I will create a no frills spreadsheet of cis controls

Prepare for California privacy and Internet of Things laws (CCPA and SB-327) with this easily sortable list of controls taken from the Center for Internet Security (CIS) (https://www.cisecurity.org/).  Both CCPA and SB-327 for connected devices require "reasonable security" measures.  In her 2016 California Data Breach Report, former Attorney General Kamala Harris defined "reasonable security" as following the CIS Controls (https://oag.ca.gov/sites/all/files/agweb/pdfs/dbr/2016-data-breach-report.pdf).  Includes the Controls Families.  Controls are hyperlinked to additional details.  Higher packages incorporate these details and include a self-assessment Q&A format.

SB-327: https://leginfo.legislature.ca.gov/faces/billTextClient.xhtml?bill_id=201720180SB327
CCPA: https://leginfo.legislature.ca.gov/faces/billTextClient.xhtml?bill_id=201720180SB1121
Cal. Civ. Code § 1798.81.5: https://leginfo.legislature.ca.gov/faces/codes_displaySection.xhtml?lawCode=CIV&sectionNum=1798.81.5
The California Security Breach Information Act of 2003: https://leginfo.legislature.ca.gov/faces/billTextClient.xhtml?bill_id=200120020SB1386