Report 2015-611 Recommendation 6 Responses
Report 2015-611: High Risk Update—Information Security: Many State Entities' Information Assets Are Potentially Vulnerable to Attack or Disruption (Release Date: August 2015)
Recommendation #6 To: Technology, California Department of
To assist reporting entities in reaching full compliance with the security standards, the technology department should take the following actions: Annually follow up on the remediation plans that reporting entities submit.
60-Day Agency Response
In August 2015, the Department of Technology issued Technology Letter 15-03, and two new State Information Management Manual (SIMM) documents, directing state entities on the use of a new Plan of Action and Milestone (PoAM) tool. The instructions (SIMM 5305-B) and tool (SIMM 5305-C) provide a standardized approach to document details about remediation activity. The policy now requires departments to report on their corrective action progress on a quarterly basis. The PoAMs will be reviewed quarterly and departments will be provided feedback to ensure continued progress toward compliance.
- Completion Date: August 2015
- Response Date: October 2015
California State Auditor's Assessment of 60-Day Status: Fully Implemented
Agency responses received are posted verbatim.