Report 2018-611 Recommendation Responses
Report 2018-611: Gaps in Oversight Contribute to Weaknesses in the State's Information Security (Release Date: July 2019)
Recommendation for Legislative Action
To strengthen the information security practices of nonreporting entities, the Legislature should amend state law to require all nonreporting entities to adopt information security standards comparable to SAM 5300.
Description of Legislative Action
AB 2135 (Irwin, 2021) would require all nonreporting state agencies to adopt and implement information security and privacy policies, standards, and procedures based upon standards issued by the National Institute of Standards and Technology and the Federal Information Processing Standards, as specified. Additionally, this bill would allow nonreporting state agencies to adopt and implement information security and privacy policies, standards, and procedures following Chapter 5300 - Information Technology - Office of Information Security of the State Administrative Manual. As of September 14, 2022, this bill passed the Legislature and has been submitted to the Governor for signature.
- Legislative Action Current As-of: September 2022
California State Auditor's Assessment of Status: Legislation Introduced
As of September 14, 2022, this bill passed the Legislature and has been submitted to the Governor for signature.
Description of Legislative Action
AB 809 (Irwin) would require state agencies not subject to the authority of the Department of Technology to adopt and implement information security and privacy policies, standards, and procedures based upon standards issued by the National Institute of Standards and Technology and the Federal Information Processing Standards.
- Legislative Action Current As-of: July 2021
California State Auditor's Assessment of Status: Legislation Introduced
Description of Legislative Action
AB 2669 (Irwin) would require state agencies not subject to the authority of the Department of Technology to adopt and implement information security and privacy policies, standards, and procedures based upon standards issued by the National Institute of Standards and Technology and the Federal Information Processing Standards.
- Legislative Action Current As-of: July 2020
California State Auditor's Assessment of Status: Legislation Introduced
Description of Legislative Action
As of January 2020, the Legislature has not taken action to address this specific recommendation.
- Legislative Action Current As-of: January 2020