California Department of Technology

This document functions as a Risk Register and Plan of Action and Milestones (POAM) to track and manage risk remediation activities for state entities. It provides a structured framework to identify weaknesses, areas of non-compliance, and information assets at risk. Key aspects include outlining risk responses, compensating controls, and detailed plans of action for remediation, alongside tracking projected completion dates, actual completion dates, and associated costs. The plan emphasizes compliance with various NIST, SAM, and SIMM policies related to information security and privacy, requiring regular quarterly updates on progress toward risk mitigation.

This document outlines a Zero Trust Architecture (ZTA) roadmap, detailing a strategic approach to managing cybersecurity and privacy risks. It begins with a comprehensive asset discovery and inventory to gain visibility, followed by the formulation of access policies based on the principle of least privilege. The plan emphasizes integrating existing security capabilities and designing a risk-based access topology. Implementation is incremental, starting with core components like identity verification and multi-factor authentication, and expanding to advanced capabilities such as behavioral analytics. The roadmap stresses continuous monitoring, auditing, and policy validation to ensure adaptability and long-term resilience, recognizing ZTA as an iterative effort.

The strategic approach presented in this meeting recording focuses on integrating data science and artificial intelligence into government and other legacy organizations. It details a three-pronged strategy: developing a project pipeline through rigorous selection criteria, delivering projects via iterative client engagement and ethical oversight, and celebrating outcomes to drive further adoption. Key topics include defining data science, utilizing a project topology for identifying impactful initiatives, employing an application process for client projects, and the implementation of an ethics and algorithms toolkit. The discussion also introduces a statewide data strategy and a novel data maturity model to build data competencies and encourage data-driven decision-making across the state of California.

This meeting, the second for the Tribal Collaboration Outcome Area Working Group, reviewed key takeaways from the February meeting regarding digital equity factors in tribal communities, such as access, infrastructure, affordability, digital literacy, and capacity barriers. Discussions also covered the broader context of the State Digital Equity Planning process. Panelists from the Governor's Office of Tribal Affairs and the NTIA discussed the importance of digital equity for tribal economic development, education, and service access. Specific challenges highlighted included infrastructure inequities, mapping accuracy affecting funding eligibility, the need for flexible funding to address energy needs concurrently with broadband, and ensuring government-to-government consultation. The Yurok Tribe representative detailed their experience building out tribal broadband infrastructure and the struggles encountered with mapping and contractual issues related to sovereign immunity waivers.

The meeting covered numerous updates concerning the Broadband for All Action Plan, including the introduction of a new Broadband Access & Deployment Advisor. Key discussions included updates from the California Public Utilities Commission (CPUC) regarding standards alignment, resilience requirements (Action Item 9), affordability metrics (Action Item 11), granular broadband data collection (Action Item 19), cost model leveraging (Action Item 20), and technical assistance programs for local agencies and tribes (Action Item 22). Updates were also provided on identifying alternative funding opportunities (Action Item 2), implementing dig smart policy for conduit installation (Action Item 4), improving state encroachment permitting (Action Item 5), and the completion of the Broadband for All portal (Action Item 21). The Office of Emergency Services detailed progress on NextGeneration 911 IP connectivity build out.