By: Deshotel, Beckley H.B. No. 2401
 
 
 
A BILL TO BE ENTITLED
 
AN ACT
  relating to the requirement that state agency employees complete
  cybersecurity awareness training.
         BE IT ENACTED BY THE LEGISLATURE OF THE STATE OF TEXAS:
         SECTION 1.  Subchapter N-1, Chapter 2054, Government Code,
  is amended by adding Section 2054.5175 to read as follows:
         Sec. 2054.5175.  CYBERSECURITY AWARENESS TRAINING. (a)
  This section applies only to a state agency that is a department,
  commission, board, office, or other agency in the executive branch
  of state government. This section does not apply to an institution
  of higher education, as defined by Section 61.003, Education Code.
         (b)  Each state agency shall require all employees of the
  agency who have access to the agency's network or online systems,
  including electronic mail or Internet access, to complete training
  on cybersecurity awareness.  The training must:
               
               (1)  be designed, administered, and maintained by a
  third-party vendor;
               (2)  include industry standards of content for
  cybersecurity training;
               (3)  be capable of training at least 100,000 people;
               (4)  incorporate a management console allowing the
  entering of the employee's first name, last name, electronic mail
  address, state agency employer, and division in which the employee
  is employed;
               (5)  track the progress of an employee in completing
  the training;
               (6)  generate reports, including reports that display
  the progress in completing the training of:
                     (A)  each division of a state agency;
                     (B)  each state agency as a whole; and
                     (C)  the entire state workforce;
               (7)  provide a flexible number of training licenses to
  accommodate an unknown number of employees being trained each year;
               (8)  be regularly updated to include training about new
  cybersecurity threats;
               (9)  have the ability to include content in addition to
  cybersecurity awareness training, including training on human
  resources policies and sexual harassment prevention;
               (10)  have the ability to display an image of the state
  seal or a state agency's seal or logo;
               (11)  have the ability to create groups and allow
  employees to be assigned to the groups;
               (12)  have the ability to assign training requirements
  to specific groups of employees; and
               (13)  have the ability to send electronic mail
  notifications that are customizable to employees enrolled in the
  training.
         SECTION 2.  This Act takes effect September 1, 2019.