TO:
Agency Chief Information Officers (AIO)
Chief Information Officers (CIO)
Agency Information Security Officers (AISO)
Information Security Officers (ISO)
SUBJECT:
CDT General SIMM Maintenance
BACKGROUND:
The California Department of Technology (CDT) routinely evaluates its Statewide Information Management Manual (SIMM) policies and procedures for needed updates.
PURPOSE:
The purpose of this Procedures/Standards update is to announce:
-
- The outcome of its most recent evaluation which yielded non-substantive changes to several information security SIMMs (5305-A, 5330-E, and 5360-A). A summary of the updates for each SIMM is provided below.
- SIMM 5305-A: Minor edits to policy and procedure management section were made. These updates include:
-
- Added “and procedure” where it was not specifically stated. Though the lead in sentence for this section and corresponding NIST SP 800-53 controls specifically state policy and procedure, this update will make it clearer.
- Added “most recent version” for NIST SP 800-53 control reference on page
-
- SIMM 5330-E: Updated to add option to certify “No Host/Hosted relationship exists” and a requirement to file an update within 10-days of any change.
- SIMM 5360-A: Minor edit to Section 7 Heading and update for pointer to new Statewide Telework Policy and Guidance
-
- The Section 7 heading was updated with the missing “AND,” changed to “7.1 STANDARDS FOR EXCEPTIONS AND WHEN A PERSONALLY-OWNED INFORMATION ASSET IS USED TO TELEWORK”
- The URL to the Statewide Policy was updated to point to the new Telework policy and guidance website.
-
REFERENCES:
The following reference materials are associated with this procedures/standards update. Statewide Information Management Manual (SIMM) is available on the CDT’s website located at Policy – SIMM. The State Administrative Manual (SAM) is available on the Department of General Services website located at: SAM – DGS.
-
- SIMM 5305-A
- SIMM 5305-C
- SIMM 5330-E
- SIMM 5360-A