Public Act No 21-119 AN ACT INCENTIVIZING THE ADOPTION OF CYBERSECURITY STANDARDS FOR BUSINESSES Now Law In Connecticut

The market for -171 and CMMC compliance just got much bigger in Connecticut.

On 2021-07-06 Governor Lamont signed Public Act No. 21-119 into law.

To incentivize the adoption of cybersecurity standards for businesses by allowing businesses that adopt certain cybersecurity framework to plead an affirmative defense to any cause of action that alleges that a failure to implement reasonable cybersecurity controls resulted in a data breach concerning personal or restricted information.

You utilize an affirmative defense to get out lawsuits, like a get of of jail card (but really expensive), if you have good cybersecurity.Affirmative defensses act as that make you not liable or at fault during a lawsuit over a data breach. The defense,you has to explain the burden of proof in your answer. In Connecticut you now get a list of cybersecurity frameworks to choose from.

If you can prove to an insurance adjuster, or more likely they will require third party attestation before insuring, your systems stay in compliance you get an affirmative defense.

We tried to get CMMC Level Three included but the bill did not recieve any markup. Our friends in the Capital let us know CMMC Level 3 would count for NIST-SP-800-171 since it subsumes all 110 controls.

The demand for CMMC and -171 or -53 compliance just sky rocketed in Connecticut.

Comments (2)

Mentions

  • Greg McVerry

Leave a comment

Your email address will not be published. Required fields are marked *