SB18-086 - Cyber Coding Cryptology For State Records

Passed/Signed into Law
Concerning the use of cyber coding cryptology for state records, and, in connection therewith, making an appropriation.

The chief information security officer in the governor's office of information technology (OIT), the director of OIT, the department of state, and the executive director of the department of regulatory agencies are required to take certain actions to protect state records containing trusted sensitive and confidential information from criminal, unauthorized, or inadvertent manipulation or theft.

The chief information security officer is required to:


  • Identify, assess, and mitigate cyber threats to state government;
  • Annually collect information from all public agencies to assess the nature of threats to data systems and the potential risks and civil liabilities from the theft or inadvertent release of such information;
  • In coordination and partnership with specified agencies, boards, and councils, annually assess the data systems of each public agency for the benefits and costs of adopting and applying distributed ledger technologies such as blockchains;
  • Develop and maintain a series of metrics to identify, assess, and monitor each public agency data system for its platform descriptions, vulnerabilities, risks, liabilities, appropriate employee access control, and the benefits and costs of adopting encryption and distributed ledger technologies.

The director of OIT is required to consider the annual metrics from the office of the chief information security officer to recommend programs, contracts, and upgrades of data systems that have good cost-benefit potential or return on investment. In addition, OIT and the office of the chief information security officer are required to consider developing public-private partnerships and contracts to allow capitalization of encryption technologies while protecting intellectual property rights.

The department of state is required to consider research, development, and implementation for encryption and data integrity techniques, including distributed ledger technologies such as blockchains. The department of state is required to consider using distributed ledger technologies when accepting business licensing records and when distributing department of state data to other departments and agencies.

The executive director of the department of regulatory agencies or the director's designee is required to consider secure encryption methods, including distributed ledger technologies, to protect against falsification, create visibility to identify external hacking threats, and to improve internal data security.

In addition, the bill specifies that institutions of higher education may include distributed ledger technologies within their curricula and research and development activities.

The bill also specifies that the university of Colorado at Colorado Springs and any nonprofit organization with which the university has a partnership may consider:


  • Encouraging coordination with the United States department of commerce and the national institute of standards and technologies to develop the capability to act as a Colorado in-state center of excellence on cybersecurity advice and national institute of standards and technologies standards;
  • Studying efforts to protect privacy of personal identifying information maintained within distributed ledger programs, ensuring that programs make all attempts to follow best practices for privacy, and providing advice to all program stakeholders on the requirement to maintain privacy in accordance with required regulatory bodies and governing standards; and
  • Encouraging the use of distributed ledger technologies, such as blockchains, within their proposed curricula for public sector education.
    (Note: This summary applies to the reengrossed version of this bill as introduced in the second house.)


Latest update: May 30, 2018
05/30/2018 - Governor Signed
05/16/2018 - Sent to the Governor
05/16/2018 - Signed by the Speaker of the House
05/15/2018 - Signed by the President of the Senate
05/07/2018 - Senate Considered House Amendments - Result was to Concur - Repass
05/04/2018 - House Third Reading Passed with Amendments - Floor
05/03/2018 - House Third Reading Laid Over to 05/04/2018 - No Amendments
05/02/2018 - House Second Reading Special Order - Passed with Amendments - Committee, Floor
05/02/2018 - House Committee on Appropriations Refer Unamended to House Committee of the Whole
04/26/2018 - House Committee on Business Affairs and Labor Refer Amended to Appropriations
04/17/2018 - House Committee on Business Affairs and Labor Witness Testimony and/or Committee Discussion Only
04/10/2018 - Introduced In House - Assigned to Business Affairs and Labor
04/06/2018 - Senate Third Reading Passed - No Amendments
04/05/2018 - Senate Second Reading Passed with Amendments - Committee
04/04/2018 - Senate Second Reading Special Order - Laid Over Daily - No Amendments
04/03/2018 - Senate Committee on Appropriations Refer Amended to Senate Committee of the Whole
02/07/2018 - Senate Committee on Business, Labor, & Technology Refer Amended to Appropriations
01/16/2018 - Introduced In Senate - Assigned to Business, Labor, & Technology