In a policy update to all state Agency Information Officers, Chief Information Officers and Information Security Officers, CDT's Office of Information Security says: "Effective immediately, agencies/state entities must ensure that email services for their respective organization(s) comply with the requirements outlined in SIMM Section 5315-A. If an agency/state entity has already acquired or implemented an email threat protection solution which does not currently meet this standard, the agency/state entity must identify the deficiencies and include a remediation plan in its next Plan of Action and Milestones (POAM) submission."
The announcement, issued Monday, adds that the purpose of the update is to announce:
- Updated State Administrative Manual (SAM) Section 5315 to enhance statewide minimum email threat protection standards.
- New Statewide Information Management Manual (SIMM) Section 5315-A Email Threat Protection Standard, which includes minimum email threat protection requirements and examples of capabilities above minimum threat protections.
- Updated SIMM 5360-A Telework and Remote Access Security Standard to require Web-based connections to utilize two-factor authentication.
AIOs, CIOs and ISOs may address any questions to the CDT Office of Information Security at security@state.ca.gov.
