Report 2018-611 Recommendation Responses

Report 2018-611: Gaps in Oversight Contribute to Weaknesses in the State's Information Security (Release Date: July 2019)

Recommendation for Legislative Action

To strengthen the information security practices of nonreporting entities, the Legislature should amend state law to require all nonreporting entities to obtain or perform comprehensive information security assessments no less frequently than every three years to determine compliance with the entirety of their adopted information security standards.

Description of Legislative Action

AB 2135 (Irwin, 2021) would require nonreporting state agencies to perform a comprehensive, independent security assessment every 2 years, which shall assess all policies, standards, and procedures adopted and would authorize them to contract with the Military Department, or with a qualified responsible vendor, for that purpose. As of September 14, 2022, this bill passed the Legislature and has been submitted to the Governor for signature.

Legislative Action Current As-of: September 2022

California State Auditor's Assessment of Status: Legislation Introduced

As of September 14, 2022, this bill passed the Legislature and has been submitted to the Governor for signature.

Description of Legislative Action

AB 809 (Irwin) would require state agencies not subject to the authority of the Department of Technology to perform a comprehensive, independent security assessment every two years and would authorize them to contract with the Military Department for that purpose.

Legislative Action Current As-of: July 2021

California State Auditor's Assessment of Status: Legislation Introduced

Description of Legislative Action

AB 2669 would require state agencies not subject to the authority of the Department of Technology to perform a comprehensive, independent security assessment every two years and would authorize them to contract with the Military Department for that purpose.

Legislative Action Current As-of: July 2020

California State Auditor's Assessment of Status: Legislation Introduced

Description of Legislative Action

As of January 2020, the Legislature has not taken action to address this specific recommendation.

Legislative Action Current As-of: January 2020

Report 2018-611 Recommendation Responses

Report 2018-611: Gaps in Oversight Contribute to Weaknesses in the State's Information Security (Release Date: July 2019)

Recommendation for Legislative Action

Description of Legislative Action

California State Auditor's Assessment of Status: Legislation Introduced

Description of Legislative Action

California State Auditor's Assessment of Status: Legislation Introduced

Description of Legislative Action

California State Auditor's Assessment of Status: Legislation Introduced

Description of Legislative Action

California State Auditor's Assessment of Status: No Action Taken

All Recommendations in 2018-611