CLICS Archive
Dashboard
Bill Archiver
Bill Runs
Bill Archives
Bills
Schedules
Schedule Runs
Schedules
Committees
Committee Runs
Committees
Meeting Runs
Meetings
Legislators
Legislator Runs
Legislators
CF Tester
Settings
Back to Archives
Archive #63066
Metadata
Bill Number
SB26-185
HTTP Status
200
Valid JSON
Valid
Archived At
2026-05-12 13:52:12 MDT
Created At
2026-05-12 13:52:12 MDT
Parsed JSON
{ "votes": [ { "url": "https://www.leg.state.co.us/CLICS/CLICS2026A/cslVotes.nsf/0/0C6C768906430C4C87258DF10056848E?OpenDocument", "date": "05/08/2026", "action": "Third Reading", "motion": "BILL", "chamber": "SENATE", "vote_id": "6245", "vote_no": 0, "vote_17C": 0, "vote_17D": 0, "vote_abs": 0, "vote_exc": 1, "vote_yes": 34, "voice_vote": "N", "vote_others": 1, "vote_result": "Aye: 34 No: 0 Other: 1", "member_votes": [ { "vote": "Y", "last_name": "Amabile" }, { "vote": "Y", "last_name": "Baisley" }, { "vote": "Y", "last_name": "Ball" }, { "vote": "Y", "last_name": "Benavidez" }, { "vote": "Y", "last_name": "Bridges" }, { "vote": "Y", "last_name": "Bright" }, { "vote": "Y", "last_name": "Carson" }, { "vote": "Y", "last_name": "Catlin" }, { "vote": "Y", "last_name": "Cutter" }, { "vote": "Y", "last_name": "Danielson" }, { "vote": "Y", "last_name": "Daugherty" }, { "vote": "Y", "last_name": "Exum" }, { "vote": "Y", "last_name": "Frizell" }, { "vote": "Y", "last_name": "Gonzales J." }, { "vote": "Y", "last_name": "Hinrichsen" }, { "vote": "Y", "last_name": "Jodeh" }, { "vote": "Y", "last_name": "Kipp" }, { "vote": "Y", "last_name": "Kirkmeyer" }, { "vote": "Y", "last_name": "Kolker" }, { "vote": "Y", "last_name": "Lindstedt" }, { "vote": "E", "last_name": "Liston" }, { "vote": "Y", "last_name": "Marchman" }, { "vote": "Y", "last_name": "Mullica" }, { "vote": "Y", "last_name": "Pelton B." }, { "vote": "Y", "last_name": "Pelton R." }, { "vote": "Y", "last_name": "Rich" }, { "vote": "Y", "last_name": "Roberts" }, { "vote": "Y", "last_name": "Rodriguez" }, { "vote": "Y", "last_name": "Simpson" }, { "vote": "Y", "last_name": "Snyder" }, { "vote": "Y", "last_name": "Sullivan" }, { "vote": "Y", "last_name": "Wallace" }, { "vote": "Y", "last_name": "Weissman" }, { "vote": "Y", "last_name": "Zamora Wilson" }, { "vote": "Y", "last_name": "President" } ], "lay_over_date": "", "vote_date_time": "05/08/2026 09:42:56 AM" } ], "active": "T", "origin": "Senate", "lls_num": "26-0979", "session": "2026A", "subject": [ "Telecommunications & Information Technology" ], "bill_num": "SB26-185", "sponsors": [ { "id": "BT001", "title": "Representative", "s_type": "Prime Sponsor", "chamber": "House", "full_name": "Brianna Titone", "last_name": "Titone", "first_name": "Brianna", "sponsor_order": "3" }, { "id": "RK001", "title": "Representative", "s_type": "Prime Sponsor", "chamber": "House", "full_name": "Rebecca Keltie", "last_name": "Keltie", "first_name": "Rebecca", "sponsor_order": "4" }, { "id": "AP003", "title": "Representative", "s_type": "Additional Sponsor", "chamber": "House", "full_name": "Amy Paschal", "last_name": "Paschal", "first_name": "Amy" }, { "id": "JM004", "title": "Senator", "s_type": "Prime Sponsor", "chamber": "Senate", "full_name": "Janice Marchman", "last_name": "Marchman", "first_name": "Janice", "sponsor_order": "1" }, { "id": "MB001", "title": "Senator", "s_type": "Prime Sponsor", "chamber": "Senate", "full_name": "Mark Baisley", "last_name": "Baisley", "first_name": "Mark", "sponsor_order": "2" }, { "id": "JC002", "title": "Senator", "s_type": "Co-sponsor", "chamber": "Senate", "full_name": "James Coleman", "last_name": "Coleman", "first_name": "James" } ], "bill_files": [ { "url": "https://www.leg.state.co.us/CLICS/CLICS2026A/csl.nsf/0/65CFDC2699ABEBE787258DC600577456/$File/185_rev.pdf", "date": "05/12/2026", "label": "Revised", "url_html": "", "lastModified": "05/12/2026 01:25:36 PM" }, { "url": "https://www.leg.state.co.us/CLICS/CLICS2026A/csl.nsf/0/65CFDC2699ABEBE787258DC600577456/$File/185_ren.pdf", "date": "05/08/2026", "label": "Reengrossed", "url_html": "", "lastModified": "05/08/2026 10:01:41 AM" }, { "url": "https://www.leg.state.co.us/CLICS/CLICS2026A/csl.nsf/0/65CFDC2699ABEBE787258DC600577456/$File/185_eng.pdf", "date": "05/07/2026", "label": "Engrossed", "url_html": "", "lastModified": "05/07/2026 11:20:30 AM" }, { "url": "https://www.leg.state.co.us/CLICS/CLICS2026A/csl.nsf/0/65CFDC2699ABEBE787258DC600577456/$File/185_01.pdf", "date": "05/01/2026", "label": "Introduced", "url_html": "", "lastModified": "05/01/2026 11:50:52 AM" } ], "committees": [ { "id": "H_SA_2026A", "name": "State, Civic, Military, & Veterans Affairs", "chamber": "House" }, { "id": "H_APP_2026A", "name": "Appropriations", "chamber": "House" }, { "id": "S_BLT_2026A", "name": "Business, Labor, & Technology", "chamber": "Senate" }, { "id": "S_APP_2026A", "name": "Appropriations", "chamber": "Senate" } ], "long_title": "Concerning measures to enhance the office of information technology's security procedures.", "bill_status": "House Third Reading", "short_title": "Enhance Security of Office of Info Tech", "bill_summary": "<html><body><p> <b>Joint Technology Committee.</b> The bill allows the joint technology committee (JTC), within 90 days after the day that the chief information security officer of the office of information technology (security officer) files a written information technology compliance report (compliance report) with the JTC as required by the bill, to vote to request that the legislative audit committee direct the state auditor to conduct a special information technology security audit (IT security audit) of the office of information technology (OIT) if the compliance report indicates that one or more audit recommendations made by the state auditor is unresolved 2 or more years past the implementation date for the audit recommendation or if a material discrepancy exists between a representation in the compliance report and a previous audit finding. </p><p> If the JTC votes to request an IT security audit and if the legislative audit committee votes to direct the audit, the bill requires:<br/></p><p><ul><li>The state auditor to conduct the IT security audit;</li><li>The state auditor to obtain input from OIT when the state auditor determines the scope and boundaries of the audit;</li><li>The state auditor to submit the IT security audit report to the legislative audit committee, the JTC, the joint budget committee, and the governor; and</li><li>OIT to reimburse the state auditor for the auditor's costs incurred in completing the IT security audit.</li></ul></p><p> The bill requires OIT to establish, maintain, keep, update, and make available to state agency information technology leadership and the members of the JTC, a list of all active information technology vendor contracts for state agencies.<br/></p><p> The bill specifies that, except in the case of an information technology security emergency, OIT shall not publish or implement a technical information technology standard, and that the standard is void, unless the standard:<br/></p><p><ul><li>Was publicly posted; and</li><li>Received approval from the security officer if the standard relates to security, access controls, or the handling of data.</li></ul></p><p> The bill requires OIT to ensure that, if an information technology contract provides ongoing service and delivery to Coloradans, that the contract maintains current architecture diagrams that are updated at least annually.<br/></p><p> The bill prohibits the chief information officer from delegating a duty, responsibility, or power of the security officer.<br/></p><p> The bill requires the security officer to submit 2 annual reports to the JTC. The first report is a written compliance report that includes OIT's current compliance status with applicable security standards; all open audit recommendations regarding OIT made by the state auditor and the date on which each recommendation was made; and a timeline for remediation and a mitigation plan or compensation controls for each open audit recommendation made by the state auditor.<br/></p><p> The second report is a written statewide information technology security risk report (security risk report) that assesses the overall security risk posture of state agency information technology systems. To support the preparation of the security risk report, the security officer may conduct evaluations of state agency information technology systems, including penetration testing, vulnerability scanning, configuration evaluations, and vendor and system reviews. Each state agency shall provide to the security officer, upon request, the access and information necessary to conduct evaluations of state agency technology systems, including system access, product information, and architecture information.<br/></p><p> The bill requires the security officer, or the chief information officer if the security officer is unavailable, to perform the duties and uphold the responsibilities assigned to the security officer pursuant to law.<br/><br/><br/><i>(Note: This summary applies to the reengrossed version of this bill as introduced in the second house.)</i></p></body></html>", "progress_bar": [ { "end": "F", "label": "Introduced", "position": 1 }, { "end": "F", "label": "Under Consideration", "position": 2 } ], "special_type": "", "bill_category": "Government - State", "allow_testimony": "F", "amendment_files": [ { "url": "https://s3-us-west-2.amazonaws.com/leg.colorado.gov/2026A/amendments/9FF575A48F9B608187258DED006BED60/SB185_L.001.pdf", "date": "05/05/2026 04:35:39 PM", "vote": "Passed*", "chamber": "Senate", "hearing": "SEN Business, Labor, & Technology", "url_html": "https://s3-us-west-2.amazonaws.com/leg.colorado.gov/2026A/amendments/9FF575A48F9B608187258DED006BED60/SB185_L_001.html", "amendment": "L.001" } ], "full_bill_topic": "Enhance Security of Office of Information Technology", "long_bill_files": [], "GHG_report_files": [], "preamended_files": [ { "url": "https://www.leg.state.co.us/CLICS/CLICS2026A/csl.nsf/0/65CFDC2699ABEBE787258DC600577456/$File/185_S_BLT_01.pdf", "date": "05/06/2026", "label": "PA1", "url_html": "", "lastModified": "05/06/2026 10:25:27 AM", "label_detailed": "Senate Business, Labor, & Technology Preamend" } ], "bill_sub_category": "Information Technology (or Internet)", "fiscal_note_files": [ { "url": "https://www.leg.state.co.us/CLICS/CLICS2026A/csl.nsf/0/65CFDC2699ABEBE787258DC600577456/$File/SB185_00.pdf", "date": "05/04/2026", "label": "FN1", "url_html": "", "lastModified": "05/04/2026 02:56:10 PM", "label_detailed": "Initial Fiscal Note" }, { "url": "https://www.leg.state.co.us/CLICS/CLICS2026A/csl.nsf/0/65CFDC2699ABEBE787258DC600577456/$File/SB185_r1.pdf", "date": "05/08/2026", "label": "FN2", "url_html": "", "lastModified": "05/08/2026 07:05:26 PM", "label_detailed": "First Revised Fiscal Note" } ], "is_budget_package": "No", "session_laws_files": "", "summarized_history": [ { "date": "05/12/2026", "action": "House Second Reading Special Order - Passed - No Amendments", "location": "House" }, { "date": "05/12/2026", "action": "House Committee on Appropriations Refer Unamended to House Committee of the Whole", "location": "House" }, { "date": "05/09/2026", "action": "House Committee on State, Civic, Military, & Veterans Affairs Refer Unamended to Appropriations", "location": "House" }, { "date": "05/08/2026", "action": "Introduced In House - Assigned to State, Civic, Military, & Veterans Affairs", "location": "House" }, { "date": "05/08/2026", "action": "Senate Third Reading Passed - No Amendments", "location": "Senate" }, { "date": "05/07/2026", "action": "Senate Second Reading Special Order - Passed with Amendments - Committee", "location": "Senate" }, { "date": "05/07/2026", "action": "Senate Committee on Appropriations Refer Unamended - Consent Calendar to Senate Committee of the Whole", "location": "Senate" }, { "date": "05/05/2026", "action": "Senate Committee on Business, Labor, & Technology Refer Amended to Appropriations", "location": "Senate" }, { "date": "05/01/2026", "action": "Introduced In Senate - Assigned to Business, Labor, & Technology", "location": "Senate" } ], "research_note_files": [], "bill_sub_sub_category": "Other", "committee_report_files": [ { "url": "https://www.leg.state.co.us/CLICS/CLICS2026A/csl.nsf/0/65CFDC2699ABEBE787258DC600577456/$File/SB185_S_BLT_001.pdf", "date": "05/05/2026", "label": "S_BLT_2026A", "url_html": "https://www.leg.state.co.us/CLICS/CLICS2026A/csl.nsf/0/65CFDC2699ABEBE787258DC600577456/$File/SB185_S_BLT_001.html", "lastModified": "05/05/2026 05:51:10 PM" }, { "url": "https://www.leg.state.co.us/CLICS/CLICS2026A/csl.nsf/0/65CFDC2699ABEBE787258DC600577456/$File/SB185_S_APP_001.pdf", "date": "05/07/2026", "label": "S_APP_2026A", "url_html": "https://www.leg.state.co.us/CLICS/CLICS2026A/csl.nsf/0/65CFDC2699ABEBE787258DC600577456/$File/SB185_S_APP_001.html", "lastModified": "05/07/2026 10:11:44 AM" }, { "url": "https://www.leg.state.co.us/CLICS/CLICS2026A/csl.nsf/0/65CFDC2699ABEBE787258DC600577456/$File/SB185_H_SA_001.pdf", "date": "05/09/2026", "label": "H_SA_2026A", "url_html": "https://www.leg.state.co.us/CLICS/CLICS2026A/csl.nsf/0/65CFDC2699ABEBE787258DC600577456/$File/SB185_H_SA_001.html", "lastModified": "05/11/2026 12:11:23 PM" }, { "url": "https://www.leg.state.co.us/CLICS/CLICS2026A/csl.nsf/0/65CFDC2699ABEBE787258DC600577456/$File/SB185_H_APP_001.pdf", "date": "05/12/2026", "label": "H_APP_2026A", "url_html": "https://www.leg.state.co.us/CLICS/CLICS2026A/csl.nsf/0/65CFDC2699ABEBE787258DC600577456/$File/SB185_H_APP_001.html", "lastModified": "05/12/2026 09:41:03 AM" } ], "demographic_note_files": [], "updated_bill_summary_files": [], "budget_staff_analysis_files": [ { "url": "https://www.leg.state.co.us/CLICS/CLICS2026A/csl.nsf/0/65CFDC2699ABEBE787258DC600577456/$File/SB0185_sen.pdf", "date": "05/06/2026", "label": "SA1", "url_html": "", "lastModified": "05/06/2026 01:20:11 PM", "label_detailed": "Senate Appropriation Analysis (1)" }, { "url": "https://www.leg.state.co.us/CLICS/CLICS2026A/csl.nsf/0/65CFDC2699ABEBE787258DC600577456/$File/SB0185_hse.pdf", "date": "05/11/2026", "label": "SA2", "url_html": "", "lastModified": "05/11/2026 02:50:20 PM", "label_detailed": "House Appropriation Analysis (1)" } ], "first_chamber_third_reading_date": "05/08/2026", "second_chamber_third_reading_date": "" }
Raw Response
{"bill_num":"SB26-185","lls_num":"26-0979","origin":"Senate","short_title":"Enhance Security of Office of Info Tech","full_bill_topic":"Enhance Security of Office of Information Technology","long_title":"Concerning measures to enhance the office of information technology's security procedures.","special_type":"","bill_category":"Government - State","bill_sub_category":"Information Technology (or Internet)","bill_sub_sub_category":"Other","is_budget_package":"No","subject":["Telecommunications & Information Technology"],"bill_status":"House Third Reading","sponsors":[{"id":"BT001","title":"Representative","first_name":"Brianna","last_name":"Titone","full_name":"Brianna Titone","s_type":"Prime Sponsor","chamber":"House","sponsor_order":"3"},{"id":"RK001","title":"Representative","first_name":"Rebecca","last_name":"Keltie","full_name":"Rebecca Keltie","s_type":"Prime Sponsor","chamber":"House","sponsor_order":"4"},{"id":"AP003","title":"Representative","first_name":"Amy","last_name":"Paschal","full_name":"Amy Paschal","s_type":"Additional Sponsor","chamber":"House"},{"id":"JM004","title":"Senator","first_name":"Janice","last_name":"Marchman","full_name":"Janice Marchman","s_type":"Prime Sponsor","chamber":"Senate","sponsor_order":"1"},{"id":"MB001","title":"Senator","first_name":"Mark","last_name":"Baisley","full_name":"Mark Baisley","s_type":"Prime Sponsor","chamber":"Senate","sponsor_order":"2"},{"id":"JC002","title":"Senator","first_name":"James","last_name":"Coleman","full_name":"James Coleman","s_type":"Co-sponsor","chamber":"Senate"}],"committees":[{"id":"H_SA_2026A","chamber":"House","name":"State, Civic, Military, & Veterans Affairs"},{"id":"H_APP_2026A","chamber":"House","name":"Appropriations"},{"id":"S_BLT_2026A","chamber":"Senate","name":"Business, Labor, & Technology"},{"id":"S_APP_2026A","chamber":"Senate","name":"Appropriations"}],"first_chamber_third_reading_date":"05/08/2026","second_chamber_third_reading_date":"","summarized_history":[{"date":"05/12/2026","location":"House","action":"House Second Reading Special Order - Passed - No Amendments"},{"date":"05/12/2026","location":"House","action":"House Committee on Appropriations Refer Unamended to House Committee of the Whole"},{"date":"05/09/2026","location":"House","action":"House Committee on State, Civic, Military, & Veterans Affairs Refer Unamended to Appropriations"},{"date":"05/08/2026","location":"House","action":"Introduced In House - Assigned to State, Civic, Military, & Veterans Affairs"},{"date":"05/08/2026","location":"Senate","action":"Senate Third Reading Passed - No Amendments"},{"date":"05/07/2026","location":"Senate","action":"Senate Second Reading Special Order - Passed with Amendments - Committee"},{"date":"05/07/2026","location":"Senate","action":"Senate Committee on Appropriations Refer Unamended - Consent Calendar to Senate Committee of the Whole"},{"date":"05/05/2026","location":"Senate","action":"Senate Committee on Business, Labor, & Technology Refer Amended to Appropriations"},{"date":"05/01/2026","location":"Senate","action":"Introduced In Senate - Assigned to Business, Labor, & Technology"}],"progress_bar":[{"position":1,"label":"Introduced","end":"F"},{"position":2,"label":"Under Consideration","end":"F"}],"active":"T","session":"2026A","allow_testimony":"F","long_bill_files":[],"bill_files":[{"date":"05/12/2026","lastModified":"05/12/2026 01:25:36 PM","label":"Revised","url":"https://www.leg.state.co.us/CLICS/CLICS2026A/csl.nsf/0/65CFDC2699ABEBE787258DC600577456/$File/185_rev.pdf","url_html":""},{"date":"05/08/2026","lastModified":"05/08/2026 10:01:41 AM","label":"Reengrossed","url":"https://www.leg.state.co.us/CLICS/CLICS2026A/csl.nsf/0/65CFDC2699ABEBE787258DC600577456/$File/185_ren.pdf","url_html":""},{"date":"05/07/2026","lastModified":"05/07/2026 11:20:30 AM","label":"Engrossed","url":"https://www.leg.state.co.us/CLICS/CLICS2026A/csl.nsf/0/65CFDC2699ABEBE787258DC600577456/$File/185_eng.pdf","url_html":""},{"date":"05/01/2026","lastModified":"05/01/2026 11:50:52 AM","label":"Introduced","url":"https://www.leg.state.co.us/CLICS/CLICS2026A/csl.nsf/0/65CFDC2699ABEBE787258DC600577456/$File/185_01.pdf","url_html":""}],"fiscal_note_files":[{"date":"05/04/2026","lastModified":"05/04/2026 02:56:10 PM","label":"FN1","label_detailed":"Initial Fiscal Note","url":"https://www.leg.state.co.us/CLICS/CLICS2026A/csl.nsf/0/65CFDC2699ABEBE787258DC600577456/$File/SB185_00.pdf","url_html":""},{"date":"05/08/2026","lastModified":"05/08/2026 07:05:26 PM","label":"FN2","label_detailed":"First Revised Fiscal Note","url":"https://www.leg.state.co.us/CLICS/CLICS2026A/csl.nsf/0/65CFDC2699ABEBE787258DC600577456/$File/SB185_r1.pdf","url_html":""}],"research_note_files":[],"budget_staff_analysis_files":[{"date":"05/06/2026","lastModified":"05/06/2026 01:20:11 PM","label":"SA1","label_detailed":"Senate Appropriation Analysis (1)","url":"https://www.leg.state.co.us/CLICS/CLICS2026A/csl.nsf/0/65CFDC2699ABEBE787258DC600577456/$File/SB0185_sen.pdf","url_html":""},{"date":"05/11/2026","lastModified":"05/11/2026 02:50:20 PM","label":"SA2","label_detailed":"House Appropriation Analysis (1)","url":"https://www.leg.state.co.us/CLICS/CLICS2026A/csl.nsf/0/65CFDC2699ABEBE787258DC600577456/$File/SB0185_hse.pdf","url_html":""}], "preamended_files":[{"date":"05/06/2026","lastModified":"05/06/2026 10:25:27 AM","label":"PA1","label_detailed":"Senate Business, Labor, & Technology Preamend","url":"https://www.leg.state.co.us/CLICS/CLICS2026A/csl.nsf/0/65CFDC2699ABEBE787258DC600577456/$File/185_S_BLT_01.pdf","url_html":""}],"committee_report_files":[{"date":"05/05/2026","lastModified":"05/05/2026 05:51:10 PM","label":"S_BLT_2026A","url":"https://www.leg.state.co.us/CLICS/CLICS2026A/csl.nsf/0/65CFDC2699ABEBE787258DC600577456/$File/SB185_S_BLT_001.pdf","url_html":"https://www.leg.state.co.us/CLICS/CLICS2026A/csl.nsf/0/65CFDC2699ABEBE787258DC600577456/$File/SB185_S_BLT_001.html"},{"date":"05/07/2026","lastModified":"05/07/2026 10:11:44 AM","label":"S_APP_2026A","url":"https://www.leg.state.co.us/CLICS/CLICS2026A/csl.nsf/0/65CFDC2699ABEBE787258DC600577456/$File/SB185_S_APP_001.pdf","url_html":"https://www.leg.state.co.us/CLICS/CLICS2026A/csl.nsf/0/65CFDC2699ABEBE787258DC600577456/$File/SB185_S_APP_001.html"},{"date":"05/09/2026","lastModified":"05/11/2026 12:11:23 PM","label":"H_SA_2026A","url":"https://www.leg.state.co.us/CLICS/CLICS2026A/csl.nsf/0/65CFDC2699ABEBE787258DC600577456/$File/SB185_H_SA_001.pdf","url_html":"https://www.leg.state.co.us/CLICS/CLICS2026A/csl.nsf/0/65CFDC2699ABEBE787258DC600577456/$File/SB185_H_SA_001.html"},{"date":"05/12/2026","lastModified":"05/12/2026 09:41:03 AM","label":"H_APP_2026A","url":"https://www.leg.state.co.us/CLICS/CLICS2026A/csl.nsf/0/65CFDC2699ABEBE787258DC600577456/$File/SB185_H_APP_001.pdf","url_html":"https://www.leg.state.co.us/CLICS/CLICS2026A/csl.nsf/0/65CFDC2699ABEBE787258DC600577456/$File/SB185_H_APP_001.html"}],"updated_bill_summary_files":[],"demographic_note_files":[],"GHG_report_files":[],"bill_summary":"<html><body><p> <b>Joint Technology Committee.</b> The bill allows the joint technology committee (JTC), within 90 days after the day that the chief information security officer of the office of information technology (security officer) files a written information technology compliance report (compliance report) with the JTC as required by the bill, to vote to request that the legislative audit committee direct the state auditor to conduct a special information technology security audit (IT security audit) of the office of information technology (OIT) if the compliance report indicates that one or more audit recommendations made by the state auditor is unresolved 2 or more years past the implementation date for the audit recommendation or if a material discrepancy exists between a representation in the compliance report and a previous audit finding. </p><p> If the JTC votes to request an IT security audit and if the legislative audit committee votes to direct the audit, the bill requires:<br/></p><p><ul><li>The state auditor to conduct the IT security audit;</li><li>The state auditor to obtain input from OIT when the state auditor determines the scope and boundaries of the audit;</li><li>The state auditor to submit the IT security audit report to the legislative audit committee, the JTC, the joint budget committee, and the governor; and</li><li>OIT to reimburse the state auditor for the auditor's costs incurred in completing the IT security audit.</li></ul></p><p> The bill requires OIT to establish, maintain, keep, update, and make available to state agency information technology leadership and the members of the JTC, a list of all active information technology vendor contracts for state agencies.<br/></p><p> The bill specifies that, except in the case of an information technology security emergency, OIT shall not publish or implement a technical information technology standard, and that the standard is void, unless the standard:<br/></p><p><ul><li>Was publicly posted; and</li><li>Received approval from the security officer if the standard relates to security, access controls, or the handling of data.</li></ul></p><p> The bill requires OIT to ensure that, if an information technology contract provides ongoing service and delivery to Coloradans, that the contract maintains current architecture diagrams that are updated at least annually.<br/></p><p> The bill prohibits the chief information officer from delegating a duty, responsibility, or power of the security officer.<br/></p><p> The bill requires the security officer to submit 2 annual reports to the JTC. The first report is a written compliance report that includes OIT's current compliance status with applicable security standards; all open audit recommendations regarding OIT made by the state auditor and the date on which each recommendation was made; and a timeline for remediation and a mitigation plan or compensation controls for each open audit recommendation made by the state auditor.<br/></p><p> The second report is a written statewide information technology security risk report (security risk report) that assesses the overall security risk posture of state agency information technology systems. To support the preparation of the security risk report, the security officer may conduct evaluations of state agency information technology systems, including penetration testing, vulnerability scanning, configuration evaluations, and vendor and system reviews. Each state agency shall provide to the security officer, upon request, the access and information necessary to conduct evaluations of state agency technology systems, including system access, product information, and architecture information.<br/></p><p> The bill requires the security officer, or the chief information officer if the security officer is unavailable, to perform the duties and uphold the responsibilities assigned to the security officer pursuant to law.<br/><br/><br/><i>(Note: This summary applies to the reengrossed version of this bill as introduced in the second house.)</i></p></body></html>","amendment_files":[{"chamber":"Senate","date":"05/05/2026 04:35:39 PM","amendment":"L.001","hearing":"SEN Business, Labor, & Technology","vote":"Passed*","url":"https://s3-us-west-2.amazonaws.com/leg.colorado.gov/2026A/amendments/9FF575A48F9B608187258DED006BED60/SB185_L.001.pdf","url_html":"https://s3-us-west-2.amazonaws.com/leg.colorado.gov/2026A/amendments/9FF575A48F9B608187258DED006BED60/SB185_L_001.html"}],"session_laws_files":"","votes":[{"vote_id":"6245","chamber":"SENATE","action":"Third Reading","date":"05/08/2026", "vote_date_time":"05/08/2026 09:42:56 AM","lay_over_date":"", "motion":"BILL","vote_yes":34,"vote_no":0,"vote_others":1,"vote_result":"Aye: 34 No: 0 Other: 1", "voice_vote":"N","vote_abs":0,"vote_exc":1,"vote_17C":0,"vote_17D":0, "url":"https://www.leg.state.co.us/CLICS/CLICS2026A/cslVotes.nsf/0/0C6C768906430C4C87258DF10056848E?OpenDocument","member_votes":[{"last_name":"Amabile","vote":"Y"},{"last_name":"Baisley","vote":"Y"},{"last_name":"Ball","vote":"Y"},{"last_name":"Benavidez","vote":"Y"},{"last_name":"Bridges","vote":"Y"},{"last_name":"Bright","vote":"Y"},{"last_name":"Carson","vote":"Y"},{"last_name":"Catlin","vote":"Y"},{"last_name":"Cutter","vote":"Y"},{"last_name":"Danielson","vote":"Y"},{"last_name":"Daugherty","vote":"Y"},{"last_name":"Exum","vote":"Y"},{"last_name":"Frizell","vote":"Y"},{"last_name":"Gonzales J.","vote":"Y"},{"last_name":"Hinrichsen","vote":"Y"},{"last_name":"Jodeh","vote":"Y"},{"last_name":"Kipp","vote":"Y"},{"last_name":"Kirkmeyer","vote":"Y"},{"last_name":"Kolker","vote":"Y"},{"last_name":"Lindstedt","vote":"Y"},{"last_name":"Liston","vote":"E"},{"last_name":"Marchman","vote":"Y"},{"last_name":"Mullica","vote":"Y"},{"last_name":"Pelton B.","vote":"Y"},{"last_name":"Pelton R.","vote":"Y"},{"last_name":"Rich","vote":"Y"},{"last_name":"Roberts","vote":"Y"},{"last_name":"Rodriguez","vote":"Y"},{"last_name":"Simpson","vote":"Y"},{"last_name":"Snyder","vote":"Y"},{"last_name":"Sullivan","vote":"Y"},{"last_name":"Wallace","vote":"Y"},{"last_name":"Weissman","vote":"Y"},{"last_name":"Zamora Wilson","vote":"Y"},{"last_name":"President","vote":"Y"}]}]}