Tech Alert
from Customer Engagement Services
“Your Gateway to Technology Services”
TA 23-09: California Cloud Services Assessment (CCSA)
Issue Date: October 31, 2023
Attention: All Agencies and State Entities
Action Requested: Complete the California Cloud Services Assessment (CCSA) Process
Effective Date: October 31, 2023
Overview
As of October 31, 2023, the California Department of Technology (CDT) has released an update to the Cloud Computing policy (SAM 4983.1). The revised policy will align CDT with the Federal Cloud Smart Strategy which strengthens the IT security, cloud architecture, procurement, and workforce needs of cloud computing.
This change will require Agencies and State entities to complete a California Cloud Services Assessment (CCSA) prior to receiving a new Off-Premises Cloud account or modifying existing Off-Premises Cloud Services.
Action Requested
To become familiar with the CCSA policy and process, all Agencies and State entities must do the following:
-
- Review Technology Letter (TL) 23-03: Update to Cloud Computing Policy – Cloud Smart and SAM 4893.1: Cloud Computing Policy.
- Review SIMM 141: California Cloud Assessment Guide.
- Review additional content and related tabs on the California Cloud Services Assessment (CCSA) site within CDT’s Service Catalog.
Agencies and State entities interested in procuring new or additional Off-Premises Cloud Services must first initiate the CCSA by completing the following steps as described in SIMM 141:
-
- Download and complete templates from the CCSA site and prepare required supplemental documentation.
- Check with your Department ISO for an existing Secure Automated File Exchange (SAFE) account. If your organization does not have one, contact the Office of Information Security at security@state.ca.gov. Please allow 1-2 days for the request to be fulfilled.
- Submit an Off-Premises Cloud Services request by using the link within the Request tab on the CCSA site or by accessing it directly via the CDT IT Services Portal (ServiceNow).
- Upload the completed templates and supplemental documentation to the SAFE account.
If not already a subscriber to the CDT Security Operations Center as a Service (SOCaaS), complete the Intake Form by using the link in the Request tab on the SOCaaS site within CDT’s Service Catalog.
Contact
If you have questions, need further clarification, or would like to discuss your department’s specific requirements, please contact your CDT Account Lead by using the Account Lead Directory or by calling Customer Engagement Services at (916) 431-5390.