CA AB1841

Requires the Department of Technology to update the Technology Recovery Plan element of the State Administrative Manual by July 1, 2018 to include cybersecurity strategy incident response standards for protecting each state agency's critical infrastructure controls and information.

Mandates each state agency submit its updated Technology Recovery Plan to the Department of Technology and report on compliance with cybersecurity standards by July 1, 2019.

Authorizes the Department of Technology, in consultation with the Office of Emergency Services, to provide compliance improvement suggestions to state agency heads and secretaries.

Classifies cybersecurity information, compliance reports, and related communications as confidential and prohibits disclosure under the California Public Records Act to protect critical infrastructure security.

Makes legislative findings that limiting public access to state agency cybersecurity strategies protects public safety by preventing malicious use of that information against critical infrastructure.