WeVote

Bill

Bill

H 421

An Act relative to streamlining licensure, compliance, and contracting opportunities

194th Legislature (2025-2026) Introduced by David LeBoeuf

Establishes the Cybersecurity and Resiliency Fund to finance Idaho's IT infrastructure and cybersecurity, requires a five-year plan and annual reporting, aiding OITS consolidation.

Bill reported favorably by committee as changed and referred to the committee on House Ways and Means
0
WeVote Research Nonpartisan
Bill Summary · H 421

Summary of Idaho House Bill No. 421 (H 421)

Purpose and general purpose

  • Establishes the Cybersecurity and Resiliency Fund in the state treasury to address Idaho’s ongoing needs for information technology (IT) infrastructure and cybersecurity technology.
  • The bill is designed to support statewide IT consolidation led by the Office of Information Technology Services (OITS) and ensure continued security of the state’s digital footprint.

Key provisions

  • New fund creation: Creates the Cybersecurity and Resiliency Fund (67-838, Idaho Code) to hold moneys provided by legislative appropriation or transfer. The state treasurer may invest idle fund balances, and the interest earned remains in the fund.
  • Authorized uses: All fund monies shall be used to address the state’s ongoing needs for IT infrastructure and cybersecurity technology.
  • Planning and budgeting requirement: OITS must develop a five-year plan for replacing IT infrastructure and cybersecurity technology. The plan must be updated annually and submitted to the Division of Financial Management as part of the annual budget process. OITS must also report expenditures from the fund for the previous fiscal year.
  • Definitions:
    • Cybersecurity technology includes measures such as network and data center security, endpoint security, cloud security, security information and event management, data protection and recovery, encryption, identity protection, incident response, security training and audits, penetration testing, technology resilience, and redundancy.
    • Information technology infrastructure includes network infrastructure and computers/storage (desktops and laptops).

Who and what is affected

  • State government and IT operations: Primary impact on OITS, which is responsible for consolidating and managing statewide IT services.
  • State budget and treasury: Establishes a dedicated fund and sets investment and accounting requirements; affects budgeting processes through annual reporting and five-year planning.
  • Stakeholders: State agencies relying on IT and cybersecurity infrastructure will be affected by funding allocation, planning, and implementation of the five-year plan.

Fiscal and financial notes

  • Fiscal impact: The fiscal note states no immediate fiscal impact; the fund provides flexibility and visibility for future transfers as OITS consolidation progresses.
  • Funds may be transferred into the fund via appropriation or transfer, with investment of idle balances and retention of interest by the fund.

Timeline and procedural highlights

  • Introduced: March 19, 2025.
  • Status: Reported Printed and Referred to Appropriations (March 20, 2025).
  • Effective date: Emergency clause declares the act in effect on July 1, 2025.
  • Legal status: Amends Chapter 8, Title 67, Idaho Code by adding new Section 67-838.

Potential impact

  • Creates a dedicated, flexible funding mechanism to modernize and secure Idaho’s IT and cybersecurity capabilities.
  • Strengthens governance around IT investments through a mandated five-year planning process and annual budget integration.
  • Supports the state’s ongoing IT consolidation efforts and provides clearer accountability for expenditures related to cybersecurity infrastructure.

Compiled from official sources — confirm details with the bill’s official record.

Sign in to ask a question.