Report 2015-611 Recommendation 6 Responses

Report 2015-611: High Risk Update—Information Security: Many State Entities' Information Assets Are Potentially Vulnerable to Attack or Disruption (Release Date: August 2015)

Recommendation #6 To: Technology, California Department of

To assist reporting entities in reaching full compliance with the security standards, the technology department should take the following actions: Annually follow up on the remediation plans that reporting entities submit.

60-Day Agency Response

In August 2015, the Department of Technology issued Technology Letter 15-03, and two new State Information Management Manual (SIMM) documents, directing state entities on the use of a new Plan of Action and Milestone (PoAM) tool. The instructions (SIMM 5305-B) and tool (SIMM 5305-C) provide a standardized approach to document details about remediation activity. The policy now requires departments to report on their corrective action progress on a quarterly basis. The PoAMs will be reviewed quarterly and departments will be provided feedback to ensure continued progress toward compliance.

• Completion Date: August 2015
• Response Date: October 2015

California State Auditor's Assessment of 60-Day Status: Fully Implemented

---

All Recommendations in 2015-611

Agency responses received are posted verbatim.