California Cybersecurity Advisory Services for State Entities
Summary
The California Department of Technology Office of Information Security offers advisory services to state entity information security professionals to develop their Information Security Programs. Services include pre and post audit workshops, training via CA CyberScholar, policy templates aligned with NIST standards, and access to AgencyNet resources.
What changed
The Advisory Services Program offers consultations, workshops, training, and resources at no charge to California state entities. Pre-audit workshops prepare entities for the OIS Information Security Program Audit, while post-audit workshops assist with remediation of findings. Training covers ISO standards, risk management, data classification, and system development lifecycle. Policy templates align with State Administrative Manual, Statewide Information Management Manual, and NIST requirements.
State entity information security professionals can access these services by contacting the Office of Information Security. Resources including the CA CyberScholar learning platform and AgencyNet SharePoint are available to help improve cybersecurity maturity and compliance across California's state government.
Archived snapshot
Apr 18, 2026GovPing captured this document from the original source. If the source has since changed or been removed, this is the text as it existed at that time.
Advisory Services Program
We offer valuable advisory services to state entity information security professionals and enable them to further develop their Information Security Programs and practices.
Overview
The Advisory Services Program offers a variety of services to support the state’s Information Security workforce. These services include consultations, general workshops, pre and post audit workshops, tools, training, and other resources.
Pre-audit workshops
ASP provides pre-audit workshops to assist entities in preparing for the OIS Information Security Program Audit (ISPA) engagement and help them receive the maximum benefit from the audit experience.
We cover details about the audit process, scope, coverage period, documentation requirements, and timeline including field work dates.
Post audit & assessment workshops
ASP establishes ongoing post-audit workshops with entities that have completed an OIS Information Security Program Audit (ISPA) and/or an Independent Security Assessment (ISA) providing guidance and assistance in the remediation of findings and updating RRPOAMs.
These workshops are designed to improve the maturity of entity’s information security & privacy programs and practices as they remediate their ISA and ISPA findings.
The goal is to improve the resiliency and maturity of cybersecurity across California’s state government.
Training
The Advisory Services training program is responsible for the maintenance, operation, and administration of the CA CyberScholar learning management system as well as the delivery and facilitation of the courses for Information Security Officers (ISO) and the security community, including:
- ISO Standard Training 101
- ISO Standard Training 102
- Intensive Workshops
- Risk
- Data Classification
- System Development Lifecycle (SDLC)
- Independent Security Assessment (ISA) Deep Dive
- Short-format Lessons on selected topics, such as but not limited to:
- Password entropy
- Cipher testing & verification
AgencyNet
The Office of Information Security (OIS) AgencyNet is a SharePoint platform that is used to share sensitive information security resources with government entities.
The resources published on AgencyNet are designed to help
- Information Security
- Technology Recovery
- Privacy Program
- California Compliance and Security Incident Reporting System (Cal-CSIRS) designees
Resources
Templates
ASP oversees creating and maintaining information security policy and plan templates that are available to the California government information security community on OIS AgencyNet.
These templates are created to provide a baseline on specific information security topics and are designed to ensure all end users and networks within an entity meet minimum information security, data privacy and data protection requirements that are established by the State Administrative Manual (SAM), Statewide Information Management Manual (SIMM) and NIST.
Inter-Agency Security Group (IASG)
The Inter-Agency Security Group (IASG) exists to promote collaboration among information security professionals across the public sector within the State of California.
The IASG is open to anyone in the California state or local government information security community. Membership is not open to vendors.
Requests to join the IASG should be submitted via email to: ciooisadvisoryservices@state.ca.gov
FAQs
How much does it cost to engage with the Advisory Services Program?
There is no charge to state entities for engaging with the Advisory Services Program.
Contact us
Mail Office of Information Security, California Department of Technology
P.O. Box 1810, Mail Stop Y-01
Rancho Cordova, CA
95741-1810 Email ciooisadvisoryservices@state.ca.gov
Our department
Communities of practice
- Artificial Intelligence
- Geographic Information Systems
- Digital Web Services Network
- Project Delivery
State campaigns
Related changes
Get daily alerts for CA Cybersecurity CDT
Daily digest delivered to your inbox.
Free. Unsubscribe anytime.
About this page
Every important government, regulator, and court update from around the world. One place. Real-time. Free. Our mission
Source document text, dates, docket IDs, and authority are extracted directly from CA CDT.
The summary, classification, recommended actions, deadlines, and penalty information are AI-generated from the original text and may contain errors. Always verify against the source document.
Classification
Who this affects
Taxonomy
Browse Categories
Get alerts for this source
We'll email you when CA Cybersecurity CDT publishes new changes.
Subscribed!
Optional. Filters your digest to exactly the updates that matter to you.