Test Drive Our New Site! We have some improvements in the works that we're excited for you to experience. Click here to try our new, faster, mobile friendly beta site. We will be maintaining our current version of the site thru the end of 2024, so you can switch back as our improvements continue.
Legislation Quick Search
05/28/2024 12:28 PM
Pennsylvania State Senate
Home / Senate Co-Sponsorship Memoranda

Senate Co-Sponsorship Memoranda

Subscribe to PaLegis Notifications

Subscribe to receive notifications of new Co-Sponsorship Memos circulated

By Member | By Date | Keyword Search

Senate of Pennsylvania
Session of 2023 - 2024 Regular Session


Posted: May 4, 2023 04:29 PM
From: Senator Kristin Phillips-Hill
To: All Senate members
Subject: Utilizing NIST Standards in State Contracts for IT
In the near future I will be introducing legislation aimed at protecting our state’s information technology (IT). Cyber security attacks cost businesses and governments trillions of dollars every year. Often, governments consider security in terms of preventing ‘a PC’ from being infected. The reality is that attacks are becoming much more destructive and at a larger scale. It’s not uncommon to see attacks take down hundreds or thousands of machines in a single incident.


Right here within our own state government we have seen attacks and breaches across almost every agency. From the Department of Labor and Industry, to the Department of Human Services, to the Department of Education, and the Department of Health, we have seen incidents involving our state’s IT system and the valuable data of virtually every single Pennsylvanian at risk.


In this environment, it’s critical to understand that every PC or printer purchase decision our state government makes should include cyber security as a critical procurement requirement and utilize best practices. The National Institute of Standards and Technology (NIST) guidelines consist of standards, guidelines, and best practices to manage cybersecurity-related risk. This is a flexible and cost-effective approach that helps to promote the protection and resilience of our IT. These standards have also been adopted by the U.S. Government in all of their IT procurements.


This legislation will require that any state government purchase of computer hardware shall meet NIST standards and best practices for computer security. Pennsylvania must demonstrate the capability to fight these adversaries who are perpetually launching cyberattacks and to do that, we must utilize the best tools and procedures that are on the market. 

Please join me in cosponsoring this important legislation.

Introduced as SB745