1. The Office shall prepare and make publicly available a statewide strategic plan that outlines policies, procedures, best practices and recommendations for preparing for and mitigating risks to, and otherwise protecting, the security of information systems in this State and for recovering from and otherwise responding to threats to or attacks on the security of information systems in this State. The statewide strategic plan prepared and made available pursuant to this subsection must not identify or include information which allows for the identification of specific vulnerabilities in the information systems in this State.
2. The statewide strategic plan must include, without limitation, policies, procedures, best practices and recommendations for:
(a) Identifying, preventing and responding to threats to and attacks on the security of information systems in this State;
(b) Ensuring the safety of, and the continued delivery of essential services to, the people of this State in the event of a threat to or attack on the security of an information system in this State;
(c) Protecting the confidentiality of personal information that is stored on, transmitted to, from or through, or generated by an information system in this State;
(d) Investing in technologies, infrastructure and personnel for protecting the security of information systems; and
(e) Enhancing the voluntary sharing of information and any other collaboration among state agencies, local governments, agencies of the Federal Government and appropriate private entities regarding protecting the security of information systems.
3. The statewide strategic plan must be updated at least every 2 years.
4. A private entity may, in its discretion, make use of the information set forth in the statewide strategic plan.
5. Each agency of the State Government that has adopted a cybersecurity policy shall test the adherence of its employees to that policy on a periodic basis. Such an agency shall submit the results of the testing to the Office annually for consideration in the update of the statewide strategic plan.
(Added to NRS by 2017, 1635; A 2019, 2474)
Structure Nevada Revised Statutes
Chapter 480 - Administration of Laws Relating to Public Safety
NRS 480.100 - Creation; powers and duties set forth in chapter.
NRS 480.130 - Department: Divisions and Nevada Office of Cyber Defense Coordination.
NRS 480.150 - General duties and powers of Director; regulations.
NRS 480.160 - Main office of Department to be kept in Carson City; maintenance of branch offices.
NRS 480.170 - Deposit of money collected or received by State Fire Marshal Division.
NRS 480.300 - Creation of division.
NRS 480.320 - Payment of cadets.
NRS 480.350 - Qualifications of appointed personnel.
NRS 480.360 - Duties of personnel.
NRS 480.405 - "Act of terrorism" defined.
NRS 480.407 - "Criminal intelligence information" defined.
NRS 480.410 - "Investigation Division" defined.
NRS 480.420 - "Off-road vehicle" defined.
NRS 480.425 - "Public safety agency" defined.
NRS 480.430 - "Special mobile equipment" defined.
NRS 480.440 - "Vehicle" defined.
NRS 480.450 - Composition of Division.
NRS 480.460 - Duties of Chief of Division.
NRS 480.500 - Identification of dead bodies; missing persons.
NRS 480.800 - Justice Assistance Grant Trust Account.
NRS 480.810 - Account for Reentry Programs.
NRS 480.900 - Legislative findings and declarations regarding security of information systems.
NRS 480.904 - Administrator" defined.
NRS 480.906 - "Information system" defined.
NRS 480.908 - "Office" defined.
NRS 480.910 - "Security of an information system" defined.
NRS 480.912 - "State agency" defined.
NRS 480.920 - Nevada Office of Cyber Defense Coordination: Creation; composition.
NRS 480.924 - Duties of Office.
NRS 480.932 - Office to prepare and submit quarterly and annual reports.