87R2931 MWC-D
 
  By: Paxton S.B. No. 345
 
 
 
A BILL TO BE ENTITLED
 
AN ACT
  relating to state agency and local government compliance with
  cybersecurity training requirements.
         BE IT ENACTED BY THE LEGISLATURE OF THE STATE OF TEXAS:
         SECTION 1.  Subchapter A, Chapter 772, Government Code, is
  amended by adding Section 772.012 to read as follows:
         Sec. 772.012.  COMPLIANCE WITH CYBERSECURITY TRAINING
  REQUIREMENTS. (a) In this section, "local government" has the
  meaning assigned by Section 2054.003.
         (b)  To apply for a grant under this chapter, a local
  government must submit with the grant application a written
  certification of the local government's compliance with the
  cybersecurity training required by Section 2054.5191.
         (c)  On a determination by the criminal justice division
  established under Section 772.006 that a local government awarded a
  grant under this chapter has not complied with the cybersecurity
  training required by Section 2054.5191, the local government shall
  pay to this state an amount equal to the amount of the grant award.
  A local government that is the subject of a determination described
  by this subsection is ineligible for another grant under this
  chapter until the second anniversary of the date the local
  government is determined ineligible.
         SECTION 2.  The heading to Section 2054.5191, Government
  Code, is amended to read as follows:
         Sec. 2054.5191.  CYBERSECURITY TRAINING REQUIRED: CERTAIN
  EMPLOYEES AND OFFICIALS.
         SECTION 3.  Sections 2054.5191(a-1) and (b), Government
  Code, are amended to read as follows:
         (a-1)  At least once each year, a local government shall:
               (1)  identify local government employees and elected
  and appointed officials who have access to a local government
  computer system or database and use a computer to perform at least
  25 percent of the employee's or official's required duties; and
               (2)  require the [those] employees and [elected]
  officials identified under Subdivision (1) [of the local
  government] to complete a cybersecurity training program certified
  under Section 2054.519 or offered under Section 2054.519(f).
         (b)  The governing body of a local government may select the
  most appropriate cybersecurity training program certified under
  Section 2054.519 or offered under Section 2054.519(f) for employees
  and officials of the local government to complete. The governing
  body shall:
               (1)  verify and report on the completion of a
  cybersecurity training program by employees and officials of the
  local government to the department; and
               (2)  require periodic audits to ensure compliance with
  this section.
         SECTION 4.  Section 2056.002(b), Government Code, is amended
  to read as follows:
         (b)  The Legislative Budget Board and the governor's office
  shall determine the elements required to be included in each
  agency's strategic plan. Unless modified by the Legislative Budget
  Board and the governor's office, and except as provided by
  Subsection (c), a plan must include:
               (1)  a statement of the mission and goals of the state
  agency;
               (2)  a description of the indicators developed under
  this chapter and used to measure the output and outcome of the
  agency;
               (3)  identification of the groups of people served by
  the agency, including those having service priorities, or other
  service measures established by law, and estimates of changes in
  those groups expected during the term of the plan;
               (4)  an analysis of the use of the agency's resources to
  meet the agency's needs, including future needs, and an estimate of
  additional resources that may be necessary to meet future needs;
               (5)  an analysis of expected changes in the services
  provided by the agency because of changes in state or federal law;
               (6)  a description of the means and strategies for
  meeting the agency's needs, including future needs, and achieving
  the goals established under Section 2056.006 for each area of state
  government for which the agency provides services;
               (7)  a description of the capital improvement needs of
  the agency during the term of the plan and a statement, if
  appropriate, of the priority of those needs;
               (8)  identification of each geographic region of this
  state, including the Texas-Louisiana border region and the
  Texas-Mexico border region, served by the agency, and if
  appropriate the agency's means and strategies for serving each
  region;
               (9)  a description of the training of the agency's
  contract managers under Section 656.052;
               (10)  an analysis of the agency's expected expenditures
  that relate to federally owned or operated military installations
  or facilities, or communities where a federally owned or operated
  military installation or facility is located;
               (11)  an analysis of the strategic use of information
  resources as provided by the instructions prepared under Section
  2054.095; [and]
               (12)  a written certification of the agency's
  compliance with the cybersecurity training required under Sections
  2054.5191 and 2054.5192; and
               (13)  other information that may be required.
         SECTION 5.  (a) Section 772.012, Government Code, as added
  by this Act, applies only to a grant application submitted by a
  local government on or after September 1, 2021.
         (b)  Section 2056.002(b), Government Code, as amended by
  this Act, applies only to a strategic plan submitted by a state
  agency on or after January 1, 2022.
         SECTION 6.  This Act takes effect immediately if it receives
  a vote of two-thirds of all the members elected to each house, as
  provided by Section 39, Article III, Texas Constitution.  If this
  Act does not receive the vote necessary for immediate effect, this
  Act takes effect September 1, 2021.