(a) (1) On or before July 1, 2018, the department shall, in consultation with the office and compliance with Section 11549.3, update the Technology Recovery Plan element of the State Administrative Manual to ensure the inclusion of cybersecurity strategy incident response standards for each state agency to secure its critical infrastructure controls and critical infrastructure information.

(2) In updating the standards in paragraph (1), the department shall consider, but not be limited to considering, all of the following:

Terms Used In California Government Code 8592.35

  • Assets: (1) The property comprising the estate of a deceased person, or (2) the property in a trust account.
  • Critical infrastructure controls: means networks and systems controlling assets so vital to the state that the incapacity or destruction of those networks, systems, or assets would have a debilitating impact on public health, safety, economic security, or any combination thereof. See California Government Code 8592.30
  • Critical infrastructure information: means information not customarily in the public domain pertaining to any of the following:

    California Government Code 8592.30

  • Department: means the Department of Technology. See California Government Code 8592.30
  • Office: means the Office of Emergency Services. See California Government Code 8592.30
  • State: means the State of California, unless applied to the different parts of the United States. See California Government Code 18
  • state agency: includes every state office, officer, department, division, bureau, board, and commission. See California Government Code 11000

(A) Costs to implement the standards.

(B) Security of critical infrastructure information.

(C) Centralized management of risk.

(D) Industry best practices.

(E) Continuity of operations.

(F) Protection of personal information.

(b) Each state agency shall provide the department with a copy of its updated Technology Recovery Plan.

(c) Each state agency shall, as part of its Technology Recovery Plan, provide the department with an inventory of all critical infrastructure controls, and their associated assets, in the possession of the agency.

(Amended by Stats. 2017, Ch. 790, Sec. 1. (AB 1022) Effective January 1, 2018.)

  Previous section
Next section  
 Article 6.4 Contents