By: Paxton S.B. No. 717
 
 
A BILL TO BE ENTITLED
 
AN ACT
  relating to public school cybersecurity controls and requirements
  and technical assistance and cybersecurity risk assessments for
  public schools provided by the Department of Information Resources.
         BE IT ENACTED BY THE LEGISLATURE OF THE STATE OF TEXAS:
         SECTION 1.  Section 11.175(c), Education Code, is amended to
  read as follows:
         (c)  A school district's cybersecurity policy must comply
  with the cybersecurity controls and requirements adopted by the
  commissioner under Section 32.351 and may not conflict with the
  information security standards for institutions of higher
  education adopted by the Department of Information Resources under
  Chapters 2054 and 2059, Government Code.
         SECTION 2.  Chapter 32, Education Code, is amended by adding
  Subchapter H to read as follows:
  SUBCHAPTER H. CYBERSECURITY
         Sec. 32.351.  CYBERSECURITY CONTROLS AND REQUIREMENTS. (a)
  The commissioner shall adopt cybersecurity controls and
  requirements for school districts, open-enrollment charter
  schools, and district and school vendors in consultation with and
  as recommended by the Department of Information Resources.
         (b)  Each school district and open-enrollment charter school
  shall implement the cybersecurity controls and requirements
  adopted by the commissioner under this section.
         (c)  To implement this section, the agency may contract with:
               (1)  a regional education service center;
               (2)  a private entity; or
               (3)  a regional network security center under
  Subchapter E, Chapter 2059, Government Code. 
         (d)  The commissioner shall adopt rules as necessary to
  implement this section.
         (e)  Not later than September 1 of each even-numbered year,
  the commissioner shall review the rules adopted under this section
  and amend the rules as necessary to ensure that the cybersecurity
  controls and requirements continue to provide effective
  cybersecurity protection for school districts and open-enrollment
  charter schools.
         SECTION 3.  Subchapter C, Chapter 2054, Government Code, is
  amended by adding Sections 2054.0561 and 2054.0595 to read as
  follows:
         Sec. 2054.0561.  TECHNICAL ASSISTANCE FOR PUBLIC SCHOOLS.
  (a) The department may provide technical assistance to school
  districts and open-enrollment charter schools regarding the
  implementation of cybersecurity controls, requirements, and
  network operations under Sections 11.175 and 32.351, Education
  Code. In providing technical assistance to districts and schools,
  the department may:
               (1)  use services offered by third parties;
               (2)  procure technology and services for districts and
  schools;
               (3)  recommend to the Legislative Budget Board that
  school districts and open-enrollment charter schools migrate
  services to the State Data Center located on the campus of Angelo
  State University; and
               (4)  use the services of a regional network security
  center established under Section 2059.202.
         (b)  The department may adopt rules as necessary to
  implement this section.
         Sec. 2054.0595.  CYBERSECURITY RISK ASSESSMENTS FOR PUBLIC
  SCHOOLS. The department may perform a cybersecurity risk
  assessment of a school district or open-enrollment charter school
  at the request of:
               (1)  the commissioner of the Texas Education Agency;
               (2)  the superintendent of the district or the person
  who serves the function of superintendent of the school, as
  applicable; or
               (3)  the Texas Division of Emergency Management after a
  cybersecurity incident affecting the district or school.
         SECTION 4.  Section 2059.058(b), Government Code, is amended
  to read as follows:
         (b)  In addition to the department's duty to provide network
  security services to state agencies under this chapter, the
  department by agreement may provide network security to:
               (1)  each house of the legislature;
               (2)  an agency that is not a state agency, including a
  legislative agency;
               (3)  a political subdivision of this state, including a
  county, municipality, or special district;
               (4)  an independent organization, as defined by Section
  39.151, Utilities Code; [and]
               (5)  a public junior college; and
               (6)  an open-enrollment charter school established
  under Subchapter D, Chapter 12, Education Code.
         SECTION 5.  Section 2059.201, Government Code, is amended to
  read as follows:
         Sec. 2059.201.  ELIGIBLE PARTICIPATING ENTITIES. A state
  agency or an entity listed in Sections 2059.058(b)(3)-(6)
  [2059.058(b)(3)-(5)] is eligible to participate in cybersecurity
  support and network security provided by a regional network
  security center under this subchapter.
         SECTION 6.  Section 11.175(g), Education Code, as added by
  Chapter 1045 (S.B. 1267), Acts of the 87th Legislature, Regular
  Session, 2021, is repealed.
         SECTION 7.  Not later than March 31, 2024, the Texas
  Education Agency and the Department of Information Resources shall
  adopt rules necessary to implement the changes in law made by this
  Act.
         SECTION 8.  To the extent of any conflict, this Act prevails
  over another Act of the 88th Legislature, Regular Session, 2023,
  relating to nonsubstantive additions to and corrections in enacted
  codes.
         SECTION 9.  This Act takes effect September 1, 2023.