Outline of New York State & the NYS Assembly Seal

New York State Assembly

Speaker Carl E. Heastie
  -  This bill is not active in this session.
 
     
  •  Summary 
    •  
  •  Actions 
    •  
  •  Committee Votes 
    •  
  •  Floor Votes 
    •  
  •  Memo 
    •  
  •  Text 
    •  
  •  LFIN 
    •  
  •  Chamber Video/Transcript 

S02671 Summary:

BILL NOS02671
 
SAME ASSAME AS A00426
 
SPONSORBASKIN
 
COSPNSR
 
MLTSPNSR
 
Amd §165, St Fin L (as proposed in S.5615 & A.2833)
 
Directs that state agencies require that procurement of end point devices be consistent with any relevant standards, guidelines, or guidance developed as part of the National Institute of Standards and Technology (NIST) Cybersecurity Framework.
Go to top

S02671 Text:




 
                STATE OF NEW YORK
        ________________________________________________________________________
 
                                          2671
 
                               2025-2026 Regular Sessions
 
                    IN SENATE
 
                                    January 22, 2025
                                       ___________
 
        Introduced  by  Sen.  BASKIN -- read twice and ordered printed, and when
          printed to be committed to the Committee on Rules
 
        AN ACT to amend the  state  finance  law,  in  relation  to  procurement
          requirements for end point device security
 
          The  People of the State of New York, represented in Senate and Assem-
        bly, do enact as follows:
 
     1    Section 1. Subdivision 9 of section 165 of the state finance  law,  as
     2  added  by  a  chapter of the laws of 2024 amending the state finance law
     3  relating to procurement requirements for end point device  security,  as
     4  proposed in legislative bills numbers S. 5615 and A. 2833, is amended to
     5  read as follows:
     6    9. End point device security. (a) For the purposes of this subdivision
     7  "end  point  device"  shall  mean  personal computing goods that include
     8  desktops, laptops, all-in-ones, tablets, mobile or cellular  telephones,
     9  thin  clients,  and monitors of various sizes; printers; and multi-func-
    10  tional devices that include imaging devices that combine operations such
    11  as copying, printing, scanning and faxing into one machine.
    12    (b) The commissioner and all state agencies, when procuring end  point
    13  devices,  shall  [require those devices, services and solutions to meet]
    14  be consistent with  any  relevant  standards,  guidelines,  or  guidance
    15  developed  as part of the National Institute of Standards and Technology
    16  (NIST) Cybersecurity Framework.
    17    [(c) Within one year of adoption of any  amendments  to  the  security
    18  standards and guidelines referenced in paragraph (b) of this subdivision
    19  the  commissioner  and  each  state  agency shall update their end point
    20  device procurement requirements.]
    21    § 2. This act shall take effect on the  same  date  and  in  the  same
    22  manner  as  a chapter of the laws of 2024 amending the state finance law
    23  relating to procurement requirements for end point device  security,  as
    24  proposed in legislative bills numbers S. 5615 and A. 2833, takes effect.

         EXPLANATION--Matter in italics (underscored) is new; matter in brackets
                              [ ] is old law to be omitted.
                                                                   LBD02682-01-5
Go to top