CA AB2777

Requires the Office of Information Security to develop a Baseline Information Security Score metric by January 1, 2026, to estimate the information security status of state agencies, departments, and offices.

The metric must utilize readily available information including independent security assessment results, federal Nationwide Cybersecurity Review data, compliance certifications, incident reports, and compliance audits.

Mandates the office calculate and publish a Baseline Information Security Score for each applicable state agency beginning January 1, 2027, and annually thereafter on or before January 1.

Establishes findings that protecting personally identifiable information provided to state agencies is critical to public trust, and that simplifying the cybersecurity evaluation process ensures timely reporting.