Cybersecurity
Office of Cybersecurity
The Office of Cybersecurity (OCS) was established by the New Mexico Legislature in 2023 through the Cybersecurity Act, Sections 9-27A-1 to 9-27A-5, NMSA 1978, as the statewide information security and privacy office.
Whole of State Approach
As detailed in the Cybersecurity Plan, New Mexico is taking a whole of state approach to support government and critical infrastructure entities with centralized resources and services, industry leading standards, and proactive measures, to build and maintain a strong cybersecurity posture.
OCS Functions
Developing statewide cybersecurity policies and standards and supporting public entity implementation and compliance. Conducting cybersecurity risk assessments to identify security and privacy risks and supporting public entity adoption of mitigation strategies. Providing Vulnerability Management and Attack Surface Management services to participating entities to continuously monitor the digital infrastructure to identify and correct security gaps. Coordinating cybersecurity awareness and training programs. Operating the state security operations center for incident detection, reporting, and response.
Incident Reporting
The State Chief Information Security Officer (CISO), Raja Sambandam, issued Order No. 2025-01, establishing a cybersecurity incident reporting process. Pursuant to Section 9-27A-3(B)(12) NMSA 1978, all agencies and political subdivisions are required to comply with the Order's critical procedures and reporting requirements.