Get Full Government Meeting Transcripts, Videos, & Alerts Forever!
Kansas bill SB 291 would centralize cybersecurity, set NIST targets and include a July 2026 sunset
Summary
A 2024 law with broad cybersecurity requirements for Kansas government branches includes new chief information security officer roles, NIST Cybersecurity Framework targets, annual budget line-iteming and a statutory sunset that requires the Legislature to act before July 1, 2026 to keep the changes in force.
The Joint Committee on Information Technology heard an overview of Senate Bill 291, the 2024 cybersecurity law that would change how the executive, judicial and legislative branches manage cybersecurity and information technology services.
The office of the Reviser of Statutes told the panel that the act requires each branch to appoint a chief information security officer (CISO) and to develop branchwide cybersecurity programs based on the National Institute of Standards and Technology (NIST) Cybersecurity Framework. Those programs must achieve a CSF tier 3 by July 1, 2028, and tier 4 by July 1, 2030, the Reviser said.
The bill also contains operational and budgetary changes. Beginning July 1, 2025, agencies must move public-facing websites to the .gov domain. The law requires that each agency’s information-technology and cybersecurity appropriations be shown as separate line items in budgets to allow more detailed legislative review. A new Information Technology Security Fund and…
Already have an account? Log in
Subscribe to keep reading
Unlock the rest of this article — and every article on Citizen Portal.
- Unlimited articles
- AI-powered breakdowns of topics, speakers, decisions, and budgets
- Instant alerts when your location has a new meeting
- Follow topics and more locations
- 1,000 AI Insights / month, plus AI Chat
