CA AB2190

Requires the Chief of the Office of Information Security to submit an annual statewide information security status report to the Assembly Committee on Privacy and Consumer Protection and the Senate Governmental Organization Committee

Report must include maturity metric scores for each state agency and state entity, and results of the National Cyber Security Review conducted by the U.S. Department of Homeland Security and Multi-State Information Sharing and Analysis Center

First report must be submitted no later than January 2023, and shall include the Department of Technology's plan for assisting state agencies and entities in improving information security

Designates the status report and all included information as confidential and prohibits public disclosure, though information may be shared with Legislature members and legislative employees at the committee chairperson's discretion

Makes legislative findings that the confidentiality limitation protects the state's critical interest in preventing attacks on its information technology systems containing sensitive data