Deborah Chu

The committee discussed the progress of the Middle-Mile Broadband Initiative, highlighting the successful connection of the Bishop Paiute tribe to the state's network. Key agenda items included an executive report on network milestones, construction and permitting updates, and the announcement of Skyline Technology Solutions as the newly selected network operator to manage day-to-day operations beginning in July 2026. The meeting also covered the governance structure and coordination roles between the state, the third-party administrator, and the operator.

The quarterly forum covered user testing of chat designs, including prototyping methodologies and usability testing frameworks. It provided an overview of the CAWeb publishing roadmap and upcoming transition plans for Divi 5. Additionally, the session addressed new digital accessibility compliance requirements under ADA Title II, including scope, exceptions, vendor procurement responsibilities, and the transition toward WCAG 2.2 standards.

This annual report details the progress and strategic direction for Statewide Information Technology, guided by the 'Envision 2026: California's Technology Future' plan. The overarching purpose is to serve the people by accelerating technology-driven progress and leveraging California's leadership in technology. Key strategic goals include advancing an inclusive digital experience for all, securing technology investments, strengthening the public sector technology workforce, aligning strategy execution across the state, and continually future-proofing government operations. The plan emphasizes people-first initiatives, robust security measures, purpose-driven leadership, and innovation to achieve these outcomes.

This document functions as a Risk Register and Plan of Action and Milestones (POAM) to track and manage risk remediation activities for state entities. It provides a structured framework to identify weaknesses, areas of non-compliance, and information assets at risk. Key aspects include outlining risk responses, compensating controls, and detailed plans of action for remediation, alongside tracking projected completion dates, actual completion dates, and associated costs. The plan emphasizes compliance with various NIST, SAM, and SIMM policies related to information security and privacy, requiring regular quarterly updates on progress toward risk mitigation.

This document outlines a Zero Trust Architecture (ZTA) roadmap, detailing a strategic approach to managing cybersecurity and privacy risks. It begins with a comprehensive asset discovery and inventory to gain visibility, followed by the formulation of access policies based on the principle of least privilege. The plan emphasizes integrating existing security capabilities and designing a risk-based access topology. Implementation is incremental, starting with core components like identity verification and multi-factor authentication, and expanding to advanced capabilities such as behavioral analytics. The roadmap stresses continuous monitoring, auditing, and policy validation to ensure adaptability and long-term resilience, recognizing ZTA as an iterative effort.