CDT: Driving Cybersecurity Standards Statewide

In some IT environments, cyber thieves open an unlocked door to find no one is keeping an eye on sensitive data. Incomplete and outdated security measures make it possible for them to pick the locks of data networks. Under CDT’s watchful eye, the State of California is on the leading edge of change due to its tough cyber security standards, requirements and inclusive programs.

In January, CDT’s Office of Information Security (OIS) released Statewide Information Management Manual (SIMM) 5355-A, Endpoint Protection Standard, a set of minimum endpoint security requirements state agencies must abide by for protection, detection, investigation, containment and remediation. To help them meet the requirements, as well as enable local, tribal, and territorial entities within California to become better protected, CDT and the Department of General Services (DGS) have added endpoint protection products to the State’s new Software Licensing Program – SLP Plus.

SLP Plus differs from the State’s long-standing SLP by requiring that additional technical requirements be met as stated in SIMM 5355-A. The program, managed by DGS, will provide for greater collective pricing and ensure users access to advanced anti-malware protection through the required platform product bundle. The beauty of SLP Plus is that entities that do not comply with the Endpoint Protection Standard can purchase the required bundle of products in order to meet compliance, and those that do not need a full platform product bundle have the option to purchase only the individual products necessary to meet compliance. Currently, DGS is updating its website to include SLP Plus, which will also be available on Cal eProcure.

By working in cooperation with other public entities and private-sector vendors, CDT continues to develop new policies, strategies and initiatives to secure Californians’ sensitive data. SLP Plus is another progressive step in CDT’s successful efforts to counter the increasingly sophisticated threat to state data networks.