Report 2022-114 Recommendation Responses

Report 2022-114: California Department of Technology: Weaknesses in Strategic Planning, Information Security, and Project Oversight Limit the State's Management of Information Technology (Release Date: April 2023)

Recommendation for Legislative Action

The Legislature should require CDT to develop a plan for determining the overall statewide information security status of the State's reporting entities by January 2024. This plan may entail CDT's assessing reporting entities through its existing oversight lifecycle or through alternative processes. It may include increasing the number of CDT staff, revising CDT's review process, or pursuing enforcement measures and corrective actions for reporting entities that do not address information security deficiencies. For example, when appropriate, CDT could require reporting entities to address outstanding information security deficiencies before implementing new IT initiatives.

Description of Legislative Action

As of 6/19/23, the Legislature has not taken any action in the 2023/24 Legislative Session to address this specific recommendation.

Legislative Action Current As-of: February 2026

California State Auditor's Assessment of 60-Day Status: No Action Taken

Description of Legislative Action

As of 10/20/23, the Legislature has not taken any action in the 2023/24 Legislative Session to address this specific recommendation.

Legislative Action Current As-of: February 2026

California State Auditor's Assessment of 6-Month Status: No Action Taken

Description of Legislative Action

As of 4/20/24, the Legislature has not taken any action in the 2023/24 Legislative Session to address this specific recommendation.

Legislative Action Current As-of: February 2026

California State Auditor's Assessment of 1-Year Status: No Action Taken

Description of Legislative Action

As of 4/20/25, the Legislature has not taken any action in the 2025/26 Legislative Session to address this specific recommendation.

AB 2777 (Calderon, 2024) would have required CDT to develop a Baseline Information Security Score metric to estimate the information security status of applicable state agencies, departments, and offices on or before January 1, 2026. This bill died in the Senate.

Legislative Action Current As-of: February 2026

Report 2022-114 Recommendation Responses

Report 2022-114: California Department of Technology: Weaknesses in Strategic Planning, Information Security, and Project Oversight Limit the State's Management of Information Technology (Release Date: April 2023)

Recommendation for Legislative Action

Description of Legislative Action

California State Auditor's Assessment of 60-Day Status: No Action Taken

Description of Legislative Action

California State Auditor's Assessment of 6-Month Status: No Action Taken

Description of Legislative Action

California State Auditor's Assessment of 1-Year Status: No Action Taken

Description of Legislative Action

California State Auditor's Assessment of Annual Follow-Up Status: Legislation Proposed But Not Enacted

All Recommendations in 2022-114