The California Department of Technology (CDT) Office of Information Security (OIS) has developed the Endpoint Protection Standard (SIMM 5355-A). This policy introduces required minimum endpoint protection standards as part of a defense in depth security strategy. Effective immediately, Agency/state entities must ensure that endpoints for their respective organization(s) include the endpoint protections outlined in SIMM 5355-A. If an Agency/state entity has already acquired or implemented a solution that does not currently meet this standard, the Agency/state entity must identify the deficiency and include a remediation plan in its next Plan of Action and Milestones (POAM) submission.
The purpose of this Policy/Guidelines Update is to announce:
- New SIMM Section 5355-A Endpoint Protection Standard which includes minimum requirements for endpoint protection.
- Updated SAM Section 5355 to include reference to Endpoint Protection Standard (SIMM 5355-A).
The following reference materials are associated with this Policy/Guidelines Update. Statewide Information Management Manual (SIMM) is available on CDT’s website located at: https://cdt.ca.gov/policy/simm/. The State Administrative Manual (SAM) is available on the Department of General Services website located at:http://sam.dgs.ca.gov/.
- SAM Section 5355
- SIMM Section 5355-A
|