Jacqui Irwin
- Democratic
- Assemblymember
- District 42
Author
Existing law establishes the Office of Information Security within the Department of Technology for the purpose of ensuring the confidentiality, integrity, and availability of state systems and applications and to promote and protect privacy as part of the development and operations of state systems and applications to ensure the trust of the residents of this state. The law requires state entities, as specified, to implement the policies and procedures issued by the office. The law additionally authorizes the office, under direction of the chief, to conduct, or require to be conducted, an independent security assessment of every state agency, department, or office, as specified. State agencies must certify, by February 1 annually, to the President pro Tempore of the Senate and the Speaker of the Assembly that the agency is in compliance with all adopted policies, standards, and procedures and to include a plan of action and milestones, as specified. This bill would require every state agency, as defined and subject to specified exceptions, to implement Zero Trust architecture for all data, hardware, software, internal systems, and essential third-party software, including for on-premises, cloud, and hybrid environments, to achieve prescribed levels of maturity based on the Cybersecurity and Infrastructure Security Agency (CISA) Maturity Model, as defined, by specified dates. In implementing Zero Trust architecture, the bill would require state agencies to prioritize the use of solutions that comply with, are authorized by, or align to federal guidelines, programs, and frameworks and, at a minimum, prioritize multifactor authentication for access to all systems and data, enterprise endpoint detection and response solutions, and robust logging practices, as specified. The bill would require the office's chief, no later than January 1, 2025, to develop or revise uniform technology policies, standards, and procedures for use by all state agencies in Zero Trust architecture to achieve specified maturity levels on all systems in the State Administrative Manual and Statewide Information Management Manual. The bill would require the chief to update requirements for existing annual reporting activities to collect information relating to the progress state agencies are making to increase internal defenses of agency systems. The bill would authorize the chief to update existing annual reporting activities to include how a state agency is progressing with respect to specified goals. The bill would also state the Legislature's intent that the bill's provisions be implemented in a manner consistent with the state's timely compliance with requirements that are conditions to receipt of federal funds. The bill would also make related legislative findings and declarations.
In committee: Held under submission.
From committee chair, with author's amendments: Amend, and re-refer to committee. Read second time, amended, and re-referred to Com. on APPR.
From committee: Do pass and re-refer to Com. on APPR. (Ayes 14. Noes 0.) (July 11). Re-referred to Com. on APPR.
From committee chair, with author's amendments: Amend, and re-refer to committee. Read second time, amended, and re-referred to Com. on G.O.
In Senate. Read first time. To Com. on RLS. for assignment.
Read third time. Passed. Ordered to the Senate. (Ayes 80. Noes 0. Page 1867.)
Read second time. Ordered to third reading.
From committee: Do pass. (Ayes 15. Noes 0.) (May 18).
In committee: Set, first hearing. Referred to APPR. suspense file.
Read second time and amended.
From committee: Amend, and do pass as amended and re-refer to Com. on APPR. with recommendation: To Consent Calendar. (Ayes 6. Noes 0.) (April 19).
From committee chair, with author's amendments: Amend, and re-refer to Com. on A. & A.R. Read second time and amended.
From committee: Do pass and re-refer to Com. on A. & A.R. with recommendation: To Consent Calendar. (Ayes 11. Noes 0.) (March 21). Re-referred to Com. on A. & A.R.
From committee chair, with author's amendments: Amend, and re-refer to Com. on P. & C.P. Read second time and amended.
Referred to Coms. on P. & C.P. and A. & A.R.
From printer. May be heard in committee March 16.
Read first time. To print.
| Bill Text Versions | Format |
|---|---|
| AB749 | HTML |
| 02/13/23 - Introduced | |
| 03/14/23 - Amended Assembly | |
| 04/13/23 - Amended Assembly | |
| 04/25/23 - Amended Assembly | |
| 07/03/23 - Amended Senate | |
| 08/14/23 - Amended Senate |
| Document | Format |
|---|---|
| 03/18/23- Assembly Privacy and Consumer Protection | |
| 04/17/23- Assembly Accountability and Administrative Review | |
| 05/08/23- Assembly Appropriations | |
| 05/19/23- ASSEMBLY FLOOR ANALYSIS | |
| 07/06/23- Senate Governmental Organization | |
| 08/18/23- Senate Appropriations |
Data on Open States is updated periodically throughout the day from the official website of the California State Legislature.
If you notice any inconsistencies with these official sources, feel free to file an issue.