Kansas § 75-7238 Executive branch chief information security officer; duties

Kansas Statutes

§ 75-7238 — Executive branch chief information security officer; duties

Kansas § 75-7238

Ch. 75STATE DEPARTMENTS; PUBLIC OFFICERS AND EMPLOYEES

Art. 72INFORMATION TECHNOLOGY

This text of Kansas § 75-7238 (Executive branch chief information security officer; duties) is published on Counsel Stack Legal Research, covering Kansas primary law. Counsel Stack provides free access to over 12 million legal documents including statutes, case law, regulations, and constitutions.

Bluebook

Kan. Stat. Ann. § 75-7238 (2026).

Text

(a)There is hereby established the position of executive branch chief information security officer (CISO). The executive CISO shall be in the unclassified service under the Kansas civil service act, shall be appointed by the governor and shall receive compensation in an amount fixed by the governor.

(b)The executive CISO shall:

(1)Report to the executive branch chief information technology officer;

(2)establish security standards and policies to protect the branch's information technology systems and infrastructure in accordance with subsection (c);

(3)ensure the confidentiality, availability and integrity of the information transacted, stored or processed in the branch's information technology systems and infrastructure;

(4)develop a centralized cybersecurity protocol for protecting

Free access — add to your briefcase to read the full text and ask questions with AI

(a) There is hereby established the position of executive branch chief information security officer (CISO). The executive CISO shall be in the unclassified service under the Kansas civil service act, shall be appointed by the governor and shall receive compensation in an amount fixed by the governor.
(b) The executive CISO shall:
(1) Report to the executive branch chief information technology officer;
(2) establish security standards and policies to protect the branch's information technology systems and infrastructure in accordance with subsection (c);
(3) ensure the confidentiality, availability and integrity of the information transacted, stored or processed in the branch's information technology systems and infrastructure;
(4) develop a centralized cybersecurity protocol for protecting and managing executive branch information technology assets and infrastructure;
(5) detect and respond to security incidents consistent with information security standards and policies;
(6) be responsible for the cybersecurity of all executive branch data and information resources;
(7) collaborate with the chief information security officers of the other branches of state government to respond to cybersecurity incidents;
(8) ensure that the governor and all executive branch employees complete cybersecurity awareness training annually and that if an employee does not complete the required training such employee's access to any state-issued hardware or the state network is revoked; and
(9) review all contracts related to information technology entered into by a person or entity within the executive branch to make efforts to reduce the risk of security vulnerabilities within the supply chain or product and ensure each contract contains standard security language.
(c) The executive CISO shall develop a cybersecurity program for each executive branch agency that complies with the national institute of standards and technology cybersecurity framework (CSF) 2.0, as in effect on July 1, 2024. The executive CISO shall ensure that such programs achieve a CSF tier of 3.0 prior to July 1, 2028, and a CSF tier of 4.0 prior to July 1, 2030. The agency head of each executive branch agency shall coordinate with the executive CISO to achieve such standards.
CAUTION: Section was further amended L. 2024, ch. 95, § 33, to be effective on July 1, 2026.