CALIFORNIA LEGISLATURE 20172018 REGULAR SESSION Assembly Bill No. 2748Introduced by Assembly Member ChauFebruary 16, 2018 An act to amend Section 8592.35 of the Government Code, relating to technology. LEGISLATIVE COUNSEL'S DIGESTAB 2748, as introduced, Chau. Information technology.Existing law requires the Department of Technology, on or before July 1, 2018, to update the Technology Recovery Plan element of the State Administrative Manual to ensure the inclusion of cybersecurity strategy incident response standards for each state agency, as specified.This bill would make a nonsubstantive change to that provision.Digest Key Vote: MAJORITY Appropriation: NO Fiscal Committee: NO Local Program: NO Bill TextThe people of the State of California do enact as follows:SECTION 1. Section 8592.35 of the Government Code is amended to read:8592.35. (a) (1) On or before July 1, 2018, the department shall, in consultation with the office and compliance with Section 11549.3, update the Technology Recovery Plan element of the State Administrative Manual to ensure the inclusion of cybersecurity strategy incident response standards for each state agency to secure its critical infrastructure controls and critical infrastructure information.(2) In updating the standards in paragraph (1), the department shall consider, but not be limited to considering, all each of the following:(A) Costs to implement the standards.(B) Security of critical infrastructure information.(C) Centralized management of risk.(D) Industry best practices.(E) Continuity of operations.(F) Protection of personal information.(b) Each state agency shall provide the department with a copy of its updated Technology Recovery Plan.(c) Each state agency shall, as part of its Technology Recovery Plan, provide the department with an inventory of all critical infrastructure controls, and their associated assets, in the possession of the agency.
CALIFORNIA LEGISLATURE 20172018 REGULAR SESSION Assembly Bill No. 2748Introduced by Assembly Member ChauFebruary 16, 2018 An act to amend Section 8592.35 of the Government Code, relating to technology. LEGISLATIVE COUNSEL'S DIGESTAB 2748, as introduced, Chau. Information technology.Existing law requires the Department of Technology, on or before July 1, 2018, to update the Technology Recovery Plan element of the State Administrative Manual to ensure the inclusion of cybersecurity strategy incident response standards for each state agency, as specified.This bill would make a nonsubstantive change to that provision.Digest Key Vote: MAJORITY Appropriation: NO Fiscal Committee: NO Local Program: NO
CALIFORNIA LEGISLATURE 20172018 REGULAR SESSION
Assembly Bill No. 2748
Introduced by Assembly Member ChauFebruary 16, 2018
Introduced by Assembly Member Chau
February 16, 2018
An act to amend Section 8592.35 of the Government Code, relating to technology.
LEGISLATIVE COUNSEL'S DIGEST
## LEGISLATIVE COUNSEL'S DIGEST
AB 2748, as introduced, Chau. Information technology.
Existing law requires the Department of Technology, on or before July 1, 2018, to update the Technology Recovery Plan element of the State Administrative Manual to ensure the inclusion of cybersecurity strategy incident response standards for each state agency, as specified.This bill would make a nonsubstantive change to that provision.
Existing law requires the Department of Technology, on or before July 1, 2018, to update the Technology Recovery Plan element of the State Administrative Manual to ensure the inclusion of cybersecurity strategy incident response standards for each state agency, as specified.
This bill would make a nonsubstantive change to that provision.
## Digest Key
## Bill Text
The people of the State of California do enact as follows:SECTION 1. Section 8592.35 of the Government Code is amended to read:8592.35. (a) (1) On or before July 1, 2018, the department shall, in consultation with the office and compliance with Section 11549.3, update the Technology Recovery Plan element of the State Administrative Manual to ensure the inclusion of cybersecurity strategy incident response standards for each state agency to secure its critical infrastructure controls and critical infrastructure information.(2) In updating the standards in paragraph (1), the department shall consider, but not be limited to considering, all each of the following:(A) Costs to implement the standards.(B) Security of critical infrastructure information.(C) Centralized management of risk.(D) Industry best practices.(E) Continuity of operations.(F) Protection of personal information.(b) Each state agency shall provide the department with a copy of its updated Technology Recovery Plan.(c) Each state agency shall, as part of its Technology Recovery Plan, provide the department with an inventory of all critical infrastructure controls, and their associated assets, in the possession of the agency.
The people of the State of California do enact as follows:
## The people of the State of California do enact as follows:
SECTION 1. Section 8592.35 of the Government Code is amended to read:8592.35. (a) (1) On or before July 1, 2018, the department shall, in consultation with the office and compliance with Section 11549.3, update the Technology Recovery Plan element of the State Administrative Manual to ensure the inclusion of cybersecurity strategy incident response standards for each state agency to secure its critical infrastructure controls and critical infrastructure information.(2) In updating the standards in paragraph (1), the department shall consider, but not be limited to considering, all each of the following:(A) Costs to implement the standards.(B) Security of critical infrastructure information.(C) Centralized management of risk.(D) Industry best practices.(E) Continuity of operations.(F) Protection of personal information.(b) Each state agency shall provide the department with a copy of its updated Technology Recovery Plan.(c) Each state agency shall, as part of its Technology Recovery Plan, provide the department with an inventory of all critical infrastructure controls, and their associated assets, in the possession of the agency.
SECTION 1. Section 8592.35 of the Government Code is amended to read:
### SECTION 1.
8592.35. (a) (1) On or before July 1, 2018, the department shall, in consultation with the office and compliance with Section 11549.3, update the Technology Recovery Plan element of the State Administrative Manual to ensure the inclusion of cybersecurity strategy incident response standards for each state agency to secure its critical infrastructure controls and critical infrastructure information.(2) In updating the standards in paragraph (1), the department shall consider, but not be limited to considering, all each of the following:(A) Costs to implement the standards.(B) Security of critical infrastructure information.(C) Centralized management of risk.(D) Industry best practices.(E) Continuity of operations.(F) Protection of personal information.(b) Each state agency shall provide the department with a copy of its updated Technology Recovery Plan.(c) Each state agency shall, as part of its Technology Recovery Plan, provide the department with an inventory of all critical infrastructure controls, and their associated assets, in the possession of the agency.
8592.35. (a) (1) On or before July 1, 2018, the department shall, in consultation with the office and compliance with Section 11549.3, update the Technology Recovery Plan element of the State Administrative Manual to ensure the inclusion of cybersecurity strategy incident response standards for each state agency to secure its critical infrastructure controls and critical infrastructure information.(2) In updating the standards in paragraph (1), the department shall consider, but not be limited to considering, all each of the following:(A) Costs to implement the standards.(B) Security of critical infrastructure information.(C) Centralized management of risk.(D) Industry best practices.(E) Continuity of operations.(F) Protection of personal information.(b) Each state agency shall provide the department with a copy of its updated Technology Recovery Plan.(c) Each state agency shall, as part of its Technology Recovery Plan, provide the department with an inventory of all critical infrastructure controls, and their associated assets, in the possession of the agency.
8592.35. (a) (1) On or before July 1, 2018, the department shall, in consultation with the office and compliance with Section 11549.3, update the Technology Recovery Plan element of the State Administrative Manual to ensure the inclusion of cybersecurity strategy incident response standards for each state agency to secure its critical infrastructure controls and critical infrastructure information.(2) In updating the standards in paragraph (1), the department shall consider, but not be limited to considering, all each of the following:(A) Costs to implement the standards.(B) Security of critical infrastructure information.(C) Centralized management of risk.(D) Industry best practices.(E) Continuity of operations.(F) Protection of personal information.(b) Each state agency shall provide the department with a copy of its updated Technology Recovery Plan.(c) Each state agency shall, as part of its Technology Recovery Plan, provide the department with an inventory of all critical infrastructure controls, and their associated assets, in the possession of the agency.
8592.35. (a) (1) On or before July 1, 2018, the department shall, in consultation with the office and compliance with Section 11549.3, update the Technology Recovery Plan element of the State Administrative Manual to ensure the inclusion of cybersecurity strategy incident response standards for each state agency to secure its critical infrastructure controls and critical infrastructure information.
(2) In updating the standards in paragraph (1), the department shall consider, but not be limited to considering, all each of the following:
(A) Costs to implement the standards.
(B) Security of critical infrastructure information.
(C) Centralized management of risk.
(D) Industry best practices.
(E) Continuity of operations.
(F) Protection of personal information.
(b) Each state agency shall provide the department with a copy of its updated Technology Recovery Plan.
(c) Each state agency shall, as part of its Technology Recovery Plan, provide the department with an inventory of all critical infrastructure controls, and their associated assets, in the possession of the agency.