veeto
Home
Bills
Influence
Feedback
hamburger
    Privacy PolicyResources
    © 2025 Veeto.
    AB-869
    Government Operations

    State agencies: information security: Zero Trust architecture.

    Engrossed
    CA
    ∙
    2025-2026 Regular Session
    0
    0
    Track
    Track

    Key Takeaways

    • Requires all California state agencies to implement Zero Trust cybersecurity architecture by 2030.
    • Mandates multifactor authentication and continuous monitoring for all state systems and data access.
    • Establishes a two-phase implementation with Advanced maturity required by 2026 and Optimal by 2030.
    • Requires agencies to submit annual security assessment reports tracking Zero Trust implementation progress.

    Summary

    Assembly Member Irwin's Zero Trust architecture mandate would require California state agencies to implement comprehensive cybersecurity protocols across all data systems and third-party software by 2030. The legislation establishes a two-phase implementation timeline, with agencies required to achieve "Advanced" maturity level by June 2026 and "Optimal" maturity level by June 2030, as defined by the Cybersecurity and Infrastructure Security Agency (CISA) Maturity Model.

    The bill outlines three core security requirements for state agencies: multifactor authentication for all system access, enterprise-level endpoint detection and response capabilities, and enhanced logging practices for security monitoring. Agencies must prioritize solutions that align with federal guidelines, including the Federal Risk and Authorization Management Program and National Institute of Standards and Technology frameworks. The Office of Information Security would develop uniform policies and standards for implementation while collecting annual progress reports from agencies on their Zero Trust adoption.

    The legislation's scope extends to all state agencies, though the University of California system may opt in through a Regents resolution. The bill's findings cite recent cyber breaches as the impetus for adopting Zero Trust principles, which require continuous verification of all users accessing state systems, regardless of their location. Implementation timelines align with federal funding requirements, including conditions attached to Infrastructure Investment and Jobs Act allocations.

    Key Dates

    Next Step
    Referred to the Senate Standing Committee on Appropriations
    Next Step
    Senate Committee
    Referred to the Senate Standing Committee on Appropriations
    Hearing has not been scheduled yet
    Senate Governmental Organization Hearing
    Senate Committee
    Senate Governmental Organization Hearing
    Do pass, but first be re-referred to the Committee on [Appropriations] with the recommendation: To Consent Calendar
    Vote on Assembly Floor
    Assembly Floor
    Vote on Assembly Floor
    AB 869 Irwin Assembly Third Reading
    Assembly Appropriations Hearing
    Assembly Committee
    Assembly Appropriations Hearing
    Do pass
    Assembly Privacy And Consumer Protection Hearing
    Assembly Committee
    Assembly Privacy And Consumer Protection Hearing
    Do pass and be re-referred to the Committee on [Appropriations] with recommendation: To Consent Calendar
    Introduced
    Assembly Floor
    Introduced
    Read first time. To print.

    Contacts

    Profile
    Anna CaballeroD
    Senator
    Committee Member
    Not Contacted
    Not Contacted
    Profile
    Jacqui IrwinD
    Assemblymember
    Bill Author
    Not Contacted
    Not Contacted
    Profile
    Tim GraysonD
    Senator
    Committee Member
    Not Contacted
    Not Contacted
    Profile
    Megan DahleR
    Senator
    Committee Member
    Not Contacted
    Not Contacted
    Profile
    Kelly SeyartoR
    Senator
    Committee Member
    Not Contacted
    Not Contacted
    0 of 8 row(s) selected.
    Page 1 of 2
    Select All Legislators
    Profile
    Anna CaballeroD
    Senator
    Committee Member
    Profile
    Jacqui IrwinD
    Assemblymember
    Bill Author
    Profile
    Tim GraysonD
    Senator
    Committee Member
    Profile
    Megan DahleR
    Senator
    Committee Member
    Profile
    Kelly SeyartoR
    Senator
    Committee Member
    Profile
    Aisha WahabD
    Senator
    Committee Member
    Profile
    Christopher CabaldonD
    Senator
    Committee Member
    Profile
    Laura RichardsonD
    Senator
    Committee Member

    Similar Past Legislation

    Bill NumberTitleIntroduced DateStatusLink to Bill
    AB-749
    State agencies: information security: uniform standards.
    February 2023
    Failed
    View Bill
    Showing 1 of 1 items
    Page 1 of 1

    Get Involved

    Act Now!

    Email the authors or create an email template to send to all relevant legislators.

    Introduced By

    Jacqui Irwin
    Jacqui IrwinD
    California State Assembly Member
    40% progression
    Bill has passed all readings in its first house and is ready to move to the other house (6/2/2025)

    Latest Voting History

    View History
    July 8, 2025
    PASS
    Senate Committee
    Senate Governmental Organization Hearing
    AyesNoesNVRTotalResult
    150015PASS

    Key Takeaways

    • Requires all California state agencies to implement Zero Trust cybersecurity architecture by 2030.
    • Mandates multifactor authentication and continuous monitoring for all state systems and data access.
    • Establishes a two-phase implementation with Advanced maturity required by 2026 and Optimal by 2030.
    • Requires agencies to submit annual security assessment reports tracking Zero Trust implementation progress.

    Get Involved

    Act Now!

    Email the authors or create an email template to send to all relevant legislators.

    Introduced By

    Jacqui Irwin
    Jacqui IrwinD
    California State Assembly Member

    Summary

    Assembly Member Irwin's Zero Trust architecture mandate would require California state agencies to implement comprehensive cybersecurity protocols across all data systems and third-party software by 2030. The legislation establishes a two-phase implementation timeline, with agencies required to achieve "Advanced" maturity level by June 2026 and "Optimal" maturity level by June 2030, as defined by the Cybersecurity and Infrastructure Security Agency (CISA) Maturity Model.

    The bill outlines three core security requirements for state agencies: multifactor authentication for all system access, enterprise-level endpoint detection and response capabilities, and enhanced logging practices for security monitoring. Agencies must prioritize solutions that align with federal guidelines, including the Federal Risk and Authorization Management Program and National Institute of Standards and Technology frameworks. The Office of Information Security would develop uniform policies and standards for implementation while collecting annual progress reports from agencies on their Zero Trust adoption.

    The legislation's scope extends to all state agencies, though the University of California system may opt in through a Regents resolution. The bill's findings cite recent cyber breaches as the impetus for adopting Zero Trust principles, which require continuous verification of all users accessing state systems, regardless of their location. Implementation timelines align with federal funding requirements, including conditions attached to Infrastructure Investment and Jobs Act allocations.

    40% progression
    Bill has passed all readings in its first house and is ready to move to the other house (6/2/2025)

    Key Dates

    Next Step
    Referred to the Senate Standing Committee on Appropriations
    Next Step
    Senate Committee
    Referred to the Senate Standing Committee on Appropriations
    Hearing has not been scheduled yet
    Senate Governmental Organization Hearing
    Senate Committee
    Senate Governmental Organization Hearing
    Do pass, but first be re-referred to the Committee on [Appropriations] with the recommendation: To Consent Calendar
    Vote on Assembly Floor
    Assembly Floor
    Vote on Assembly Floor
    AB 869 Irwin Assembly Third Reading
    Assembly Appropriations Hearing
    Assembly Committee
    Assembly Appropriations Hearing
    Do pass
    Assembly Privacy And Consumer Protection Hearing
    Assembly Committee
    Assembly Privacy And Consumer Protection Hearing
    Do pass and be re-referred to the Committee on [Appropriations] with recommendation: To Consent Calendar
    Introduced
    Assembly Floor
    Introduced
    Read first time. To print.

    Latest Voting History

    View History
    July 8, 2025
    PASS
    Senate Committee
    Senate Governmental Organization Hearing
    AyesNoesNVRTotalResult
    150015PASS

    Contacts

    Profile
    Anna CaballeroD
    Senator
    Committee Member
    Not Contacted
    Not Contacted
    Profile
    Jacqui IrwinD
    Assemblymember
    Bill Author
    Not Contacted
    Not Contacted
    Profile
    Tim GraysonD
    Senator
    Committee Member
    Not Contacted
    Not Contacted
    Profile
    Megan DahleR
    Senator
    Committee Member
    Not Contacted
    Not Contacted
    Profile
    Kelly SeyartoR
    Senator
    Committee Member
    Not Contacted
    Not Contacted
    0 of 8 row(s) selected.
    Page 1 of 2
    Select All Legislators
    Profile
    Anna CaballeroD
    Senator
    Committee Member
    Profile
    Jacqui IrwinD
    Assemblymember
    Bill Author
    Profile
    Tim GraysonD
    Senator
    Committee Member
    Profile
    Megan DahleR
    Senator
    Committee Member
    Profile
    Kelly SeyartoR
    Senator
    Committee Member
    Profile
    Aisha WahabD
    Senator
    Committee Member
    Profile
    Christopher CabaldonD
    Senator
    Committee Member
    Profile
    Laura RichardsonD
    Senator
    Committee Member

    Similar Past Legislation

    Bill NumberTitleIntroduced DateStatusLink to Bill
    AB-749
    State agencies: information security: uniform standards.
    February 2023
    Failed
    View Bill
    Showing 1 of 1 items
    Page 1 of 1