Directs that state agencies require that procurement of personal computing goods, services and solutions meet the National Institute of Standards and Technology (NIST) Cybersecurity Framework.
STATE OF NEW YORK
________________________________________________________________________
2833
2023-2024 Regular Sessions
IN ASSEMBLY
January 27, 2023
___________
Introduced by M. of A. OTIS -- read once and referred to the Committee
on Science and Technology
AN ACT to amend the state finance law, in relation to procurement
requirements for end point device security
The People of the State of New York, represented in Senate and Assem-bly, do enact as follows:
1 Section 1. Section 165 of the state finance law is amended by adding a
2 new subdivision 9 to read as follows:
3 9. End point device security. (a) For the purposes of this subdivision
4 "end point device" shall mean personal computing goods that include
5 desktops, laptops, all-in-ones, tablets, mobile or cellular telephones,
6 thin clients, and monitors of various sizes; printers; and multi-func-
7 tional devices that include imaging devices that combine operations such
8 as copying, printing, scanning and faxing into one machine.
9 (b) The commissioner and all state agencies, when procuring end point
10 devices, shall require those devices, services and solutions to meet the
11 National Institute of Standards and Technology (NIST) Cybersecurity
12 Framework.
13 (c) Within one year of adoption of any amendments to the security
14 standards and guidelines referenced in paragraph (b) of this subdivision
15 the commissioner and each state agency shall update their end point
16 device procurement requirements.
17 § 2. This act shall take effect on the ninetieth day after it shall
18 have become a law.
EXPLANATION--Matter in italics (underscored) is new; matter in brackets
[] is old law to be omitted.
LBD07739-01-3