Go RIM for State Government


The Government Online for Responsible Information Management (Go RIM) Web page provides a central location for information security standards, authority, guidance, forms, tools, and definitions related to California information security policy. These components augment the State Administrative Manual (SAM) security policies identified in SAM Section 5300 by providing state agencies with access to:

  • Baseline security standards that support these policies, as well as other standards when applicable to a specific policy area;
  • Laws, regulations, and other related federal and state policies that provide the authority for the State's policy requirements;
  • Guidance documents that provide directions, instructions, and best practices to aid in policy compliance
  • Standardized and required forms associated with meeting policy requirements;
  • Tools that include samples, templates, and other important resources to help a state agency implement a particular policy or standard
  • Definitions for clarification in the meaning of terms, words or phrases referred to in the policy or standards

Specific sections in SAM 5300 can be accessed by clicking on a description below:


Policy Section Description
5300 Introduction
5300.1 Arrangement of Chapter
5300.2 Governing Provisions
5300.3 Applicability
5300.4 Definitions
5300.5 Minimum Security Controls
5305 Information Security Program
5305.1 Information Security Program Management 
5305.2 Policy, Procedure and Standards Management
5305.3 Information Security Roles and Responsibilities
5305.4 Personnel Management 
5305.5 Information Asset Management 
5305.6 Risk Management
5305.7 Risk Assessment
5305.8 Provisions for Agreements with State and Non-State Entities
5305.9 Information Security Program Metrics
5310 Privacy
5310.1 State Entity Privacy Statement and Notice on Collection
5310.2 Limiting Collection
5310.3 Limiting Use and Disclosure
5310.4 Individual Access to Personal Information
5310.5 Information Integrity
5310.6 Data Retention and Destruction
5310.7 Security Safeguards
5315 Information Security Integration
5315.1 System and Services Acquisition
5315.2 System Development Lifecycle
5315.3 Information Asset Documentation
5315.4 System Developer Security Testing
5315.5 Configuration Management
5315.6 Activate Only Essential Functionality
5315.7 Software Usage Restrictions
5315.8 Information Asset Connections
5315.9 Security Authorization
5320 Training and Awareness for Information Security and Privacy
5320.1 Security and Privacy Awareness
5320.2 Security and Privacy Awareness Training
5320.3 Security and Privacy Awareness Records
5320.4 Personnel Security
5325 Business Continuity with Technology Recovery
5325.1 Technology Recovery Plan
5325.2 Technology Recovery Training
5325.3 Technology Recovery Testing
5325.4 Alternate Storage and Processing Site
5325.5 Telecommunications Services
5325.6 Information Security Backups
5330 Information Security Compliance
5330.1 Security Assessments
5330.2 Compliance Reporting
5335 Information Security Monitoring
5335.1 Continuous Monitoring
5335.2 Auditable Events
5340 Information Security Incident Management
5340.1 Incident Response Training
5340.2 Incident Response Testing
5340.3 Incident Handling
5340.4 Incident Reporting
5345 Vulnerability and Threat Management
5350 Operational Security
5350.1 Encryption
5355 Endpoint Defense
5355.1 Malicious Code Protection 
5355.2 Security Alerts, Advisories, and Directives 
5360 Identity and Access Management 
5360.1 Remote Access
5360.2 Wireless Access
5365 Physical Security
5365.1 Access Control For Output Devices
5365.2 Media Protection
5365.3 Media Disposal 

Last Updated: Tuesday, December 09, 2014