Quentin Wright

This annual report details the progress and strategic direction for Statewide Information Technology, guided by the 'Envision 2026: California's Technology Future' plan. The overarching purpose is to serve the people by accelerating technology-driven progress and leveraging California's leadership in technology. Key strategic goals include advancing an inclusive digital experience for all, securing technology investments, strengthening the public sector technology workforce, aligning strategy execution across the state, and continually future-proofing government operations. The plan emphasizes people-first initiatives, robust security measures, purpose-driven leadership, and innovation to achieve these outcomes.

This meeting, the second for the Tribal Collaboration Outcome Area Working Group, reviewed key takeaways from the February meeting regarding digital equity factors in tribal communities, such as access, infrastructure, affordability, digital literacy, and capacity barriers. Discussions also covered the broader context of the State Digital Equity Planning process. Panelists from the Governor's Office of Tribal Affairs and the NTIA discussed the importance of digital equity for tribal economic development, education, and service access. Specific challenges highlighted included infrastructure inequities, mapping accuracy affecting funding eligibility, the need for flexible funding to address energy needs concurrently with broadband, and ensuring government-to-government consultation. The Yurok Tribe representative detailed their experience building out tribal broadband infrastructure and the struggles encountered with mapping and contractual issues related to sovereign immunity waivers.

This document outlines a Zero Trust Architecture (ZTA) roadmap, detailing a strategic approach to managing cybersecurity and privacy risks. It begins with a comprehensive asset discovery and inventory to gain visibility, followed by the formulation of access policies based on the principle of least privilege. The plan emphasizes integrating existing security capabilities and designing a risk-based access topology. Implementation is incremental, starting with core components like identity verification and multi-factor authentication, and expanding to advanced capabilities such as behavioral analytics. The roadmap stresses continuous monitoring, auditing, and policy validation to ensure adaptability and long-term resilience, recognizing ZTA as an iterative effort.

The strategic approach presented in this meeting recording focuses on integrating data science and artificial intelligence into government and other legacy organizations. It details a three-pronged strategy: developing a project pipeline through rigorous selection criteria, delivering projects via iterative client engagement and ethical oversight, and celebrating outcomes to drive further adoption. Key topics include defining data science, utilizing a project topology for identifying impactful initiatives, employing an application process for client projects, and the implementation of an ethics and algorithms toolkit. The discussion also introduces a statewide data strategy and a novel data maturity model to build data competencies and encourage data-driven decision-making across the state of California.

This document functions as a Risk Register and Plan of Action and Milestones (POAM) to track and manage risk remediation activities for state entities. It provides a structured framework to identify weaknesses, areas of non-compliance, and information assets at risk. Key aspects include outlining risk responses, compensating controls, and detailed plans of action for remediation, alongside tracking projected completion dates, actual completion dates, and associated costs. The plan emphasizes compliance with various NIST, SAM, and SIMM policies related to information security and privacy, requiring regular quarterly updates on progress toward risk mitigation.