The Legislative website will undergo scheduled maintenance on April 4th from 5-6 P.M. During this period, you may experience temporary disruptions. We apologize for any inconvenience and appreciate your understanding.

H.B. 239 State Employee Cybersecurity Training Requirements

Bill Sponsor:

Rep. Albrecht, Carl R.
Floor Sponsor:

Sen. Vickers, Evan J.
  • Drafting Attorney: Scott Elder
  • Fiscal Analyst: Heidi Jo Tak



  • Information
    • Last Action: 21 Mar 2024, Governor Vetoed
    • Last Location: Lieutenant Governor's office for filing


H.B. 239

3 67-27-105
1
STATE EMPLOYEE CYBERSECURITY TRAINING REQUIREMENTS
2024 GENERAL SESSION STATE OF UTAH Chief Sponsor: Carl R. Albrecht Senate Sponsor: Evan J. Vickers

2

3
LONG TITLE

4
General Description:

5
This bill provides for a state cybersecurity awareness training program for all state
6
executive branch employees.

7
Highlighted Provisions:
8
This bill:
9
requires the Division of Technology Services to create a yearly cybersecurity training
10
course; and

11
requires all state executive branch employees to complete the cybersecurity training
12
course once a year.
13
Money Appropriated in this Bill:

14
None
15
Other Special Clauses:

16
None
17
Utah Code Sections Affected:
18
ENACTS:
19
67-27-105, Utah Code Annotated 1953

20

21
Be it enacted by the Legislature of the state of Utah:

22

23

22
Section 1, Section 67-27-105 is enacted to read:

23
67-27-105. Required cybersecurity training.

24
(1) (a) The Division of Technology Services shall institute, develop, conduct, and
25
otherwise provide for a cybersecurity training program for all employees of the state
26
executive branch.

27
(b) A state executive branch employee that is not issued a computer, tablet, or cell
28
phone, and has no access to state systems as part of the state executive branch
29
employee's employment, is not required to participate in the cybersecurity training
30
program described in Subsection (1).

31
(2) The Division of Technology Services shall design the cybersecurity training program to
32
provide instruction regarding:

33
(a) secure computing practices;

34
(b) recognizing and responding to potential cyber threats;

35
(c) protecting sensitive data and information;

36
(d) password management and multi-factor authentication;

37
(e) appropriate use of technology resources; and

38
(f) any other matter the Division of Technology Services determines should be included
39
in the training program.

40
(3) All state executive branch employees shall be required to complete the cybersecurity
41
training program described in Subsection (1):

42
(a) within 30 days after beginning employment; and

43
(b) at least once in each calendar year.

44
(4) Each state agency shall be responsible for monitoring and verifying completion of
45
cybersecurity training by their employees.

46

46
Section 2. Effective date.
This bill takes effect on May 1, 2024.
Bill Status / Votes
• Senate Actions • House Actions • Fiscal Actions • Other Actions
DateActionLocationVote
1/10/2024 Bill Numbered but not DistributedLegislative Research and General Counsel
1/10/2024 Numbered Bill Publicly DistributedLegislative Research and General Counsel
1/10/2024 LFA/ bill sent to agencies for fiscal inputLegislative Research and General Counsel
1/13/2024 LFA/ fiscal note publicly availableLegislative Research and General Counsel
1/16/2024 House/ received bill from Legislative ResearchClerk of the House
1/16/2024 House/ received fiscal note from Fiscal AnalystClerk of the House
1/16/2024 House/ 1st reading (Introduced)House Rules Committee
1/22/2024 House/ to standing committeeHouse Public Utilities, Energy, and Technology Committee
1/24/2024 House Comm - Amendment Recommendation # 1House Public Utilities, Energy, and Technology Committee10 0 1
1/24/2024 House Comm - Favorable RecommendationHouse Public Utilities, Energy, and Technology Committee10 0 1
1/25/2024 (11:19:31 AM)House/ comm rpt/ amendedHouse Public Utilities, Energy, and Technology Committee
1/25/2024 (11:19:32 AM)House/ 2nd readingHouse 3rd Reading Calendar for House bills
2/2/2024 (12:00:16 PM)House/ 3rd readingHouse 3rd Reading Calendar for House bills
2/2/2024 (12:03:06 PM)House/ passed 3rd readingSenate Secretary68 0 7
2/2/2024 (12:03:08 PM)House/ to SenateSenate Secretary
2/2/2024 Senate/ received from HouseWaiting for Introduction in the Senate
2/2/2024 Senate/ 1st reading (Introduced)Senate Rules Committee
2/5/2024 Senate/ to standing committeeSenate Government Operations and Political Subdivisions Committee
2/7/2024 Senate Comm - Favorable RecommendationSenate Government Operations and Political Subdivisions Committee5 0 3
2/8/2024 (10:26:10 AM)Senate/ committee report favorableSenate Government Operations and Political Subdivisions Committee
2/8/2024 (10:26:11 AM)Senate/ placed on 2nd Reading CalendarSenate 2nd Reading Calendar
2/14/2024 (3:15:55 PM)Senate/ 2nd readingSenate 2nd Reading Calendar
2/14/2024 (3:18:40 PM)Senate/ passed 2nd readingSenate 3rd Reading Calendar22 0 7
2/15/2024 (11:15:28 AM)Senate/ 3rd readingSenate 3rd Reading Calendar
2/15/2024 (11:17:23 AM)Senate/ passed 3rd readingSenate President22 0 7
2/15/2024 (11:17:24 AM)Senate/ signed by President/ returned to HouseHouse Speaker
2/15/2024 (11:17:25 AM)Senate/ to HouseHouse Speaker
2/15/2024 House/ received from SenateHouse Speaker
2/15/2024 House/ signed by Speaker/ sent for enrollingLegislative Research and General Counsel / Enrolling
2/16/2024 Bill Received from House for EnrollingLegislative Research and General Counsel / Enrolling
2/16/2024 Draft of Enrolled Bill PreparedLegislative Research and General Counsel / Enrolling
3/8/2024 Enrolled Bill Returned to House or SenateClerk of the House
3/8/2024 House/ enrolled bill to PrintingClerk of the House
3/11/2024 House/ received enrolled bill from PrintingClerk of the House
3/11/2024 House/ to GovernorExecutive Branch - Governor
3/21/2024 Governor VetoedLieutenant Governor's office for filing