Cybersecurity
Cybersecurity
The Office of Cybersecurity (OCS) was established by the New Mexico Legislature in 2023 through the Cybersecurity Act, Sections 9-27A-1 to 9-27A-5, NMSA 1978, as the statewide information security and privacy office. As one of its first tasks, OCS prepared the New Mexico Statewide Cybersecurity Plan. This comprehensive plan was approved by the New Mexico Cybersecurity Advisory Committee and the Cybersecurity & Infrastructure Security Agency in 2023:
As detailed in the Cybersecurity Plan, New Mexico is taking a whole of state approach to support government and critical infrastructure entities with centralized resources and services, industry leading standards, and proactive measures, to build and maintain a strong cybersecurity posture.
OCS manages information security for the state by:
· Developing statewide cybersecurity policies and standards and supporting public entity implementation and compliance.
· Conducting cybersecurity risk assessments to identify security and privacy risks and supporting public entity adoption of mitigation strategies.
· Providing Vulnerability Management and Attack Surface Management services to participating entities to continuously monitor the digital infrastructure to identify and correct security gaps.
· Coordinating cybersecurity awareness and training programs.
· Operating the state security operations center for incident detection, reporting, and response.
The State Chief Information Security Officer (CISO), Raja Sambandam, issued Order No. 2025-01, establishing a cybersecurity incident reporting process. Pursuant to Section 9-27A-3(B)(12) NMSA 1978, all agencies and political subdivisions are required to comply with the Order’s critical procedures and reporting requirements.
Designate a Point of Contact: Cybersecurity Point of Contact Designation Form.
Call the Incident Reporting Hotline at (833) 42-CYBER to report an incident.
For additional information or questions please email the Office of Cybersecurity at NMCYBER@CYBER.NM.GOV