NEW MEXICO (KRQE) – New Mexico Governor Michelle Lujan Grisham on Friday issued an executive order to strengthen the state’s cybersecurity efforts.
Executive Order 2024-011 (EO 2024-011) directs the Department of Information Technology (DoIT) to conduct information technology and security assessments for state agencies. The assessment looks for “security vulnerabilities” within government agencies. The order defines state agencies as “all departments, offices, boards, commissions, and other agencies within the executive branch under the control of the governor.”
“Cybersecurity is not just a technical issue. It is a public safety and national security issue,” Gov. Lujan Grisham said in a press release. “That's why I took decisive action to strengthen the resilience of our nation's institutions against potential cyber intrusions.”
The executive order also requires state agencies to adopt and implement cybersecurity, information security, and privacy policies based on standards published by the National Institute of Standards and Technology. State agencies are required to certify compliance with these standards by November 1, 2024, and annually thereafter.
If the state agency is unable to demonstrate compliance, the state agency must submit a waiver application to DoIT and describe its plan to achieve compliance within a set period of time.
The executive order also encourages New Mexico public agencies and entities to voluntarily comply with its rules, standards, and requirements. According to the governor's press release, public agencies are encouraged to participate in cybersecurity and information security programs offered by the Office of Cybersecurity, the Cybersecurity Advisory Council, or DoIT.
This order takes effect immediately and remains in place until updated, modified, or revoked.
The governor's executive order comes in the wake of multiple cybersecurity incidents at state government agencies. These cases were brought up in the 2024 state legislative session when Sen. Michael Padilla (D-Abuk District) and Rep. Debra Sariñana (D-Abuk District) introduced Senate Bill 129. The bill was intended to require New Mexico to strengthen its cybersecurity. Implementation and reporting of cybersecurity procedures for government agencies.
The bill underwent several changes during debate by lawmakers. It also went to the governor's desk for final approval, but she vetoed it.
