Utah Legislature HB0239

1     STATE EMPLOYEE CYBERSECURITY TRAINING
2     REQUIREMENTS
3     2024 GENERAL SESSION
4     STATE OF UTAH
5     Chief Sponsor: Carl R. Albrecht
6     Senate Sponsor: Evan J. Vickers
7

8     LONG TITLE
9     General Description:
10          This bill provides for a state cybersecurity awareness training program for all state
11     executive branch employees.
12     Highlighted Provisions:
13          This bill:
14          ▸     requires the Division of Technology Services to create a yearly cybersecurity
15     training course; and
16          ▸     requires all state executive branch employees to complete the cybersecurity training
17     course once a year.
18     Money Appropriated in this Bill:
19          None
20     Other Special Clauses:
21          None
22     Utah Code Sections Affected:
23     ENACTS:
24          67-27-105, Utah Code Annotated 1953
25

26 Be it enacted by the Legislature of the state of Utah:
27 Section 1. Section 67-27-105 is enacted to read:

28          67-27-105. Required cybersecurity training.
29          (1) (a) The Division of Technology Services shall institute, develop, conduct, and
30     otherwise provide for a cybersecurity training program for all employees of the state executive
31     branch.
32          (b) A state executive branch employee that is not issued a computer, tablet, or cell
33     phone is not required to participate in the cybersecurity training program described in
34     Subsection (1).
35          (2) The Division of Technology Services shall design the cybersecurity training
36     program to provide instruction regarding:
37          (a) secure computing practices;
38          (b) recognizing and responding to potential cyber threats;
39          (c) protecting sensitive data and information;
40          (d) password management and multi-factor authentication;
41          (e) appropriate use of technology resources; and
42          (f) any other matter the Division of Technology Services determines should be
43     included in the training program.
44          (3) All state executive branch employees shall be required to complete the
45     cybersecurity training program described in Subsection (1):
46          (a) within 30 days after beginning employment; and
47          (b) at least once in each calendar year.
48          (4) Each state agency shall be responsible for monitoring and verifying completion of
49     cybersecurity training by their employees.
50          Section 2. Effective date.
51          This bill takes effect on May 1, 2024.