As part of California’s FY 2021-2022 budget, the California Department of Technology (CDT) will no longer charge state agencies to provide IT security services.
A press release from CDT explains that the budget includes “a host of state technology initiatives that will improve the delivery of government services to California’s nearly 40 million residents.” One initiative provides CDT with funding from the state’s General Fund that will enable the department to eliminate fees associated with providing state agencies with information security services
Before the new funding development, state agencies, departments, and other government entities had to absorb the cost of mandated security services. CDT explained that this model, which was funded through the Technology Services Revolving Fund, was a burden on the entities as they had difficulty paying the cost of program and oversight services, threat information sharing, protection, and centralized Security Operations Center (SOC) functions.
Since these services are considered mission-critical security services required of state entities, the new funding shift adds additional capacity to finance necessary requirements that otherwise may have conflicted with security implementations and deferred security measures.
As of July 1, 2021, CDT discontinued billing for the following services:
- Security Operations Center (SOC) which monitors and reacts to threats on the state’s primary enterprise network, CGEN.
- Information Security Audit Program which evaluates compliance with state security and privacy policies.
- California Compliance and Security Incident Reporting System (Cal-CSIRS) which is the tool used for Security Incident Reporting.
CDT said that the new centralized funding model ensures SOC and Statewide Information Security Oversight benefits for all state entities, and supports maturing the statewide information security infrastructure as a “default” and a “built-in function” across state government.
The new funding model ties into the state’s technology strategic plan, dubbed Vision 2023. The strategic plan is focused on:
- Protecting California’s information assets and maximizing data access.
- Developing a robust and collaborative risk reduction strategy.
- Improving and investing in security capabilities to protect mission-critical systems and data.