Senate Bill S6474

2023-2024 Legislative Session

Relates to requiring governmental entities to implement multifactor authentication for local and remote network access

download bill text pdf

Sponsored By

Current Bill Status - In Senate Committee Finance Committee


  • Introduced
    • In Committee Assembly
    • In Committee Senate
    • On Floor Calendar Assembly
    • On Floor Calendar Senate
    • Passed Assembly
    • Passed Senate
  • Delivered to Governor
  • Signed By Governor

Do you support this bill?

Please enter your contact information

Home address is used to determine the senate district in which you reside. Your support or opposition to this bill is then shared immediately with the senator who represents you.

Optional services from the NY State Senate:

Create an account. An account allows you to officially support or oppose key legislation, sign petitions with a single click, and follow issues, committees, and bills that matter to you. When you create an account, you agree to this platform's terms of participation.

Include a custom message for your Senator? (Optional)

Enter a message to your senator. Many New Yorkers use this to share the reasoning behind their support or opposition to the bill. Others might share a personal anecdote about how the bill would affect them or people they care about.
Actions
Votes

Bill Amendments

2023-S6474 - Details

Current Committee:
Senate Finance
Law Section:
State Technology Law
Laws Affected:
Amd §202, add §§210 - 212, St Tech L
Versions Introduced in 2021-2022 Legislative Session:
S2652

2023-S6474 - Summary

Requires governmental entities to, whenever possible and feasible, consider implementing multifactor authentication for local and remote network access; requires public websites to encrypt all exchanges and to comply with privacy standards.

2023-S6474 - Sponsor Memo

2023-S6474 - Bill Text download pdf

                             
                     S T A T E   O F   N E W   Y O R K
 ________________________________________________________________________
 
                                   6474
 
                        2023-2024 Regular Sessions
 
                             I N  S E N A T E
 
                              April 21, 2023
                                ___________
 
 Introduced  by Sen. GONZALEZ -- read twice and ordered printed, and when
   printed to be committed to the Committee on Internet and Technology
 
 AN ACT to amend the state  technology  law,  in  relation  to  requiring
   governmental  entities  to  implement  multifactor  authentication for
   local and remote network access

   THE PEOPLE OF THE STATE OF NEW YORK, REPRESENTED IN SENATE AND  ASSEM-
 BLY, DO ENACT AS FOLLOWS:
 
   Section  1.  Section  202  of  the  state technology law is amended by
 adding two new subdivisions 9 and 10 to read as follows:
   9. "GOVERNMENTAL ENTITY" SHALL MEAN ANY  STATE  OR  LOCAL  DEPARTMENT,
 BOARD,  BUREAU, DIVISION, COMMISSION, COMMITTEE, SCHOOL DISTRICT, PUBLIC
 AUTHORITY, PUBLIC BENEFIT CORPORATION, COUNCIL OR OFFICE, INCLUDING  ALL
 ENTITIES  DEFINED PURSUANT TO SECTION TWO OF THE PUBLIC AUTHORITIES LAW.
 SUCH TERM SHALL INCLUDE THE STATE UNIVERSITY OF NEW YORK  AND  THE  CITY
 UNIVERSITY  OF  NEW  YORK.  FURTHER, SUCH TERM SHALL INCLUDE ANY COUNTY,
 CITY, TOWN OR VILLAGE BUT SHALL NOT INCLUDE THE JUDICIARY OR  STATE  AND
 LOCAL LEGISLATURES.
   10.  "MULTIFACTOR AUTHENTICATION" SHALL MEAN USING TWO OR MORE DIFFER-
 ENT TYPES OF IDENTIFICATION CREDENTIALS TO ACHIEVE  AUTHENTICATION.  THE
 TYPES OF IDENTIFICATION CREDENTIALS SHALL INCLUDE:
   (A)  KNOWLEDGE-BASED CREDENTIALS, WHICH IS A KNOWLEDGE-BASED AUTHENTI-
 CATION THAT REQUIRES THE USER TO PROVIDE INFORMATION THAT THEY KNOW SUCH
 AS PASSWORDS OR PINS;
   (B)  POSSESSION-BASED  CREDENTIALS,  WHICH  IS   AUTHENTICATION   THAT
 REQUIRES  INDIVIDUALS  TO  HAVE  SOMETHING SPECIFIC IN THEIR POSSESSION,
 SUCH AS SECURITY TOKENS, KEY FOBS, SIM CARDS OR SMARTPHONE APPLICATIONS;
 AND
   (C) INHERENCE-BASED CREDENTIALS, WHICH IS AUTHENTICATION THAT REQUIRES
 USER-SPECIFIC BIOLOGICAL TRAITS TO CONFIRM IDENTITY FOR LOGIN,  SUCH  AS
 FINGERPRINTS OR FACIAL RECOGNITION.
   §  2. The state technology law is amended by adding three new sections
 210, 211, and 212 to read as follows:
   §  210.  MULTIFACTOR  AUTHENTICATION.  1.  MULTIFACTOR  AUTHENTICATION
 REQUIREMENT.  EVERY  GOVERNMENTAL  ENTITY  SHALL  IMPLEMENT  MULTIFACTOR
 
              

2023-S6474A (ACTIVE) - Details

Current Committee:
Senate Finance
Law Section:
State Technology Law
Laws Affected:
Amd §202, add §§210 - 212, St Tech L
Versions Introduced in 2021-2022 Legislative Session:
S2652

2023-S6474A (ACTIVE) - Summary

Requires governmental entities to, whenever possible and feasible, consider implementing multifactor authentication for local and remote network access; requires public websites to encrypt all exchanges and to comply with privacy standards.

2023-S6474A (ACTIVE) - Sponsor Memo

2023-S6474A (ACTIVE) - Bill Text download pdf

                             
                     S T A T E   O F   N E W   Y O R K
 ________________________________________________________________________
 
                                  6474--A
 
                        2023-2024 Regular Sessions
 
                             I N  S E N A T E
 
                              April 21, 2023
                                ___________
 
 Introduced  by Sen. GONZALEZ -- read twice and ordered printed, and when
   printed to be committed to the Committee on Internet and Technology --
   recommitted to the Committee on Internet and Technology in  accordance
   with  Senate  Rule 6, sec. 8 -- reported favorably from said committee
   and committed to the Committee on  Finance  --  committee  discharged,
   bill  amended,  ordered  reprinted  as amended and recommitted to said
   committee
 
 AN ACT to amend the state  technology  law,  in  relation  to  requiring
   governmental  entities  to  implement  multifactor  authentication for
   local and remote network access
 
   THE PEOPLE OF THE STATE OF NEW YORK, REPRESENTED IN SENATE AND  ASSEM-
 BLY, DO ENACT AS FOLLOWS:
 
   Section  1.  Section  202  of  the  state technology law is amended by
 adding two new subdivisions 9 and 10 to read as follows:
   9. "GOVERNMENTAL ENTITY" SHALL MEAN ANY  STATE  OR  LOCAL  DEPARTMENT,
 BOARD,  BUREAU, DIVISION, COMMISSION, COMMITTEE, SCHOOL DISTRICT, PUBLIC
 AUTHORITY, PUBLIC BENEFIT CORPORATION, COUNCIL OR OFFICE, INCLUDING  ALL
 ENTITIES  DEFINED PURSUANT TO SECTION TWO OF THE PUBLIC AUTHORITIES LAW.
 SUCH TERM SHALL INCLUDE THE STATE UNIVERSITY OF NEW YORK  AND  THE  CITY
 UNIVERSITY  OF  NEW  YORK.  FURTHER, SUCH TERM SHALL INCLUDE ANY COUNTY,
 CITY, TOWN OR VILLAGE BUT SHALL NOT INCLUDE THE JUDICIARY OR  STATE  AND
 LOCAL LEGISLATURES.
   10.  "MULTIFACTOR AUTHENTICATION" SHALL MEAN USING TWO OR MORE DIFFER-
 ENT TYPES OF IDENTIFICATION CREDENTIALS TO ACHIEVE  AUTHENTICATION.  THE
 TYPES OF IDENTIFICATION CREDENTIALS SHALL INCLUDE:
   (A)  KNOWLEDGE-BASED CREDENTIALS, WHICH IS A KNOWLEDGE-BASED AUTHENTI-
 CATION THAT REQUIRES THE USER TO PROVIDE INFORMATION THAT THEY KNOW SUCH
 AS PASSWORDS OR PINS;
   (B)  POSSESSION-BASED  CREDENTIALS,  WHICH  IS   AUTHENTICATION   THAT
 REQUIRES  INDIVIDUALS  TO  HAVE  SOMETHING SPECIFIC IN THEIR POSSESSION,
 
  EXPLANATION--Matter in ITALICS (underscored) is new; matter in brackets
                       [ ] is old law to be omitted.
                                                            LBD09003-06-4
 S. 6474--A                          2
              

Comments

Open Legislation is a forum for New York State legislation. All comments are subject to review and community moderation is encouraged.

Comments deemed off-topic, commercial, campaign-related, self-promotional; or that contain profanity, hate or toxic speech; or that link to sites outside of the nysenate.gov domain are not permitted, and will not be published. Attempts to intimidate and silence contributors or deliberately deceive the public, including excessive or extraneous posting/posts, or coordinated activity, are prohibited and may result in the temporary or permanent banning of the user. Comment moderation is generally performed Monday through Friday. By contributing or voting you agree to the Terms of Participation and verify you are over 13.

Create an account. An account allows you to sign petitions with a single click, officially support or oppose key legislation, and follow issues, committees, and bills that matter to you. When you create an account, you agree to this platform's terms of participation.