Subject:
SIMM 5340-A Information Security Incident Response and Reporting
References:
Government Code (GC) § 11549.3, 14613.7
Civil Code Section 1798.29, 1798.3
State Administration Manual (SAM) 5330.2, 5340
State Information Management Manual (SIMM) 5340-A and 5340-C
Background
As outlined in Government Code (GC) Section 11549.3, the Office of Information Security (OIS) is entrusted with creating, issuing, and maintaining policies, standards, and procedures, overseeing information security risk management for agencies and state entities, providing information security and privacy guidance, and ensuring compliance with State Administrative Manual (SAM) Chapter 5300 and Statewide Information Management Manual (SIMM) section 5300.
SAM 5340 Information Security Incident Management requires state entities to document and keep up to date procedures to facilitate the implementation of the incident response plan and associated incident response controls. An upcoming major update to SIMM 5340-A Information Security Incident Response and Reporting clarifies several existing requirements, consolidates some sections, and adds new requirements involving reporting to the California Cybersecurity Integration Center (Cal-CSIC), Technology Recovery and Business Continuity, and Incident Closure, a new References section, and mapping of requirements to National Institute of Standards and Technology Cybersecurity Framework (NIST CSF).
Purpose:
The purpose of this Technology Letter (TL) is to announce the following updates to SIMM 5340-A:
- Revised the Introduction section to including new “Purpose” and “Definitions” sections
- Added requirements for Incident Response Plans
- Combined the “Incident Notification” and “Incident Handling and Response” sections into “Incident Reporting” section, which includes updated procedures
- Revised the “Special Handling Instructions for Incidents Involving Personal Information” section
- Added the “Technology Recovery & Business Continuity” section, which references SAM 5325 & SIMM 5325-A/B
- Added the “Incident Closure” section
- Added references to the Cal-CSIC in Plan Procedures, Incident Reporting, and Technology Recovery & Business Continuity sections
- Added “References” section
- Added section mapping SIMM 5340-A to respective NIST CSF 2.0 Functions
Questions:
Direct questions regarding this Technology Letter to the Department of Technology, Office of Information Security at security@state.ca.gov.
Signature:
On file
Liana Bailey-Crimmins, State CIO and Director
California Department of Technology