NEW MEXICO – New Mexico Governor Michelle Lujan Grisham issued an Executive Order (EO 2024-011), to bolster the state’s defenses against cybersecurity threats by implementing strict measures to safeguard state agencies’ sensitive information.
“Cybersecurity is not just a technology issue; it’s a public safety and national security issue. That’s why I have taken decisive steps to fortify the resiliency of our state agencies against potential cyber intrusions,” said Governor Lujan Grisham.
According to the New Mexico government, the new ordinance has comprehensive action to enhance cybersecurity measures across all state agencies. It also directs the Department of Information Technology (DoIT) to conduct comprehensive IT and security assessments across state agencies, which will identify security vulnerabilities and strengthen defenses as needed.
According to EO 2024-011 guidelines, state agencies should adopt and implement cybersecurity, information security, and privacy policies. These measures must be based on baselines, frameworks, and security control standards of no less than moderate impact issued by the National Institute of Standards and Technology. State agencies are required to certify compliance with these standards by November 1, 2024, and annually thereafter.
In cases where state agencies are unable to certify compliance, they must submit an exemption request to DoIT. Agencies must accompany this request with a comprehensive plan outlining the steps to achieve compliance and an approximate timeline for completion.
In addition, DoIT will review waiver requests and make recommendations to the Governor’s Office for approval or denial. If a waiver is denied, agencies must promptly submit an updated plan for consideration.
Also, the ordinance defines “state agencies” as departments, bureaus, offices, boards, commissions, and other Executive Branch agencies under governmental control.
