California Law – Office of Information Security Requirements

Below are the published Information Security requirements for California with publishing and enforcement dates.

  • SIMM 5300-B Foundational Framework, published in October 2017 by the State of California Office of Information Security outlines the foundational framework required for cybersecurity for businesses registered and operating in California. This framework is mapped to NIST 800-53, aligned to the Federal standards by the National Institute Standards for Technologies. It includes the following topics:
    • Application Security
    • Contingency Planning
    • Change and Configuration Management
    • Data Security 5-6 E. Security Governance
    • Endpoint Security
    • Identity and Access Management
    • Mobile Security
    • Security Analytics and Continuous Monitoring
    • Network Security
    • Physical Security
    • Vulnerability Management