Assembly Actions -
Lowercase Senate Actions - UPPERCASE |
|
---|---|
Jun 03, 2024 |
print number 6474a |
Jun 03, 2024 |
amend and recommit to finance |
May 07, 2024 |
reported and committed to finance |
Jan 03, 2024 |
referred to internet and technology |
May 22, 2023 |
reported and committed to finance |
Apr 21, 2023 |
referred to internet and technology |
Senate Bill S6474
2023-2024 Legislative Session
Sponsored By
(D, WF) 59th Senate District
Current Bill Status - In Senate Committee Finance Committee
- Introduced
-
- In Committee Assembly
- In Committee Senate
-
- On Floor Calendar Assembly
- On Floor Calendar Senate
-
- Passed Assembly
- Passed Senate
- Delivered to Governor
- Signed By Governor
Actions
Votes
Bill Amendments
2023-S6474 - Details
- Current Committee:
- Senate Finance
- Law Section:
- State Technology Law
- Laws Affected:
- Amd §202, add §§210 - 212, St Tech L
- Versions Introduced in 2021-2022 Legislative Session:
-
S2652
2023-S6474 - Sponsor Memo
BILL NUMBER: S6474 SPONSOR: GONZALEZ TITLE OF BILL: An act to amend the state technology law, in relation to requiring governmental entities to implement multifactor authentication for local and remote network access PURPOSE: Amends the State Technology Law to require alL government entities in the State to require muttifactor authentication for access to the serv- ers, email or official applications used by their employees or agents. SUMMARY OF PROVISIONS: Section 1 adds new subdivisions 9 and 10 to Section 202 of the State Technology Law, which sets definitions for the terms "governmental enti- ty" and "multifactor authentication." Section 2 adds new sections 210, 211, and 212 to the state technology
2023-S6474 - Bill Text download pdf
S T A T E O F N E W Y O R K ________________________________________________________________________ 6474 2023-2024 Regular Sessions I N S E N A T E April 21, 2023 ___________ Introduced by Sen. GONZALEZ -- read twice and ordered printed, and when printed to be committed to the Committee on Internet and Technology AN ACT to amend the state technology law, in relation to requiring governmental entities to implement multifactor authentication for local and remote network access THE PEOPLE OF THE STATE OF NEW YORK, REPRESENTED IN SENATE AND ASSEM- BLY, DO ENACT AS FOLLOWS: Section 1. Section 202 of the state technology law is amended by adding two new subdivisions 9 and 10 to read as follows: 9. "GOVERNMENTAL ENTITY" SHALL MEAN ANY STATE OR LOCAL DEPARTMENT, BOARD, BUREAU, DIVISION, COMMISSION, COMMITTEE, SCHOOL DISTRICT, PUBLIC AUTHORITY, PUBLIC BENEFIT CORPORATION, COUNCIL OR OFFICE, INCLUDING ALL ENTITIES DEFINED PURSUANT TO SECTION TWO OF THE PUBLIC AUTHORITIES LAW. SUCH TERM SHALL INCLUDE THE STATE UNIVERSITY OF NEW YORK AND THE CITY UNIVERSITY OF NEW YORK. FURTHER, SUCH TERM SHALL INCLUDE ANY COUNTY, CITY, TOWN OR VILLAGE BUT SHALL NOT INCLUDE THE JUDICIARY OR STATE AND LOCAL LEGISLATURES. 10. "MULTIFACTOR AUTHENTICATION" SHALL MEAN USING TWO OR MORE DIFFER- ENT TYPES OF IDENTIFICATION CREDENTIALS TO ACHIEVE AUTHENTICATION. THE TYPES OF IDENTIFICATION CREDENTIALS SHALL INCLUDE: (A) KNOWLEDGE-BASED CREDENTIALS, WHICH IS A KNOWLEDGE-BASED AUTHENTI- CATION THAT REQUIRES THE USER TO PROVIDE INFORMATION THAT THEY KNOW SUCH AS PASSWORDS OR PINS; (B) POSSESSION-BASED CREDENTIALS, WHICH IS AUTHENTICATION THAT REQUIRES INDIVIDUALS TO HAVE SOMETHING SPECIFIC IN THEIR POSSESSION, SUCH AS SECURITY TOKENS, KEY FOBS, SIM CARDS OR SMARTPHONE APPLICATIONS; AND (C) INHERENCE-BASED CREDENTIALS, WHICH IS AUTHENTICATION THAT REQUIRES USER-SPECIFIC BIOLOGICAL TRAITS TO CONFIRM IDENTITY FOR LOGIN, SUCH AS FINGERPRINTS OR FACIAL RECOGNITION. § 2. The state technology law is amended by adding three new sections 210, 211, and 212 to read as follows: § 210. MULTIFACTOR AUTHENTICATION. 1. MULTIFACTOR AUTHENTICATION REQUIREMENT. EVERY GOVERNMENTAL ENTITY SHALL IMPLEMENT MULTIFACTOR
2023-S6474A (ACTIVE) - Details
- Current Committee:
- Senate Finance
- Law Section:
- State Technology Law
- Laws Affected:
- Amd §202, add §§210 - 212, St Tech L
- Versions Introduced in 2021-2022 Legislative Session:
-
S2652
2023-S6474A (ACTIVE) - Sponsor Memo
BILL NUMBER: S6474A SPONSOR: GONZALEZ TITLE OF BILL: An act to amend the state technology law, in relation to requiring governmental entities to implement multifactor authentication for local and remote network access SUMMARY OF PROVISIONS: Section 1 adds new subdivisions 9 and 10 to Section 202 of the State Technology Law, which sets definitions for the terms "governmental enti- ty" and "multifactor authentication." Section 2 adds new sections 210, 211, and 212 to the state technology law. Section 210 adds multifactor authentication requirements and provides for technical standards and waivers. Section 211 adds privacy requirements regarding the use of multifactor authentication using biometric information.
2023-S6474A (ACTIVE) - Bill Text download pdf
S T A T E O F N E W Y O R K ________________________________________________________________________ 6474--A 2023-2024 Regular Sessions I N S E N A T E April 21, 2023 ___________ Introduced by Sen. GONZALEZ -- read twice and ordered printed, and when printed to be committed to the Committee on Internet and Technology -- recommitted to the Committee on Internet and Technology in accordance with Senate Rule 6, sec. 8 -- reported favorably from said committee and committed to the Committee on Finance -- committee discharged, bill amended, ordered reprinted as amended and recommitted to said committee AN ACT to amend the state technology law, in relation to requiring governmental entities to implement multifactor authentication for local and remote network access THE PEOPLE OF THE STATE OF NEW YORK, REPRESENTED IN SENATE AND ASSEM- BLY, DO ENACT AS FOLLOWS: Section 1. Section 202 of the state technology law is amended by adding two new subdivisions 9 and 10 to read as follows: 9. "GOVERNMENTAL ENTITY" SHALL MEAN ANY STATE OR LOCAL DEPARTMENT, BOARD, BUREAU, DIVISION, COMMISSION, COMMITTEE, SCHOOL DISTRICT, PUBLIC AUTHORITY, PUBLIC BENEFIT CORPORATION, COUNCIL OR OFFICE, INCLUDING ALL ENTITIES DEFINED PURSUANT TO SECTION TWO OF THE PUBLIC AUTHORITIES LAW. SUCH TERM SHALL INCLUDE THE STATE UNIVERSITY OF NEW YORK AND THE CITY UNIVERSITY OF NEW YORK. FURTHER, SUCH TERM SHALL INCLUDE ANY COUNTY, CITY, TOWN OR VILLAGE BUT SHALL NOT INCLUDE THE JUDICIARY OR STATE AND LOCAL LEGISLATURES. 10. "MULTIFACTOR AUTHENTICATION" SHALL MEAN USING TWO OR MORE DIFFER- ENT TYPES OF IDENTIFICATION CREDENTIALS TO ACHIEVE AUTHENTICATION. THE TYPES OF IDENTIFICATION CREDENTIALS SHALL INCLUDE: (A) KNOWLEDGE-BASED CREDENTIALS, WHICH IS A KNOWLEDGE-BASED AUTHENTI- CATION THAT REQUIRES THE USER TO PROVIDE INFORMATION THAT THEY KNOW SUCH AS PASSWORDS OR PINS; (B) POSSESSION-BASED CREDENTIALS, WHICH IS AUTHENTICATION THAT REQUIRES INDIVIDUALS TO HAVE SOMETHING SPECIFIC IN THEIR POSSESSION, EXPLANATION--Matter in ITALICS (underscored) is new; matter in brackets [ ] is old law to be omitted. LBD09003-06-4 S. 6474--A 2
Comments
Open Legislation is a forum for New York State legislation. All comments are subject to review and community moderation is encouraged.
Comments deemed off-topic, commercial, campaign-related, self-promotional; or that contain profanity, hate or toxic speech; or that link to sites outside of the nysenate.gov domain are not permitted, and will not be published. Attempts to intimidate and silence contributors or deliberately deceive the public, including excessive or extraneous posting/posts, or coordinated activity, are prohibited and may result in the temporary or permanent banning of the user. Comment moderation is generally performed Monday through Friday. By contributing or voting you agree to the Terms of Participation and verify you are over 13.
Create an account. An account allows you to sign petitions with a single click, officially support or oppose key legislation, and follow issues, committees, and bills that matter to you. When you create an account, you agree to this platform's terms of participation.