There is a newer version of this Section
2023
2022 (you are here)
2021
2020
2019
Other previous versions
View our newest version here

2022 New Jersey Revised Statutes
Title 58 - Waters and Water Supply
Section 58:31-4 - Development of cybersecurity system; exemptions.

Universal Citation: NJ Rev Stat § 58:31-4 (2022)
Previous Next

58:31-4 Development of cybersecurity system; exemptions.

4. a. Within 120 days after the effective date of P.L.2017, c.133 (C.58:31-1 et seq.), each water purveyor shall develop a cybersecurity program, in accordance with requirements established by the New Jersey Cybersecurity and Communications Integration Cell , as rules and regulations adopted pursuant to the "Administrative Procedure Act," P.L.1968, c.410 (C.52:14B-1 et seq.), that defines and implements organization accountabilities and responsibilities for cyber risk management activities, and establishes policies, plans, processes, and procedures for identifying and mitigating cyber risk to its public community water system. As part of the cybersecurity program, a water purveyor shall: identify the individual chiefly responsible for ensuring that the policies, plans processes, and procedures established pursuant to this section are executed in a timely manner; conduct risk assessments and implement appropriate controls to mitigate identified risks to the public community water system; maintain situational awareness of cyber threats and vulnerabilities to the public community water system; and create and exercise incident response and recovery plans. No later than 180 days after the effective date of P.L.2021, c.262 (C.58:31-4.1 et al.), a water purveyor shall update its cybersecurity program to conform to the requirements of section 3 of P.L.2021, c.262 (C.58:31-4.1).

A water purveyor shall submit a copy of the cybersecurity program developed pursuant to this subsection to the New Jersey Cybersecurity and Communications Integration Cell, in a form and manner as determined by the New Jersey Cybersecurity and Communications Integration Cell. A cybersecurity program submitted pursuant to this subsection shall not be considered a government record under P.L.1963, c.73 (C.47:1A-1 et seq.), and shall not be made available for public inspection.

b. Within 60 days after developing the cybersecurity program required pursuant to subsection a. of this section, each water purveyor shall join the New Jersey Cybersecurity and Communications Integration Cell and create a cybersecurity incident reporting process.

c. (Deleted by amendment, P.L.2021, c.262).

d. No later than 180 days after the effective date of P.L.2021, c.262 (C.58:31-4.1 et al.), each water purveyor shall obtain a cybersecurity insurance policy that meets any applicable standards adopted by the board.

L.2017, c.133, s.4; amended 2021, c.262, s.2.

Previous Next
Disclaimer: These codes may not be the most recent version. New Jersey may have more current or accurate information. We make no warranties or guarantees about the accuracy, completeness, or adequacy of the information contained on this site or the information linked to on the state site. Please check official sources.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.