CA
California Assembly Bill AB869

California 2025-2026 Regular Session

California Assembly Bill AB869

Introduced
2/19/25  
Refer
3/10/25  
Report Pass
4/2/25  

Caption

State agencies: information security: Zero Trust architecture.

Impact

The adoption of Zero Trust architecture is intended to mitigate the risks associated with cyber threats that have increasingly severe consequences for state operations. By implementing strict access controls and requiring multifactor authentication, enterprises can better protect sensitive information from unauthorized access and data breaches. This legislative push reflects a growing recognition of the need for adaptive security strategies in the face of evolving cyber risks. The bill also aims to standardize security practices across different state agencies, potentially leading to greater efficiency in handling cybersecurity incidents and reduced vulnerabilities.

Summary

Assembly Bill 869, introduced by Assembly Member Irwin, proposes the implementation of Zero Trust architecture across all state agencies within California. The bill mandates that state agencies ensure that data, hardware, software, and internal systems adhere to specific security measures as defined by the Cybersecurity and Infrastructure Security Agency (CISA) Maturity Model. This includes achieving both Advanced maturity by June 1, 2026, and Optimal maturity by June 1, 2030. The Zero Trust model emphasizes that all users, whether inside or outside the organization’s network, must be authenticated and continuously validated before accessing any applications and data, reinforcing the state's commitment to robust cybersecurity frameworks.

Contention

While proponents advocate for enhanced security measures that aim to build public trust and confidence, there may be challenges regarding the implementation of such extensive security protocols. Concerns could arise over the allocation of resources necessary to upgrade existing systems, training personnel on new standards, and ensuring compliance across diverse state departments. Additionally, discussions may emerge about the implications of such a centralized model, especially regarding flexibility and local governance, as individual agencies might have unique needs that could clash with a one-size-fits-all approach.

Latest AB869 Activity

Companion Bills

No companion bills found.

Similar Bills

FL H1293

Cybersecurity

KS HB2060

Senate Substitute for Substitute for HB 2060 by Committee on Local Government, Transparency and Ethics - Providing for the treatment of the reimbursement for expenses incurred for travel and activities in attending conferences or events by certain specified nonprofit organizations and discounted or free access to entertainment, sporting events or other activities.

TX HB8

Relating to cybersecurity for state agency information resources.

NJ S3835

Establishes Office of Cybersecurity Infrastructure.

MS HB1380

Cybersecurity; governmental and certain commercial entities substantially complying with standards not liable for incidents relating to.

TX HB4214

Relating to matters concerning governmental entities, including cybersecurity, governmental efficiencies, information resources, and emergency planning.

KS HB2271

Removing the expiration of provisions relating to moving cybersecurity services under the chief information technology officer of each branch of government.

TX SB475

Relating to state agency and local government information management and security, including establishment of the state risk and authorization management program and the Texas volunteer incident response team; authorizing fees.