Nevada Revised Statutes Title 43. Public Safety; Vehicles; Watercraft § 480.930. Office to prepare and update statewide strategic plan regarding security of information systems; use of information by private entity; state agencies with cybersecurity policy required to test adherence to policy by employees and submit results to Office

1. The Office shall prepare and make publicly available a statewide strategic plan that outlines policies, procedures, best practices and recommendations for preparing for and mitigating risks to, and otherwise protecting, the security of information systems in this State and for recovering from and otherwise responding to threats to or attacks on the security of information systems in this State. The statewide strategic plan prepared and made available pursuant to this subsection must not identify or include information which allows for the identification of specific vulnerabilities in the information systems in this State.

2. The statewide strategic plan must include, without limitation, policies, procedures, best practices and recommendations for:

3. The statewide strategic plan must be updated at least every 2 years.

4. A private entity may, in its discretion, make use of the information set forth in the statewide strategic plan.

5. Each agency of the State Government that has adopted a cybersecurity policy shall test the adherence of its employees to that policy on a periodic basis. Such an agency shall submit the results of the testing to the Office annually for consideration in the update of the statewide strategic plan.