Procedures and standards updates

Procedures/Standards Updates are issued by the California Department of Technology to convey information/guidelines regarding state IT policies. If you have questions about any of these Procedures/Standards Updates, please call the contact person noted in the Procedures/Standards Update.

PS-028SIMM 5335-A – Security Event Notification and Response Standard Update6/6/2023Active
PS-027SIMM 19A.5 Agency/State Entity Portfolio Report Update5/26/23Active
PS-026SIMM 25 – Information Technology Web Accessibility Update4/24/23Active
PS-025Americans with Disabilities Act (ADA) SIMM 19E Project Delegation Request3/30/23Active
PS-024Information Security General SIMM Maintenance (5300-C, 5310-A, and 5310-C) 10/18/22Active
PS-023 Information Security General SIMM Maintenance (5305-A, 5330-E, and 5360-A)8/18/22Active
PS-022SIMM 5310-C: Privacy Threshold Assessment and Privacy Impact Assessment UPDATES (HTML)7/25/22Active
PS-021SIMM 5340- C: Requirements to Respond to Incidents Involving a Breach of Personal Information UPDATES (HTML)7/25/22Active
PS-020PS 020 - Post Implementation Evaluation Report (PIER) UPDATES (HTML)3/21/22Active
PS-019 Security Risk Register and Plan of Action and Milestones (POAM) Reporting (HTML)3/15/22Active
PS-018Updated SIMM 19 Project Approval Lifecycle (HTML)3/9/22Active
PS-017ADA Updated SIMM 30B Project Summary Package (HTML)3/9/22Active
PS-016Phishing Exercise Standard (PDF)11/9/21Active
PS-015ADA SIMM Updates (PDF)7/16/21Active
PS-014California Cybersecurity Maturity Metrics (PDF)5/26/21Active
PS-013Update on Release of Personal Information for Research (PDF)5/13/21Active
PS-012Security Event Notification and Response Protocol(PDF)3/29/21Active
PS-011Vulnerability Management Standard(PDF)1/29/21Active
PS-010Phishing Exercise Standard (PDF)10/20/20Superseded by PS-016
PG-009Cloud Security Standard (PDF)8/19/20Active
PG-008Requirements to Respond to Incidents Involving a Breach of Personal Information (PDF)2/26/20Superseded by PS-022
PG-007Project Approval Lifecycle, Stage 1 Business Analysis Submission Requirements for Agency-Affiliated State Entities (PDF)2/14/20Active
PG-006Minimum Security Levels (PDF)12/13/19Active
PG-005Privacy Threshold Assessment and Privacy Impact Assessment (PDF)11/12/19Superseded by PS-023
PG-004Endpoint Protection Standard (HTML (PG-004)) (PDF (PG-004))1/22/19Active
PG-003Email Threat Protection Standard (HTML (PG-003)) (PDF (PG-003))10/29/18Active
PG-002Updated Information Technology Cost Report (HTML (PG-002)) (PDF (PG-002))2/5/18Active
PG-001Updated Information Security Reporting Documents (PDF)1/12/18Active