Washington State Senate Bill 6281 proposes tying cloud procurement assessments to SEC-01 (and subsequent amendments)

Washington State Senate Bill 6281 (bill text located) proposes amending RCW 43.105.375 to require an assessment prior to purchasing third-party commercial cloud computing services. The assessment would include evaluating cybersecurity and regulatory compliance using the data categories referenced in the document titled “Washington state cybersecurity program policy” (SEC-01) as it exists on the effective date of the section and any subsequent amendments. If enacted, this would operationalize SEC-01 as an explicit statutory reference point for cloud procurement due diligence and could increase internal documentation and review expectations tied to SEC-01 compliance.