West Virginia has expanded the authority of its cybersecurity office with a new law that strengthens oversight and requires agencies to undergo annual security reviews.
House Bill 5638, recently signed by Gov. Patrick Morrisey, gives additional authority to the state’s chief information security officer. It also establishes more formal oversight of state agency cybersecurity practices, including required participation in annual reviews assessing readiness, data protection and risk management.
The state cybersecurity office, which is within the West Virginia Office of Technology (WVOT), is tasked with setting standards for cybersecurity and with managing the state cybersecurity framework. The legislation builds on a 2019 law that created the state’s cybersecurity office and established baseline requirements for risk assessments and reporting.
HB 5638 also formalizes coordination between the chief information security officer and the chief information officer, while shifting the state’s approach from compliance to enforcement. Agencies are required to undergo annual cybersecurity program reviews that assess…
