The Chief Information Security Officer shall annually, beginning on December 1, 2019, and on December 1 of each year thereafter, report to the Joint Committee on Government and Finance and to the Governor on the status of the cybersecurity program, including any recommended statutory changes.
