[OPLINLIST] Sending on behalf of CyberOhio... Free Resources to Comply with Ohio’s New Cyber Law for local governments in Ohio

marshams at library.ohio.gov marshams at library.ohio.gov
Fri Jul 11 11:19:27 EDT 2025


The following forwarded message is intended for all types of local government entities in Ohio.
[CyberOhio logo]
[cyber graphic image]

July 2025
New Cyber Rules for Ohio Local Governments
What You Need to Know Now

Local governments across Ohio will soon be required to adopt new cybersecurity standards under Amended Substitute House Bill 96, signed into law by Governor Mike DeWine on June 30, 2025. The law—mirroring language from House Bill 283 and Senate Bill 208—goes into effect  90 days from the signing and sets forth a statewide cybersecurity framework for all political subdivisions.


You’re Invited: Free Informational Webinar
Learn About Best Practices and Free Resources to Comply with HB 96

Join CyberOhio, Cybersecurity Strategic Advisor to the Governor, Kirk Herath,  the Ohio Department of Public Safety, and key members of the Ohio Cyber Range Institute for a free webinar where we’ll break down:

  *   What’s required under HB 96
  *   How to report cyber incidents to the Ohio Cyber Integration Center (now required within 7 days)
  *   How to access free training and resources through programs like the Ohio Persistent Cyber Improvement Initiative (O-PCI)
  *   Best practices for building a cyber program as required under the bill

📩 Register now <https://events.gcc.teams.microsoft.com/event/43b6f732-2051-417b-b732-c942e3daeda3@50f8fcc4-94d8-4f07-84eb-36ed57c7c8a2>

This is your opportunity to hear directly from the agencies leading the effort—and to get answers to your questions about the new cybersecurity framework.

What's Required Under the New Law?
Cyber Incident Reporting

If a cybersecurity or ransomware incident occurs, local governments must notify:

  1.  The Ohio Department of Public Safety’s Division of Homeland Security (via OCIC) within 7 days
  2.  The Ohio Auditor of State within 30 days

Records associated with incident reports and cybersecurity programs are not public records, preserving the security and confidentiality of local systems.


Cyber Program Requirements

Each local government must implement a cybersecurity program that protects the availability, confidentiality, and integrity of its systems and data. Programs must be aligned with industry best practices such as the NIST Cybersecurity Framework (CSF) and CIS Controls, and must include:

  *   Identification of critical functions and cyber risks
  *   Response and recovery procedures
  *   Threat detection and containment strategies
  *   Cybersecurity training for all staff
  *   Communication and incident response protocols

Annual Training & Ransomware Restrictions

The law also requires:

  *   Annual cybersecurity training for all employees, like the FREE training offered by the Ohio Persistent Cyber Initiative (O-PCI)
  *   A formal legislative resolution to approve any ransomware payment, with justification as to why it is in the best interest of the jurisdiction


Support Is Available from CyberOhio and the State of Ohio

Take advantage of the FREE resources the State provides. While direct funding was removed from the final legislation, local governments have access to state-supported programs to ease the transition:

  *   Ohio Cyber Integration Center (OCIC) for real-time threat intelligence and incident coordination
  *   Ohio Persistent Cyber Initiative (O-PCI) for free training and exercises
  *   Ohio Cyber Reserves for rapid response assistance during cyber incidents

Visit Cyber.Ohio.gov <https://cyber.ohio.gov/home>  for more resources for Local Government Entities<https://cyber.ohio.gov/priorities/assisting-local-government-entities> such as how to implement a Collective Defense Model<https://cyber.ohio.gov/priorities/assisting-local-government-entities/collective-defense> or the Aggregate Purchase Resource Guide. <https://cyber.ohio.gov/priorities/grants-resources/aggregate-purchasing-resource-guide>
[CyberOhio tech line graphic]


CyberOhio coordinates and evolves Ohio’s cybersecurity practices in partnership

with state, local, and critical infrastructure entities.



Cyber.Ohio.gov <https://cyber.ohio.gov/home>

CyberOhio at Governor.Ohio.gov<mailto:cyberohio at governor.ohio.gov>
________________________________
 [X] <https://x.com/ohiodas>    [LinkedIn] <https://www.linkedin.com/company/ohiodas/>   [Govdelivery] <https://public.govdelivery.com/accounts/OHDAS/subscriber/new>
Mike DeWine, Governor
Kathleen C. Madden, Director
Kirk M. Herath, Cyber Security Strategic Advisor
Unsubscribe from topic<https://public.govdelivery.com/accounts/OHDAS/subscriber/confirm_unsubscribe?destination=emaynard%40library.ohio.gov&topic=OHDAS_OISP_1&topic_unsubscribe=true>



###

[A picture containing text  Description automatically generated]

Marsha McDevitt-Stredney
Director, Marketing & Communications
State Library of Ohio
274 E. 1st Avenue
Columbus, OH 43201
Tel: 614.644.6875
marshams at library.ohio.gov<mailto:marshams at library.ohio.gov>
library.ohio.gov<https://library.ohio.gov/>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.oplin.org/pipermail/oplinlist/attachments/20250711/c905c723/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 18127 bytes
Desc: image001.png
URL: <http://lists.oplin.org/pipermail/oplinlist/attachments/20250711/c905c723/attachment.png>


More information about the OPLINLIST mailing list