CA AB1881

Requires the Director of Technology to develop, tailor, and regularly review state baseline security controls based on emerging industry standards and National Institute of Standards and Technology (NIST) baseline security controls.

Mandates state agencies comply with state baseline security controls and prohibits them from tailoring their individual controls below the state baseline standards.

Requires the Director of Technology to review and revise state baseline security controls at least once per year whenever NIST updates its controls or advancing industry standards warrant revision.

Adds assessment of state progress in developing, tailoring, and complying with baseline security controls to the Director's annual information technology performance report.