BILL ANALYSIS Ó SENATE COMMITTEE ON APPROPRIATIONS Senator Ricardo Lara, Chair 2015 - 2016 Regular Session AB 1841 (Irwin) - Cybersecurity incident response plan and standards ----------------------------------------------------------------- | | | | | | ----------------------------------------------------------------- |--------------------------------+--------------------------------| | | | |Version: August 2, 2016 |Policy Vote: G.O. 12 - 0, JUD. | | | 7 - 0 | | | | |--------------------------------+--------------------------------| | | | |Urgency: No |Mandate: No | | | | |--------------------------------+--------------------------------| | | | |Hearing Date: August 11, 2016 |Consultant: Debra Cooper | | | | ----------------------------------------------------------------- *********** ANALYSIS ADDENDUM - SUSPENSE FILE *********** The following information is revised to reflect amendments adopted by the committee on August 11, 2016 Bill Summary: AB 1841 would require the Department of Technology (CDT), in conjunction with the Office of Emergency Services (OES), by July 1, 2018, to update the Technology Recovery Plan element of the State Administrative Manual to ensure the inclusion of cybersecurity strategy incident response standards for each state agency. Fiscal Impact: Minor and absorbable costs to CDT and OES for updating the AB 1841 (Irwin) Page 1 of ? Technology Recovery Plan. (GF and Special Fund) Unknown, but likely absorbable costs to each state agency to update and report on its Technology Recovery Plan. (GF) Author Amendments: Strikes language requiring OES to transmit to the Legislature a cybersecurity incident response plan. Strikes language requiring OES to develop cybersecurity incident response standards for state agencies and language requiring state agencies to transmit critical infrastructure information to OES. Requires CDT, in conjunction with OES, to update the Technology Recovery Plan element of the State Administrative Manual to ensure the inclusion of cybersecurity strategy incident response standards for each state agency to secure its critical infrastructure controls and critical infrastructure information. Requires each state agency to report on its compliance with the updated standards by July 1, 2019, and authorizes CDT, in conjunction with OES, to provide suggestions for state agencies to improve compliance with the standards. -- END --