Report 2021-602 Recommendation 6 Responses
Report 2021-602: State High-Risk Update—Information Security: The California Department of Technology's Inadequate Oversight Limits the States Ability to Ensure Information Security (Release Date: January 2022)
Recommendation #6 To: Technology, California Department of
To ensure that it understands the statewide security status of reporting entities, CDT should utilize the information from the entities' self-assessments of their systems, as well as from the nationwide review, to annually help identify common areas that require improvement across multiple reporting entities.
CDT has now incorporated prior year NCSR scores into its priority risk ranking and will report entity status to the cybersecurity select committee in its confidential Legislative briefings with the Legislature going forward.
- Estimated Completion Date: March 2023
California State Auditor's Assessment of Status: Partially Implemented
Per CDT's response, it will not fully implement this recommendation until March 2023.
CDT is still on target to incorporate prior year NCSR scores and report entity status to the cybersecurity select committee by the required due date in December of 2022.
- Estimated Completion Date: December 2022
California State Auditor's Assessment of Status: Pending
Per CDT's response, it will not fully implement this recommendation until December 2022.
CDT is on target to incorporate prior year NCSR scores and report entity status to the cybersecurity select committee by the required due date in December of 2022.
- Estimated Completion Date: December 2022
California State Auditor's Assessment of Status: Pending
Per CDT's response, it will not fully implement this recommendation until December 2022.
The NCSR reporting information is being reviewed and will be incorporated into statewide risk scoring and ranking calculations annually. Annually the NCSR surveys are submitted by February. CDT will incorporate prior year NCSR scores and report entity status to the cybersecurity select committee by the required due date in December of 2022.
- Estimated Completion Date: December 2022
California State Auditor's Assessment of Status: Pending
Per CDT's response, it will not fully implement this recommendation until December 2022.
All Recommendations in 2021-602
Agency responses received are posted verbatim.