Changeflow GovPing Data Privacy & Cybersecurity BitSight Security Rating Platform Third-Party R...
Routine Notice Added Final

BitSight Security Rating Platform Third-Party Risk Management Access Instructions

Favicon for cdt.ca.gov CA Cybersecurity CDT
Published
Detected
Email

Summary

The California Cybersecurity Center has published access instructions for state agencies to use the BitSight Security Rating Platform for third-party risk management. Agencies must submit access requests through the ServiceNow system by selecting 'Security Tools' and 'BitSight' from the customer support catalog. Requests must include customer ID code, approver information, and the service option (New, Modify, or Delete User).

Published by CA CDT on cdt.ca.gov . Detected, standardized, and enriched by GovPing. Review our methodology and editorial standards .
View original document View source feed page

What changed

The document provides step-by-step instructions for California state agencies to request access to the BitSight Security Rating Platform, a third-party risk management tool. Agencies must use the ServiceNow system at services.cdt.ca.gov/csm, navigate through the external customer services catalog, and select 'Security Tools' then 'BitSight' to submit a user ID request.

Affected parties—California government agencies seeking to monitor vendor and supplier cybersecurity risks—must follow the structured ServiceNow workflow including selecting the appropriate service option (New, Modify, or Delete), providing customer ID codes, and specifying account requirements in the request details. No compliance deadlines or penalties are associated with this procedural guidance.

Archived snapshot

Apr 18, 2026

GovPing captured this document from the original source. If the source has since changed or been removed, this is the text as it existed at that time.

BitSight Access Information

BitSight is a Security Rating Platform that provides third-party risk management.

Access to BitSIght must be completed through the ServiceNow system.

  1. Access and Login to ServiceNow: https://services.cdt.ca.gov/csm

  2. Select 'Request a Service'

  3. Select 'External Customer Services' and then 'Customer-Supporting-Services'

  4. In the search catalog section, type in 'User-ID Request' and select the appropriate catalog.

  5. Complete the required sections:

  6. Customer ID Code/Account Code

  7. Approver

  8. Identify service options: New, Modify, Delete User

  9. In the 'System/Application Type' section, select 'Security Tools'

  10. In the 'Security Tools Menu' section, select 'BitSight'

  11. Complete the User ID Field sections as needed

  12. In the request details, please input: "Please grant user(s) with BitSight account"

  13. Submit request

Related changes

Favicon for cdt.ca.gov Cybersecurity Awareness Month Toolkit Resources
Routine Apr 18, 2026 CA Cybersecurity CDT Data Privacy & Cybersecurity
Favicon for cdt.ca.gov California Cybersecurity Advisory Services for State Entities
Routine Apr 18, 2026 CA Cybersecurity CDT Data Privacy & Cybersecurity
Favicon for cdt.ca.gov AgencyNet SharePoint Access Procedures for California Government Entities
Routine Apr 18, 2026 CA Cybersecurity CDT Data Privacy & Cybersecurity

Get daily alerts for CA Cybersecurity CDT

Daily digest delivered to your inbox.

Free. Unsubscribe anytime.

Source

Favicon for cdt.ca.gov
CA Cybersecurity CDT cdt.ca.gov/security
Data Privacy & Cybersecurity

About this page

What is GovPing?

Every important government, regulator, and court update from around the world. One place. Real-time. Free. Our mission

What's from the agency?

Source document text, dates, docket IDs, and authority are extracted directly from CA CDT.

What's AI-generated?

The summary, classification, recommended actions, deadlines, and penalty information are AI-generated from the original text and may contain errors. Always verify against the source document.

Last updated

Press inquiries →

Classification

Agency
CA CDT
Published
March 1st, 2023
Instrument
Notice
Legal weight
Non-binding
Stage
Final
Change scope
Minor

Who this affects

Applies to
Government agencies
Industry sector
9211 Government & Public Administration
Activity scope
Security platform access Third-party risk management Vendor monitoring
Geographic scope
California US-CA

Taxonomy

Primary area
Cybersecurity
Operational domain
IT Security
Topics
Data Privacy Government Contracting

Browse Categories

Agriculture & Food Safety 69 AI Regulation 3 Banking & Finance 346 Consumer Protection 73 Courts & Legal 361 Data Privacy & Cybersecurity 81 Defense & National Security 51 Education 48 Energy 100 Environment 86 Environmental & Energy 38 Environmental Regulation 7 Financial Regulation 2 Financial Services 31 Government & Legislation 278 Government Operations 118 Healthcare 136 Healthcare Compliance 6 Healthcare & Life Sciences 137 Housing 16 Immigration 8 Immigration & Border Control 2 Insurance 68 Labor & Employment 132 Legal & Judicial 37 Occupational Safety 2 Pharma & Drug Safety 101 Pharma & Healthcare 1 Privacy 1 Public Health 2 Real Estate & Housing 61 Sanctions & Export Controls 2 Securities & Investments 34 Securities & Markets 103 Securities Regulation 6 Tax 64 Tax & Revenue 9 Telecom & Technology 47 Trade & Commerce 3 Trade & Sanctions 135 Transportation 90

Get alerts for this source

We'll email you when CA Cybersecurity CDT publishes new changes.

Free. Unsubscribe anytime.

You're subscribed!