Report 2015-611 Recommendation Responses

Report 2015-611: High Risk Update—Information Security: Many State Entities' Information Assets Are Potentially Vulnerable to Attack or Disruption (Release Date: August 2015)

Recommendation for Legislative Action

To improve reporting entities' level of compliance with the State's security standards, the Legislature should consider mandating that the technology department conduct, or require to be conducted, an independent security assessment of each reporting entity at least every two years. This assessment should include specific recommendations, priorities, and time frames within which the reporting entity must address any deficiencies. If a third party vendor conducts the independent security assessment, it should provide the results to the technology department and the reporting entity.

Description of Legislative Action

Assembly Bill 670 (Chapter 518, Statutes of 2015) requires the Department of Technology to annually require no fewer that 35 state entities to perform an independent security assessment.

Legislative Action Current As-of: August 2020

California State Auditor's Assessment of Annual Follow-Up Status: Legislation Enacted

Description of Legislative Action

Assembly Bill 670 (Chapter 518, Statutes of 2015) requires the Department of Technology to annually require no fewer that 35 state entities to perform an independent security assessment.

Legislative Action Current As-of: October 2016

California State Auditor's Assessment of 1-Year Status: Legislation Enacted

Description of Legislative Action

AB 670 (Chapter 518, Statutes of 2015) requires the Department of Technology to conduct, or require to be conducted, no fewer than 35 independent security assessments of state agencies, departments or offices annually.

Legislative Action Current As-of: March 2016

California State Auditor's Assessment of 6-Month Status: Legislation Enacted

Description of Legislative Action

Assembly Bill 670 (Chapter 518, Statutes of 2015) requires the Department of Technology to conduct, or require to be conducted, no fewer than 35 independent security assessments of state agencies, departments, or offices annually.

Legislative Action Current As-of: January 2016

Report 2015-611 Recommendation Responses

Report 2015-611: High Risk Update—Information Security: Many State Entities' Information Assets Are Potentially Vulnerable to Attack or Disruption (Release Date: August 2015)

Recommendation for Legislative Action

Description of Legislative Action

California State Auditor's Assessment of Annual Follow-Up Status: Legislation Enacted

Description of Legislative Action

California State Auditor's Assessment of 1-Year Status: Legislation Enacted

Description of Legislative Action

California State Auditor's Assessment of 6-Month Status: Legislation Enacted

Description of Legislative Action

California State Auditor's Assessment of 60-Day Status: Legislation Enacted

All Recommendations in 2015-611