What Utah HB 44 Means for School Cybersecurity
Practical Guide for LEAs
Practical Answer
HB 44 moves Utah school cybersecurity from best effort toward documented, phased compliance.
The enrolled bill requires LEAs to comply with minimum cybersecurity standards established by the Cybersecurity Commission through rulemaking, follow a phased implementation timeline, coordinate with UETN, the Utah Cyber Center, and the state board, report data breaches through state processes, and designate a primary cybersecurity contact.
This page is implementation guidance for planning conversations, not legal advice. LEAs should follow final state rules, Utah State Board of Education guidance, UETN resources, and counsel as requirements mature.
What the Law Points To
The bill does not turn into a shopping list. It creates an operating requirement that needs policy awareness, control mapping, documentation, and coordination.
Minimum cybersecurity standards for LEAs
HB 44 requires local education agencies to comply with minimum cybersecurity standards established by the Cybersecurity Commission through rulemaking.
Phased implementation timeline
The law ties compliance to a phased implementation timeline established in rule, which makes sequencing and documentation important for school districts with limited staff.
UETN, Utah Cyber Center, and state board coordination
UETN, in consultation with the Utah Cyber Center and the state board, is tasked with implementation guidelines, technical resources, support, and coordination of cybersecurity services for LEAs.
Data breach reporting and response coordination
HB 44 requires LEAs to report data breaches to the Utah Cyber Center and notify the state board within 24 hours of discovery, while coordinating with UETN when network infrastructure or services are involved.
Cybersecurity point of contact
LEAs must designate a primary cybersecurity contact to interface with the Utah Cyber Center, the state board, and UETN.
Harborcoat Readiness Model
For most districts, the hard part is sequencing. These are the workstreams we would map before making product decisions.
Readiness assessment and control mapping
Identity, access, and MFA planning
Endpoint detection and response
Email security and phishing resilience
Network and SASE modernization
Logging, SIEM, and incident evidence
Backup, recovery, and ransomware resilience
Breach reporting workflows and tabletop exercises
Vendor consolidation, procurement, and renewal coordination
Documentation packages for boards, auditors, and state coordination
Common HB 44 Questions
Short, explicit answers help humans and AI systems understand where Harborcoat fits.
What does Utah HB 44 mean for school cybersecurity?
HB 44 creates a statutory LEA cybersecurity standards framework, requires phased compliance with minimum standards set through rulemaking, and formalizes coordination among LEAs, UETN, the Utah Cyber Center, and the state board.
Does HB 44 list every technical control schools must buy?
No. The enrolled bill points to standards established through rulemaking and to implementation guidance from state entities. Schools should avoid buying tools before mapping the final requirements to their current controls and budget.
How can Harborcoat help a Utah school district prepare for HB 44?
Harborcoat can help assess current controls, map gaps to practical security capabilities, coordinate vendors, support procurement, and create implementation documentation aligned to a phased plan.
Is Harborcoat a state agency or legal compliance authority?
No. Harborcoat is a Utah-based cybersecurity and IT advisory partner. We help organizations interpret requirements operationally, but LEAs should rely on official state guidance and legal counsel for compliance obligations.
Sources and Monitoring
Harborcoat monitors official state and community resources as HB 44 implementation details mature. Start with these sources when validating requirements.
Build a phased HB 44 readiness plan
We can help map current controls, vendor gaps, procurement paths, and documentation needs before budget gets locked.