WeVote

Bill

Bill

AB 432

Revises provisions relating to governmental administration. (BDR 19-551)

2025 Regular Session Introduced by Toby Yurek

Creates a statewide Security Operations Center within the OCIO to monitor, coordinate, and respond to cybersecurity incidents for state and eligible local entities.

(No further action taken.)
0
WeVote Research Nonpartisan
Bill Summary · AB 432

Summary — AB 432 (BDR 19-551) — Revises provisions relating to governmental administration (Security Operations Center)

Note: The packet you provided also contains unrelated materials for a different AB 432 (California, titled “Menopause”). The summary below addresses the Nevada measure titled “Revises provisions relating to governmental administration (BDR 19‑551)” — the bill introduced by Assemblymember Thaddeus “Toby” Yurek that creates a Security Operations Center (SOC) in Nevada’s Office of the Chief Information Officer (OCIO).

Main purpose

Create a centralized Security Operations Center (SOC) within the Office of the Chief Information Officer to provide statewide cybersecurity monitoring, incident response, policy development, coordination, and related services to state and eligible local governmental entities.

Key provisions and changes

  • Establishes the Security Operations Center in the OCIO and defines its duties (real‑time monitoring of cyberinfrastructure, threat mitigation, incident response, cybersecurity enforcement, and related information services).
  • Requires the SOC to develop policies, procedures, and standards to protect sensitive data and coordinate rapid responses to cybersecurity incidents.
  • Creates an Account for the Security Operations Center in the State General Fund to support SOC operations; authorizes the SOC to act as a fiscal agent for pooling federal grants for cybersecurity infrastructure and support.
  • Expands the pool of "using agencies" eligible to contract with OCIO services to include additional state entities and local governmental agencies (explicitly authorizes school district boards to use OCIO services).
  • Requires any using agency that elects to use OCIO/SOC equipment or services to adhere to the OCIO’s regulations, standards, practices, policies and conventions, and to report specified cybersecurity incidents to the SOC within defined timeframes.
  • Preserves agency operational autonomy through amendments: the SOC is prohibited from assuming operational control of a using agency’s equipment or software systems; standards and policies affecting such systems must be provided in advance and agreed to in writing.
  • Enforcement: if a using agency fails to comply with SOC policies, the Chief may impose additional oversight or audit requirements (amendments narrowed original enforcement language).
  • Mandates collaboration with the Nevada Office of Cyber Defense Coordination and an annual SOC report to the Governor, Attorney General and Legislative Counsel Bureau for transmission to the Legislature.
  • Establishes a Cybersecurity Talent Pipeline Program to be developed with Nevada System of Higher Education, contingent on availability of dedicated funding.
  • Adds confidentiality protections for certain cybersecurity documents and requires OCIO rulemaking for information services and standards.
  • Includes tribal sovereignty language: existing tribal agreements are not impaired and interlocal agreements must respect tribal governance and jointly agreed data protocols.

Who is affected

  • State agencies and elected state officers that use OCIO services.
  • Local governmental agencies (including school district boards) that choose to contract with the SOC.
  • OCIO/Chief Information Officer (new responsibilities and account administration).
  • Potential fiscal impacts for agencies choosing SOC services (payments, possible administrative burdens); the bill notes possible fiscal effects on state and local government.

Fiscal and administrative effects

  • The bill creates a State General Fund account for SOC operations and contemplates using federal grants (and pooling them) to fund activities.
  • Committee analysis: “Effect on Local Government: May have Fiscal Impact. Effect on the State: Yes.” Exact fiscal amounts were not specified in the materials supplied.

Procedural / timeline aspects and final status

  • Introduced March 13, 2025; went through Government Affairs and other committees; reprinted with amendments.
  • Passed both houses, enrolled and presented to the Governor (enrolled Sept 22, 2025).
  • Final disposition: Vetoed by the Governor on October 13, 2025. The bill therefore did not take effect.

Notes on amendments and scope

  • Major amendments narrowed enforcement powers, clarified that the SOC cannot take operational control of agency equipment, added tribal protections, and made the Cybersecurity Talent Pipeline contingent on funding.
  • The bill reorganizes and modernizes existing OCIO statutory language to reflect an expanded role in cybersecurity coordination and service delivery.

If you want, I can:
- Produce a side‑by‑side comparison of the bill as introduced vs. the adopted amendments; or
- Extract and summarize the statutory section changes (by NRS section) for use in bill tracking or fiscal analysis.

Compiled from official sources — confirm details with the bill’s official record.

Sign in to ask a question.