Live Free or Die Legal
This website is not an official source of law. This website does not provide legal advice. For official legal materials, verify against the relevant court, legislature, agency, or other official source. Legal information may be incomplete, outdated, or incorrectly processed. Consult a qualified attorney for advice about a specific legal matter.

This RSA section is an unofficial mirror, is not legal advice, and may be incomplete, outdated, or incorrectly processed.

RSA 21-R:4-a · Duties of the Chief Information Security Officer

Title
I: THE STATE AND ITS GOVERNMENT
Chapter
21-R · DEPARTMENT OF INFORMATION TECHNOLOGY
Status
current
Official source linked
Yes
Official source Copy section link

21-R:4-a Duties of the Chief Information Security Officer. – The chief information security officer shall be responsible for the following:

Copy link
I.

Chairing the cybersecurity advisory committee.

Copy link
II.

Developing, publishing, maintaining, and interpreting the statewide information security manual's policies and standards.

Copy link
III.

Developing, managing, and executing the statewide cyber disruption plan and an information security event response process.

Copy link
IV.

Staffing and training members of ESF-17 under the state emergency operations plan.

Copy link
V.

Identifying security requirements to limit the risks associated with identified executive branch business objectives as defined by the governor and the heads of state agencies.

Copy link
VI.

Providing information security subject matter expertise to the executive branch of the New Hampshire state government.

Copy link
VII.

Drafting and implementing an information security awareness and training program to be used by all state agencies.

Copy link
VIII.

Providing security metrics to track the performance of the information security program.

Copy link
IX.

Developing an information security governance and risk program, including, but not limited to:

Copy link
(a)

Coordinating and conducting risk assessments of agencies and their information assets.

Copy link
(b)

Conducting and managing vulnerability assessments of agency networks, applications, databases, and systems.

Copy link
(c)

Conducting penetration tests of agency networks, applications, databases, and systems.

Copy link
(d)

Conducting information security risk assessments of third parties with access to state of New Hampshire information assets.

Copy link
X.

Serving as the chief of the New Hampshire cyber integration center. Source. 2023, 135:4, eff. Aug. 29, 2023.

Copy link

Source note

Source. 2023, 135:4, eff. Aug. 29, 2023.

Source history

  • 2023, 135:4, eff. Aug. 29, 2023

Related materials

Bill relationships

  • 2026 SB657 amend

    applicable subject areas shall be represented on each committee. 3 New Section; Department of Information Technology; Artificial Intelligence Inventory and Annual Report. Amend RSA 21-R by inserting after section 9-a the following new section: 21-R:9-b Artificial Intelligence Inventory and Annual Report. I. The commissioner shall maintain a current inventory of all artificial intelligence systems

  • 2026 SB657-FN amend

    applicable subject areas shall be represented on each committee. 3 New Section; Department of Information Technology; Artificial Intelligence Inventory and Annual Report. Amend RSA 21-R by inserting after section 9-a the following new section: 21-R:9-b Artificial Intelligence Inventory and Annual Report. I. The commissioner shall maintain a current inventory of all artificial intelligence systems