You just read:

California Attorney General Concludes that Failing to Implement the Center for Internet Security's (CIS) Critical Security Controls 'Constitutes a Lack of Reasonable Security'

News provided by

Center for Internet Security

22 Feb, 2016, 09:19 ET