the public agency, including those with private sector or citizen members.
(B) BANNED COMPUTER HARDWARE, SOFTWARE
No public agency may use, whether directly or through work with or on behalf of another public agency, any hardware, software, or services that have been prohibited by the U.S. Department of Homeland Security for use on federal systems.
(C) ADDITIONAL DUTIES OF THE [CHIEF INFORMATION OFFICER]
For the security of government information, the [Chief Information Officer] shall promptly notify all public agencies about hardware, software, or services that have been prohibited pursuant to this section.
SECTION 4. EFFECTIVE DATE
This law shall become effective on July 1, 20XX.