Outline of New York State & the NYS Assembly Seal

New York State Assembly

Speaker Carl E. Heastie
 
     
  •  Summary 
    •  
  •  Actions 
    •  
  •  Committee Votes 
    •  
  •  Floor Votes 
    •  
  •  Memo 
    •  
  •  Text 
    •  
  •  LFIN 
    •  
  •  Chamber Video/Transcript 

A00426 Summary:

BILL NOA00426
 
SAME ASSAME AS S02671
 
SPONSOROtis
 
COSPNSR
 
MLTSPNSR
 
Amd §165, St Fin L (as proposed in S.5615 & A.2833)
 
Directs that state agencies require that procurement of end point devices be consistent with any relevant standards, guidelines, or guidance developed as part of the National Institute of Standards and Technology (NIST) Cybersecurity Framework.
Go to top

A00426 Text:




 
                STATE OF NEW YORK
        ________________________________________________________________________
 
                                           426
 
                               2025-2026 Regular Sessions
 
                   IN ASSEMBLY
 
                                       (Prefiled)
 
                                     January 8, 2025
                                       ___________
 
        Introduced  by  M. of A. OTIS -- read once and referred to the Committee
          on Science and Technology
 
        AN ACT to amend the  state  finance  law,  in  relation  to  procurement
          requirements for end point device security

          The  People of the State of New York, represented in Senate and Assem-
        bly, do enact as follows:
 
     1    Section 1. Subdivision 9 of section 165 of the state finance  law,  as
     2  added  by  a  chapter of the laws of 2024 amending the state finance law
     3  relating to procurement requirements for end point device  security,  as
     4  proposed in legislative bills numbers S. 5615 and A. 2833, is amended to
     5  read as follows:
     6    9. End point device security. (a) For the purposes of this subdivision
     7  "end  point  device"  shall  mean  personal computing goods that include
     8  desktops, laptops, all-in-ones, tablets, mobile or cellular  telephones,
     9  thin  clients,  and monitors of various sizes; printers; and multi-func-
    10  tional devices that include imaging devices that combine operations such
    11  as copying, printing, scanning and faxing into one machine.
    12    (b) The commissioner and all state agencies, when procuring end  point
    13  devices,  shall  [require those devices, services and solutions to meet]
    14  be consistent with  any  relevant  standards,  guidelines,  or  guidance
    15  developed  as part of the National Institute of Standards and Technology
    16  (NIST) Cybersecurity Framework.
    17    [(c) Within one year of adoption of any  amendments  to  the  security
    18  standards and guidelines referenced in paragraph (b) of this subdivision
    19  the  commissioner  and  each  state  agency shall update their end point
    20  device procurement requirements.]
    21    § 2. This act shall take effect on the  same  date  and  in  the  same
    22  manner  as  a chapter of the laws of 2024 amending the state finance law
    23  relating to procurement requirements for end point device  security,  as
    24  proposed in legislative bills numbers S. 5615 and A. 2833, takes effect.
 
         EXPLANATION--Matter in italics (underscored) is new; matter in brackets
                              [ ] is old law to be omitted.
                                                                   LBD02682-01-5
Go to top