CA AB1022

Requires each state agency to provide the Department of Technology with an inventory of all critical infrastructure controls and their associated assets as part of their Technology Recovery Plan by July 1, 2019.

Allows local entities that receive state funds for data storage, sharing, transmission, or information technology projects with state entities to submit a Technology Recovery Plan to the department upon request.

Authorizes the Department of Technology to provide suggestions to state agencies and local entities for improving compliance with cybersecurity incident response standards established in the Technology Recovery Plan.

Prohibits public disclosure of Technology Recovery Plans, agency inventories, compliance reports, and related communications under the California Public Records Act and all state law.

Makes legislative findings that the confidentiality protection serves public safety by preventing unauthorized access to critical infrastructure control information that could be used to compromise state cybersecurity.