TO:
Agency Chief Information Officers (AIO)
Chief Information Officers (CIO)
Information Security Officers (ISO)
SUBJECT:
SIMM 5310-C: Privacy Threshold Assessment and Privacy Impact Assessment UPDATES
BACKGROUND:
The Information Security Program Management Standard, Statewide Information Management Manual (SIMM) 5305-A requires Agency/state entity Privacy Program Officers/Program Coordinators to assist program management with conducting privacy impact assessments. The California Department of Technology (CDT) Office of Information Security (OIS) developed the Privacy Threshold Assessment and Privacy Impact Assessment Standard (SIMM 5310-C) to further support Agency/state entity compliance with this existing statewide privacy assessment requirement. SIMM 5310-C has been updated to include Revision 5 of the National Institute of Standards and Technology (NIST) Special Publication 800-53, Security and Privacy Controls for Information Systems and Organizations. All Agencies/state entities must ensure that Privacy Assessments for their respective organization(s) comply with the standards outlined in SIMM Section 5310-C.
PURPOSE:
The purpose of this Procedures/Standards update is to announce:
-
- SIMM 5310-C was revised to include NIST 800-53 Revision 5 and minor corrections/clarification
REFERENCES:
The following reference materials are associated with this procedures/standards update. SIMM is available on the CDT’s website located at Policy – SIMM. The State Administrative Manual (SAM) is available on the Department of General Services website located at: SAM – DGS.
-
- SAM Section 5310
- SAM Section 5310.8
- SAM Section 5315.1
- SAM Section 5315.2
- SIMM Section 5310-C