Menu
Search

5300 - Information Technology - Office of Information Security

Note:
Note: Effective January 1, 2008, the Office of Information Security (Office) restructured and renumbered the content and moved it from SAM Sections SAM Sections 4840 – 4845 to SAM Sections 5300 – 5365.3.  See also the Office's Government Online Responsible Information Management (GO RIM) Web site at www.infosecurity.ca.gov for statewide authority, standards, guidance, forms, and tools for information security activities. 

TRANSFERRED OWNERSHIP AND CONTENT TO SAM SECTION 5300 et seq. 

  • Security and Risk Management Policy from SAM Section 4840.
  • Agency Responsibilities from SAM Section 4841.
  • Risk Management from SAM Section 4842.
  • Disaster Recovery Planning from SAM Section 4843.
  • Agency Information Security Reporting Requirements from SAM Section 4845. 

TRANSFERRED OWNERSHIP AND CONTENT TO SAM SECTION 5300 et seq. 

  • Acces To Information By The Office of the Legislative Analyst from SAM Section 4841.8 to SAM Section 4804.
  • Access to Information By The California State Auditor from SAM Section 4841.9 to SAM Section 4806.

Note: Users May Download the Entire Chapter Here ("Print" or "Notebook" Version)


Introduction  5300 
Arrangement of Chapter  5300.1 
Governing Provisions  5300.2 
Applicability  5300.3 
Definitions  5300.4 
Minimum Security Controls  5300.5 
Information Security Program  5305 
Information Security Program Management  5305.1 
Policy, Procedure and Standards Management 5305.2 
Information Security Roles and Responsibilities  5305.3 
Personnel Management  5305.4 
Information Asset Management  5305.5 
Risk Management  5305.6 
Risk Assessment  5305.7 
Provisions for Agreements with State and Non-State Entities  5305.8 
Information Security Program Metric  5305.9 
Privacy  5310 
State Entity Privacy Statement and Notice on Collection  5310.1 
Limiting Collection  5310.2 
Limiting Use and Disclosure  5310.3
Individual Access to Personal Information  5310.4 
Information Integrity  5310.5 
Data Retention and Destruction  5310.6 
Security Safeguards  5310.7 
Information Security Integration  5315 
System and Services Acquisition  5315.1 
System Development Lifecycle  5315.2 
Information Asset Documentation 5315.3 
System Developer Security Testing  5315.4 
Configuration Management  5315.5 
Activate Only Essential Functionality  5315.6 
Software Usage Restrictions  5315.7 
Information Asset Connections  5315.8
Security Authorization  5315.9
Training and Awareness for Information Security and Privacy  5320
Security and Privacy Awareness  5320.1
Security and Privacy Training  5320.2 
Security and Privacy Training Records  5320.3
Personnel Security  5320.4 
Business Continuity with Technology Recovery  5325 
Technology Recovery Plan  5325.1 
Technology Recovery Training  5325.2 
Technology Recovery Testing  5325.3 
Alternate Storage and Processing Site  5325.4 
Telecommunications Services 5325.5 
Information System Backups  5325.6 
Information Security Compliance  5330 
Security Assessments  5330.1 
Compliance Reporting  5330.2 
Information Security Monitoring  5335 
Continuous Monitoring  5335.1 
Auditable Events  5335.2 
Information Security Incident Management  5340 
Incident Response Training  5340.1 
Incident Response Testing  5340.2 
Incident Handling  5340.3 
Incident Reporting  5340.4 
Vulnerability and Threat Management  5345 
Operational Security  5350 
Encryption  5350.1 
Endpoint Defense  5355 
Malicious Code Protection  5355.1 
Security Alerts, Advisories, and Directives  5355.2 
Identity and Access Management  5360 
Remote Access  5360.1 
Wireless Access  5360.2 
Physical Security  5365 
Access Control For Output Devices  5365.1 
Media Protection  5365.2 
Media Disposal  5365.3