Cyber Threat Level
Right Column
Go RIM for Policy Section 5300 - Introduction
The following provides a central location for overarching information security standards, authority, guidance, forms, tools, definitions and other policies governing California information security activities. Each subsequent page provides specific reference as applicable to one of the eleven corresponding policy sections.
- Information Security Policy (State Administrative Manual)
- Authority
- Standards
- Guidance
- Forms
- Tools
- Definitions
- Related Policies
- Go RIM Home
Authority
- Government Code Sections 8314 and 8314.5
- Government Code Section 11549
- Government Code Section 14613.7 (a)
- California Comprehensive Computer Data Access and Fraud Act, Penal Code Section 502
- California Information Practices Act (IPA) of 1977, Civil Code Sections 1798, et seq.
- California Public Records Act , Government Code Sections 6250 to 6265
- California Right to Financial Privacy Act
- California State Records Management Act, Government Code Sections 14740 to 14770
- Federal Privacy Act of 1974
- Federal Information Security Management Act of 2002 (FISMA)
- Federal Health Insurance Portability and Accountability Act (HIPAA)
- Restructure of SAM Information Security & Privacy Policy Sections, MM 08-12
Standards
- ISO/IEC 27002:2005 (formerly ISO/IEC 17799:2005)
- American National Standards by American National Standards Institute (ANSI)
- Federal Information Processing Standards (FIPS)
- HIPAA Security Standards
- Federal Energy Regulatory Commission, Critical Infrastructure Protection (CIP) Reliability Standards by North America Electric Reliability Corporation (NERC)
- IS Standards, Guidelines and Procedures for Auditing and Control Professionals by Information Systems Audit and Control Association (ISACA)
- Payment Card Industry (PCI) Data Security Standard
Guidance
- Information Security Program Guide for State Agencies
- Federal Information Security Management Act (FISMA) Implementation Project
- Guide to the National Institute of Standards and Technology (NIST) Information Security Documents
- An Introduction to Computer Security: The NIST Handbook, NIST Special Publication (SP) 800-12
- Information Security Handbook for Managers, NIST SP 800-100
- An Introductory Resource Guide for Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule, NIST SP 800-66
- Summary of the Final HIPAA Security Rule
- Internal Control - Integrated Framework Executive Summary, by COSO.org
Related Policies
- Contracts (SAM Sections 1200 through 1223)
- Records Management (SAM Sections 1600 through 1695)
- Purchases (SAM Sections 3500 through 3590)
- Telecommunications (SAM Sections 4500 through 4550)
- Information Technology -Office of the Chief Information Officer (SAM Sections 4800 through 5180)
- Information Technology - Department of General Services Procurement (SAM Sections 5200 through 5291)
- Information Technology - Department of General Services Office of Surplus Property and Reutilization (SAM Sections 5900 through 5953)
- Budgeting Information Technology - Department of Finance (SAM Sections 6700 through 6780)
- Property Accounting (SAM Sections 8600 through 8672)
- Auditing of State Agencies (SAM Sections 20000 through 20090).
Last Updated: Thursday, July 24, 2008
