The California Department of Technology (CDT) Office of Information Security (OIS) has developed the Email Threat Protection standard (SIMM 5315-A) to establish statewide minimum email threat protection requirements. Effective immediately, Agencies/state entities must ensure that email services for their respective organization(s) comply with the requirements outlined in SIMM Section 5315-A. If an Agency/state entity has already acquired or implemented an email threat protection solution which does not currently meet this standard, the Agency/state entity must identify the deficiencies and include a remediation plan in its next Plan of Action and Milestones (POAM) submission.
The purpose of this policy/guidelines update is to announce:
- Updated SAM Section 5315 to enhance statewide minimum email threat protection standards.
- New SIMM Section 5315-A Email Threat Protection Standard, which includes minimum email threat protection requirements and examples of capabilities above minimum threat protections.
- Updated SIMM 5360-A Telework and Remote Access Security Standard to require web-based connections to utilize two-factor authentication.
The following reference materials are associated with this policy/guideline update. Statewide Information Management Manual (SIMM) is available on the Department of Technology’s website located at: https://cdt.ca.gov/policy/simm/. The State Administrative Manual (SAM) is available on the Department of General Services website located at:http://sam.dgs.ca.gov/.
- SAM Section 5315
- SIMM Section 5315-A
- SIMM Section 5360-A
|