Legislation Proposes New Metrics for State Agencies’ Cybersecurity

Published On: May 20, 2024

Assembly Bill 2777, by Assemblymember Lisa Calderon (D – Whittier), aims to fortify California’s cybersecurity by mandating a Baseline Information Security Score (BISS) metric. The measure advanced this week.

The bill was introduced in response to recent state audits that question CDT’s ability to effectively assess the cybersecurity status of the state’s 108 reporting entities, according to a legislative analysis. A 2022 audit criticized CDT for being slow in calculating metrics for maturity scores, assessing less than half of the expected agencies by June 2021. The following year’s report found that many issues persisted.

The legislation requires CDT to develop the BISS metric by January 1, 2026, with annual scores to be calculated starting in 2027. This metric would provide a rapid, standardized estimation of the cybersecurity status of state agencies, drawing on readily available data such as compliance certifications and self-reported assessments, according to the legislation.

About the Author: Staff

Contact us, share tips and news: info@techca.org