[OPLINTECH] Sending on behalf of CyberOhio... Free Resources to Comply with Ohio’s New Cyber Law

marshams at library.ohio.gov marshams at library.ohio.gov
Fri Jul 11 11:15:37 EDT 2025 

The following forwarded message is intended for all types of local government entities in Ohio.

[CyberOhio logo]
[cyber graphic image]

July 2025
New Cyber Rules for Ohio Local Governments
What You Need to Know Now
Local governments across Ohio will soon be required to adopt new cybersecurity standards under Amended Substitute House Bill 96, signed into law by Governor Mike DeWine on June 30, 2025. The law—mirroring language from House Bill 283 and Senate Bill 208—goes into effect  90 days from the signing and sets forth a statewide cybersecurity framework for all political subdivisions.


You’re Invited: Free Informational Webinar
Learn About Best Practices and Free Resources to Comply with HB 96
Join CyberOhio, Cybersecurity Strategic Advisor to the Governor, Kirk Herath,  the Ohio Department of Public Safety, and key members of the Ohio Cyber Range Institute for a free webinar where we’ll break down:

  *
What’s required under HB 96
  *
How to report cyber incidents to the Ohio Cyber Integration Center (now required within 7 days)
  *
How to access free training and resources through programs like the Ohio Persistent Cyber Improvement Initiative (O-PCI)
  *
Best practices for building a cyber program as required under the bill

📩 Register now <https://events.gcc.teams.microsoft.com/event/43b6f732-2051-417b-b732-c942e3daeda3@50f8fcc4-94d8-4f07-84eb-36ed57c7c8a2>
This is your opportunity to hear directly from the agencies leading the effort—and to get answers to your questions about the new cybersecurity framework.

What's Required Under the New Law?
Cyber Incident Reporting
If a cybersecurity or ransomware incident occurs, local governments must notify:

  1.
The Ohio Department of Public Safety’s Division of Homeland Security (via OCIC) within 7 days
  2.
The Ohio Auditor of State within 30 days

Records associated with incident reports and cybersecurity programs are not public records, preserving the security and confidentiality of local systems.


Cyber Program Requirements
Each local government must implement a cybersecurity program that protects the availability, confidentiality, and integrity of its systems and data. Programs must be aligned with industry best practices such as the NIST Cybersecurity Framework (CSF) and CIS Controls, and must include:

  *
Identification of critical functions and cyber risks
  *
Response and recovery procedures
  *
Threat detection and containment strategies
  *
Cybersecurity training for all staff
  *
Communication and incident response protocols


Annual Training & Ransomware Restrictions
The law also requires:

  *
Annual cybersecurity training for all employees, like the FREE training offered by the Ohio Persistent Cyber Initiative (O-PCI)
  *
A formal legislative resolution to approve any ransomware payment, with justification as to why it is in the best interest of the jurisdiction



Support Is Available from CyberOhio and the State of Ohio
Take advantage of the FREE resources the State provides. While direct funding was removed from the final legislation, local governments have access to state-supported programs to ease the transition:

  *
Ohio Cyber Integration Center (OCIC) for real-time threat intelligence and incident coordination
  *
Ohio Persistent Cyber Initiative (O-PCI) for free training and exercises
  *
Ohio Cyber Reserves for rapid response assistance during cyber incidents

Visit Cyber.Ohio.gov <https://cyber.ohio.gov/home>  for more resources for Local Government Entities<https://cyber.ohio.gov/priorities/assisting-local-government-entities> such as how to implement a Collective Defense Model<https://cyber.ohio.gov/priorities/assisting-local-government-entities/collective-defense> or the Aggregate Purchase Resource Guide. <https://cyber.ohio.gov/priorities/grants-resources/aggregate-purchasing-resource-guide>
[CyberOhio tech line graphic]

CyberOhio coordinates and evolves Ohio’s cybersecurity practices in partnership
with state, local, and critical infrastructure entities.

Cyber.Ohio.gov <https://cyber.ohio.gov/home>
CyberOhio at Governor.Ohio.gov<mailto:cyberohio at governor.ohio.gov>



 ###

[A picture containing text  Description automatically generated]



Marsha McDevitt-Stredney

Director, Marketing & Communications

State Library of Ohio

274 E. 1st Avenue

Columbus, OH 43201

Tel: 614.644.6875

marshams at library.ohio.gov<mailto:marshams at library.ohio.gov>

library.ohio.gov<https://library.ohio.gov/>


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.oplin.org/pipermail/oplintech/attachments/20250711/0eed0770/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image.png
Type: image/png
Size: 7702 bytes
Desc: image.png
URL: <http://lists.oplin.org/pipermail/oplintech/attachments/20250711/0eed0770/attachment.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image.png
Type: image/jpeg
Size: 55702 bytes
Desc: image.png
URL: <http://lists.oplin.org/pipermail/oplintech/attachments/20250711/0eed0770/attachment.jpe>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image.png
Type: image/jpeg
Size: 15899 bytes
Desc: image.png
URL: <http://lists.oplin.org/pipermail/oplintech/attachments/20250711/0eed0770/attachment-0001.jpe>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image.png
Type: image/jpeg
Size: 15899 bytes
Desc: image.png
URL: <http://lists.oplin.org/pipermail/oplintech/attachments/20250711/0eed0770/attachment-0002.jpe>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image.png
Type: image/jpeg
Size: 15899 bytes
Desc: image.png
URL: <http://lists.oplin.org/pipermail/oplintech/attachments/20250711/0eed0770/attachment-0003.jpe>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image.png
Type: image/jpeg
Size: 15899 bytes
Desc: image.png
URL: <http://lists.oplin.org/pipermail/oplintech/attachments/20250711/0eed0770/attachment-0004.jpe>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image.png
Type: image/jpeg
Size: 15899 bytes
Desc: image.png
URL: <http://lists.oplin.org/pipermail/oplintech/attachments/20250711/0eed0770/attachment-0005.jpe>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image.png
Type: image/jpeg
Size: 56969 bytes
Desc: image.png
URL: <http://lists.oplin.org/pipermail/oplintech/attachments/20250711/0eed0770/attachment-0006.jpe>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Outlook-A picture .png
Type: image/png
Size: 18127 bytes
Desc: Outlook-A picture .png
URL: <http://lists.oplin.org/pipermail/oplintech/attachments/20250711/0eed0770/attachment-0001.png>

More information about the OPLINTECH mailing list