Report 2021-602 Recommendation 7 Responses
Report 2021-602: State High-Risk Update—Information Security: The California Department of Technology's Inadequate Oversight Limits the States Ability to Ensure Information Security (Release Date: January 2022)
Recommendation #7 To: Technology, California Department of
To help ensure that reporting entities are aware of new federal information security standards that are intended to strengthen their security and privacy governance, CDT should complete the necessary updates to SAM 5300 and SIMM by June 2022.
Updates have been made and the announcement was released August 2022.
PS 023 - CDT General SIMM Maintenance | CDT (ca.gov)
- Completion Date: August 2022
California State Auditor's Assessment of Status: Fully Implemented
CDT updated the links in SAM 5300 so they refer to the current federal information security standards, and it completed the necessary updates to SIMM.
Updates have been made and the announcement will be released by July 31, 2022.
- Completion Date: August 2022
California State Auditor's Assessment of Status: Pending
Per CDT's response, it will not fully implement this recommendation until August 2022.
- Auditee did not substantiate its claim of full implementation
CDT acknowledges this recommendation and has begun the process of updating from rev 4 to 5, to be completed by fiscal year-end. The State defined parameters for the NIST SP 800-53 controls (SIMM 5300-A) update (rev 4 to rev 5), Foundational Framework (SIMM 5300-B), and POAM (5300-C) to be completed by the fiscal year-end.
- Estimated Completion Date: June 2022
California State Auditor's Assessment of Status: Pending
Per CDT's response, it will not fully implement this recommendation until June 2022.
All Recommendations in 2021-602
Agency responses received are posted verbatim.