Peter Liebert, state chief information security officer, laid out the plans to do so at CDT's Vendor Forum.
"Something we are trying to leverage in this new policy standard, we're basically raising the waterline capability," Liebert said.
Liebert is focusing on the human element in cybersecurity with email and endpoint policies.
Projects that are being finalized are:
- Email threat protection standardization: The state had no official policy on how to protect emails, and is now providing a platform to do so.
- Endpoint security standard: The state is laying out a prescriptive policy for endpoint security and anti-virus programs.
- Statewide pricing: Will offer the same licensing price for all departments, no matter how small. The first one will be for endpoint security software.
At last spring's Vendor Forum, Liebert had discussed creating a statewide pricing model. At this forum, he emphasized that other selling options — like software licensing programs, California Multiple Award Schedules (CMAS) and small-business forms — would still be available.
Upcoming enhancements/procurements:
- Orchestration platform for Security Operations Center (SOC): Will likely happen near the end of the fiscal year; market research and competitive feedback requests are coming.
- Identity access management for CDT's internal platforms: This will likely have an RFP in the next few months, according to Liebert.
- Vulnerability scanning for CDT.
- Unified statewide governance risk and compliance platform: Centralized platform for all governance, risk and compliance tools; likely to happen in future fiscal years.
- A packet injection, break and inspect tool.
