Governor issues executive order to strengthen cybersecurity within New Mexico state agencies
- Oops!Something went wrong.Please try again later.
NEW MEXICO (KRQE) – New Mexico Gov. Michelle Lujan Grisham issued an executive order on Friday that looks to strengthen the state’s cybersecurity measures.
Executive Order 2024-011 (EO 2024-011) directs the Department of Information Technology (DoIT) to conduct information technology and security assessments on state agencies. The assessments will look for any “security vulnerabilities” within the agencies. In the order, state agencies are defined as “any departments, offices, boards, commissions, and other agencies within the executive branch under the governor’s control.”
Story continues below
KRQE Investigates: What’s the point of CYFD’s Policy Advisory Council?
Space: The day the Space Shuttle Columbia landed in New Mexico
News: Albuquerque medical practice frustrated after thieves leave them in the dark
“Cybersecurity is not just a technological issue; it’s a matter of public safety and national security,” Gov. Lujan Grisham stated in a press release. “That’s why I’ve taken decisive action to fortify the resilience of our state agencies against potential cyber intrusions.”
The executive order also requires state agencies to adopt and implement cybersecurity, information security, and privacy policies based on standards issued by the National Institute of Standards and Technology. State agencies are mandated to certify compliance with these standards by November 1, 2024, and annually thereafter.
If state agencies are unable to certify compliance, they will have to submit a request for exemption to DoIT and explain their plan to achieve compliance within a set timeframe.
The executive order also encourages public agencies and entities in New Mexico to voluntarily comply with its rules, standards, and requirements. The public agencies are urged to participate in cybersecurity and information security programs offered by the Cybersecurity Office, the Cybersecurity Advisory Committee, or DoIT, according to the press release from the governor.
The order went into effect immediately and will remain in place until renewed, modified, or rescinded.
The governor’s executive order comes after several cybersecurity incidents at state government agencies. Those incidents were brought up during the 2024 state legislative session when Sen. Michael Padilla (D-Abq.) and Rep. Debra Sariñana (D-Abq.) sponsored Senate Bill 129. The bill aimed to boost cybersecurity in New Mexico by requiring better implementation and reporting of cybersecurity procedures for government agencies.
The bill was changed several times while being debated by lawmakers. It also made its way to the governor’s desk for final approval, but she pocket-vetoed it.
