Bill Text: CA AB2777 | 2023-2024 | Regular Session | Amended

NOTE: There are more recent revisions of this legislation. Read Latest Draft
Bill Title: Office of Information Security: Baseline Information Security Score.

Spectrum: Partisan Bill (Democrat 1-0)

Status: (Introduced) 2024-05-08 - In committee: Set, first hearing. Referred to suspense file. [AB2777 Detail]

Download: California-2023-AB2777-Amended.html

Amended  IN  Assembly  March 19, 2024

CALIFORNIA LEGISLATURE— 2023–2024 REGULAR SESSION

Assembly Bill
No. 2777

Introduced by Assembly Member Calderon

February 15, 2024

An act to amend Section 33428 of the Education Code, relating to youth leadership. An act to add Section 11547.65 to the Government Code, relating to state government.


LEGISLATIVE COUNSEL'S DIGEST


AB 2777, as amended, Calderon. California Youth Leadership Project. Department of Technology: state agencies: California Cybersecurity Maturity Metric.
Existing law tasks the Director of Technology, who supervises the Department of Technology and is also the State Chief Information Officer, with, among other things, providing technology direction to agency and department chief information officers to ensure compliance with information technology policies and standards and establishing performance management and improvement processes to ensure state information technology systems and services are efficient and effective. Existing law requires the Chief of the Office of Information Security to establish an information security program that includes creating, updating, and publishing information security and privacy policies, standards, and procedures for state agencies. Existing law requires all state entities, as specified, to implement the policies and procedures issued by the Office of Information Security and authorizes the office to conduct an independent security assessment of every state agency, department, or office.
This bill would require the Department of Technology to make changes to the California Cybersecurity Maturity Metric, including the Maturity Metric Score criteria, to accomplish specified goals, including to achieve a score for all state agencies every 3 years. The bill would require a Maturity Metric Score to be comprised of information from the 2 most recent independent security assessments performed by, or at the direction of, the Office of Information Security that measured the agency’s network and any other relevant and available information. The bill would define terms for these purposes, and make related findings and declarations.

Existing law establishes the California Youth Leadership Project for the purpose of promoting youth civic engagement by awarding scholarships to youth between 14 and 18 years of age in accordance with specified criteria. Existing law creates the California Youth Leadership Project Committee to oversee the California Youth Leadership Project. Existing law authorizes the California Youth Leadership Project Committee to accept gifts and grants from any source to help perform its functions. Existing law also authorizes the California Youth Leadership Project Committee to define its program and use its funds in any way necessary to carry out its duties, as specified.

This bill would make nonsubstantive changes to those provisions.

Vote: MAJORITY   Appropriation: NO   Fiscal Committee: NOYES   Local Program: NO  

The people of the State of California do enact as follows:


SECTION 1.

 The Legislature finds and declares all of the following:
(a) Californians are often required to provide personally identifiable information to state agencies. Protecting that information is critical to maintaining public trust and safety.
(b) Knowledge of the security status of state agencies is critical to identifying vulnerabilities, managing cybersecurity threats, and avoiding costly disruptions to state services.
(c) Simplifying the existing process for evaluating the cybersecurity of state agencies is critical to ensuring timely reports.

SEC. 2.

 Section 11547.65 is added to the Government Code, to read:

11547.65.
 (a) For purposes of this section, the following definitions apply:
(1) “California Cybersecurity Maturity Metric” means the Statewide Information Management Manual Section 5300-C, or any successor Statewide Information Management Manual section that describes a metric that objectively measures the effective implementation of cybersecurity policies, standards, and procedures by every state agency.
(2) “Maturity Metric Score” means the Statewide Information Management Manual Section 5300-C, or any successor Statewide Information Management Manual section that describes a single score a state agency received following the completion of the calculation that reflects an agency’s information security status.
(3) (A) “State agency” has the same meaning as in Section 11000.
(B) “State agency” does not include the State Compensation Insurance Fund, the Legislature, or the Legislative Data Center in the Legislative Counsel Bureau pursuant to Section 11548.
(b) The Department of Technology shall make changes to the California Cybersecurity Maturity Metric, including the Maturity Metric Score criteria, to accomplish the following goals:
(1) Improve reliability, efficiency, and timeliness of reporting Maturity Metric Scores.
(2) Achieve a Maturity Metric Score for all state agencies every three years.
(c) A Maturity Metric Score shall be comprised of information from the two most recent independent security assessments performed pursuant to subdivision (c) of Section 11549.3 that measured the agency’s network and any other relevant and available information.

SECTION 1.Section 33428 of the Education Code is amended to read:
33428.

(a)The funds for the California Youth Leadership Project shall be allocated from the California Youth Leadership Fund pursuant to Article 4.5 (commencing with Section 18736) of Chapter 3 of Part 10.2 of Division 2 of the Revenue and Taxation Code, as added by Chapter 379 of the Statutes of 2012, as that article read on January 1, 2013, or from private funds directed to the department and allocated to the California Youth Leadership Project Committee for the purpose of funding activities of the California Youth Leadership Project.

(b)The California Youth Leadership Project may accept gifts and grants from any source, public or private, to help perform its functions pursuant to this article.

(c)The California Youth Leadership Project Committee shall have the authority to define its program and use its funds in any way necessary to carry out the duties of this article, including, but not limited to, partnering with nonprofit groups or state agencies to perform various duties required by this article, as long as the program or activity is not in violation of a state law or regulation.

LegiScan Search

View Top 50 Searches

Select area of search.
Find an exact bill number.
Search bill text and data. [help]
Reset

LegiScan Trends

View Top 50 National

GA HB957 Water, ports and watercraft; penalties for failing to remove abandoned...
CO HB1430 2024-25 Long Appropriations Bill
GA SB105 Public School Employees Retirement System; the minimum and maximum allowable...
NY S08461 Establishes the sporting range good neighbor act requiring skeet field...
NH HB1004 Relative to repealing the judicial conduct commission.
NY A09585 Provides interest rate limitations for financing arrangements and the extension...
LA HB523 Provides relative to the election of a collective bargaining represent...
MD SB516 Economic Development - Maryland Aerospace and Technology Commission
CA SB914 Veterans: employment.
NY S04020 Relates to emergency medical services; establishes a special district for...
feedback