File #: A 21-456    Name: Security Policy - 2021 Changes
Type: BoS Agreement Status: Passed - Information Technology Department
File created: 8/19/2021 In control: Board of Supervisors
On agenda: 8/31/2021 Final action: 8/31/2021
Title: Approve and adopt the Monterey County Security Policy as updated/amended.
Attachments: 1. Board Report, 2. Security Policy - 2021 Changes, 3. Completed Board Order Item No. 34
Title
Approve and adopt the Monterey County Security Policy as updated/amended.
Report
RECOMMENDATION:
It is recommended that the Board of Supervisors:
Approve and adopt the Monterey County Security Policy as updated/amended. Updates are necessary to cope with an increasingly complex technological environment and to meet constantly evolving security challenges.

SUMMARY/DISCUSSION:
On May 13, 2014, the Monterey County Board of Supervisors adopted the County's current version of the Information Technology Department's Security Policy. Recently changes to the policy have been made necessary due to changes in technology, as well as a change in the security framework the County is using to measure the gaps and capabilities of its cybersecurity programs.

The changes are as follows:
1.1 STANDARDS In addition to County Information Security Standards documents established and maintained by the Chief Security and Privacy Officer, the County shall adopt the National Institute of Standards and Technology (NIST) Framework for Improving Critical Infrastructure Cybersecurity (also known as the NIST Cybersecurity Framework). This Framework provides a common organizing structure for multiple approaches to cybersecurity by assembling standards, guidelines, and practices that are working effectively today. This Framework is the basis for the County's required annual Nationwide Cybersecurity Review self-assessment, designed to measure the gaps and capabilities of state, local, tribal and territorial governments' cybersecurity programs.

Reason for change: Local governments across the country have shifted to using the NIST Framework to provide standards, guidelines, and best practices. The County of Monterey is regularly reviewed through the annual Nationwide Cybersecurity Review self-assessment based upon this standard, and this assessment is used to qualify for the Homeland Security Grant Program that funds certain County programs. Additionally, language regarding this f...

Click here for full text