PRIA Logo
West VirginiaHB 56382026 Regular SessionHouse

Relating to the requirements of the state’s cyber security program and responsibilities and authority of the state chief information security officer

Sponsored By: Daniel Linville (Republican)

Signed by Governor

§5A-6B-1§5A-6B-2§5A-6B-3§5A-6B-4§5A-6B-5§5A-6B-6

Your PRIA Score

Score Hidden

Personalized for You

How does this bill affect your finances?

Sign up for a PRIA Policy Scan to see your personalized alignment score for this bill and every other piece of legislation we track. We analyze your financial profile against policy provisions to show you exactly what matters to your wallet.

Free to start

Bill Overview

Analyzed Economic Effects

6 provisions identified: 4 benefits, 0 costs, 2 mixed.

Annual cybersecurity report to state leaders

Each year by December 1, the CISO reports to the Governor and the Joint Committee on Government and Finance. The report explains the cybersecurity program’s status, recommends any law changes, and summarizes the year’s agency reviews. It also lists major IT modernization work by the Office of Technology.

Sensitive cybersecurity records kept confidential

Cybersecurity risk assessments, program reviews, plans of action and milestones, and remediation plans are not public records. The law keeps any details that could expose risks or threaten critical systems confidential. This protects government technology, public safety, and public health.

Software contracts cannot lock in hardware

The CISO and Chief Information Officer ensure software licenses do not limit the state’s hardware choices. If software runs on standard desktops or servers, contracts must let the state choose its own hardware. This reduces vendor lock-in and helps deployments.

State cybersecurity office sets uniform rules

Beginning June 12, 2026, the state runs a centralized Cybersecurity Office led by a Chief Information Security Officer (CISO). The CISO sets statewide cybersecurity policies, standards, risk assessments, training, and privacy impact checks. The office provides a cyber risk management service and helps agencies with incident response and recovery. The Secretary of Administration must write rules to carry out and enforce these requirements.

Some agencies exempt; can opt in for fees

Higher education, the State Police, listed constitutional officers, the Legislature, and the Judiciary are exempt from these cybersecurity rules. Those entities may choose to join the program. If they opt in, they do so under fee-based agreements set by the state. The law does not set fee amounts.

Yearly cyber reviews and possible charges

Agencies and information custodians subject to the law must follow the statewide cyber standard and complete risk assessments. They must join at least one annual cybersecurity program review before November 30 each year and submit any policy exceptions to the CISO. The review checks readiness, data safety, and needed fixes. If a custodian skips the review, the Office of Technology may perform diagnostics and bill only its actual costs.

Sponsors & Cosponsors

Sponsor

  • Daniel Linville

    Republican • House

Cosponsors

There are no cosponsors for this bill.

Roll Call Votes

All Roll Calls

Yes: 223 • No: 1

House vote 3/14/2026

House concurred in Senate amendment and passed bill (Roll No. 644)

Yes: 96 • No: 1

Senate vote 3/12/2026

Passed Senate (Roll No. 514)

Yes: 34 • No: 0

House vote 3/2/2026

Passed House (Roll No. 251)

Yes: 93 • No: 0

Actions Timeline

  1. Approved by Governor 4/1/2026

    4/1/2026House

  2. To Governor 3/25/26

    3/25/2026House

  3. House received Senate message

    3/14/2026House

  4. House concurred in Senate amendment and passed bill (Roll No. 644)

    3/14/2026House

  5. Communicated to Senate

    3/14/2026House

  6. Completed legislative action

    3/14/2026House

  7. House Message received

    3/14/2026Senate

  8. To Governor 3/25/2026 - Senate Journal

    3/14/2026Senate

  9. Approved by Governor 4/1/2026 - Senate Journal

    3/14/2026Senate

  10. Approved by Governor 4/1/2026 - House Journal

    3/14/2026House

  11. On 3rd reading

    3/12/2026Senate

  12. Read 3rd time

    3/12/2026Senate

  13. Passed Senate (Roll No. 514)

    3/12/2026Senate

  14. Senate requests House to concur

    3/12/2026Senate

  15. On 2nd reading

    3/11/2026Senate

  16. Read 2nd time

    3/11/2026Senate

  17. Committee amendment adopted (Voice vote)

    3/11/2026Senate

  18. Reported do pass, with amendment

    3/10/2026Senate

  19. Immediate consideration

    3/10/2026Senate

  20. Read 1st time

    3/10/2026Senate

  21. Introduced in Senate

    3/4/2026Senate

  22. To Government Organization

    3/4/2026Senate

  23. To Government Organization

    3/4/2026Senate

  24. On 3rd reading, Special Calendar

    3/2/2026House

  25. Read 3rd time

    3/2/2026House

Bill Text

Related Bills

Back to State Legislation