Resources » Governance » IT Executive Council
ITEC Policies & Standards
Statewide technology policies set standards and guidelines and define best practices for the IT enterprise. All statewide IT policies are adopted under the authority of the Kansas Information Technology Executive Council (ITEC) and are applicable to all three branches of government and other state entities unless otherwise noted. (K.S.A. 75-7203)
1000 Series - Applications and Software
1000 Series Policies
| No. | Title | Effective | Revised | Purpose |
|---|---|---|---|---|
| 1100 | Software Licensing | 2000-10-26 | 2023-06-20 | To recognize requirements established by copyright laws and common licensing |
| 1200 | Acceptable Internet Use | 2019-09-10 | To establish a common and uniform acceptable use policy for all state entities regarding the use | |
| 1210 | Information and Communication Technology Accessibility Policy | 2000-10-26 | 2025-03-25 | This policy contains scoping and technical requirements for information and communication technology |
| 1500 | Software Code | 2000-07-27 | 2023-06-20 | To establish a common, uniform policy for state entities regarding ownership and distribution of Software Code |
1000 Series Standards & Guidelines
| No. | Title | Effective | Revised | Purpose |
|---|---|---|---|---|
| 1100-S | Software Use and Licensing Standard | 2023-06-20 | To define the ITEC-1100-P minimum standards and procedures. | |
| 1100-S Attachment A | Software End of Life Management Plan Template | 2023-06-20 | Used to create a Software End-of-Life Management Plan. | |
| 1100-S Attachment B | Software Inventory Template | 2023-06-20 | Used to create a software inventory. | |
| 1500-S | Ownership of Software Code and Related Intellectual Property Standard | 2023-06-20 | To define the ITEC 1500-P minimum standards and procedures. | |
| 1500-S Attachment A | Sample Contractual Statements | 2023-06-20 | Boilerplate Statement of Ownership for Software Code and Intellectual Property for procurement instruments and contracts where the state retains sole ownership | |
| 1500-S Attachment B | Intent to Sell or Share Software Code or Intellectual Property | 2023-06-20 | Use to request CITO approval to sell or share software code or intellectual property owned by Kansas. |
2000 Series - Project Management
2000 Series Policies
| No. | Title | Effective | Revised | Purpose |
|---|---|---|---|---|
| 2400 | IT Project Plan Approval and Project Status Reporting | 2000-10-28 | 2023-07-01 | To establish a policy for the approval of projects that include the use of information systems or communications technology. |
| 2410 | IT Project Oversight | 1999-10-14 | 2010-07-15 | To establish a policy for the external independent oversight of information technology projects within entities. |
| JCIT1 | JCIT Policy 1 | 1998-12-15 | The purpose of this document is to establish a common understanding of the measures that will be considered... | |
| JCIT2 | JCIT Policy 2 | 1998-12-15 | The purpose of this document is to establish a common understanding of the measures that will be considered... |
2000 Series Standards & Guidelines
| No. | Title | Effective | Revised | Purpose |
|---|---|---|---|---|
| 2400-S | IT Project Plan Approval and Project Status Reporting Standard | 2000-01-10 | 2023-07-01 | The 1998 Senate Bill (SB) 5 defines an information technology project as a major computer, telecommunications, or... |
| 2410-S | IT Project Oversight Standards | The Independent Verification and Validation (IV&V) contractor will provide an IV&V assessment function... |
3000 Series - Governance
3000 Series Policies
| No. | Title | Effective | Revised | Purpose |
|---|---|---|---|---|
| 3000 | Information Technology Policies and Standards | 2021-06-15 | To define the terms, “policy,” “standard,” and “guideline” and to describe how the Kansas Information Technology... | |
| 3100 | IT Advisory Board Charter | 1999-10-14 | 2006-04-27 | To establish an Information Technology Advisory Board (ITAB) to the Chief Information Technology Officer, Executive... |
4000 Series - Architecture
4000 Series Policies
| No. | Title | Effective | Revised | Purpose |
|---|---|---|---|---|
| 4000 | KITA Review Board Charter | 1999-10-19 | 2006-10-26 | To establish the Kansas Technical Architecture Review Board (KTARB) to advise the Chief Information Technology Architect. |
| 4010 | KITA Compliance | 1999-10-19 | 2006-10-26 | To define the requirements for compliance with Kansas Information Technology Architecture for all info... |
| 4020 | KITA Change Management | 1999-10-14 | 2006-10-26 | To define the change management procedures for the Kansas Information Technology Architecture. |
5000 Series - Business Contingency
5000 Series Policies
| No. | Title | Effective | Revised | Purpose |
|---|---|---|---|---|
| 5300 | Business Contingency Planning | 1999-10-14 | 2021-09-14 | This policy is for the development of entity business continuity plans to ensure that all entities... |
| 5310 | Business Contingency Implementation | 1999-10-14 | 2021-09-14 | To implement the ITEC Information Technology Policy 5300 concerning Business Contin... |
6000 Series - Data, Records, and Content
6000 Series Policies
| No. | Title | Effective | Revised | Purpose |
|---|---|---|---|---|
| 6100 | GIS Metadata Policy | 1999-10-14 | 2020-03-10 | To establish a policy concerning the documentation standard for geographic information systems (GIS) databases. |
| 6120 | GIS Cadastral Policy | 1998-06-01 | 2007-04-01 | To establish a policy concerning a standard for GIS Cadastral Data. |
| 6180 | Water Utility Data Policy | 2008-10-23 | To establish a policy to ensure the accuracy, reliability, and accessibility of water utility data for use... |
6000 Series Standards & Guidelines
| No. | Title | Effective | Revised | Purpose |
|---|---|---|---|---|
| 6120A | GIS Cadastral Standard | 1997-08-01 | The Kansas GIS Cadastral Standard forms the basis for automating the legal elements of cadastral... | |
| 6180A | Water Utility Data Standard | 2008-09-01 | This document provides guidelines by which public water suppliers may acquire water utility... | |
| 6401G | Email Guidelines | 2020-06-09 | The State Records Board and the Information Technology Executive Council present these guidelines... |
7000 Series - Security
7000 Series Policies
Audit and Accountability Policy Audit and Accountability Policy| No. | Title | Effective | Revised | Purpose |
|---|---|---|---|---|
| 7000 | IT Enterprise Security Policy | 2024-11-01 | This policy establishes the foundational requirements for developing, implementing, and enforcing enterprise information technology security policies, standards, and procedures applicable to the Executive Branch. | |
| 7010 | Access Control Policy | 2024-11-01 | 2024-12-17 | This policy establishes security requirements and ensures appropriate mechanisms for the control, administration, and tracking of access to State information assets. |
| 7012 | Remote Access Security Policy | 2024-11-01 | This policy establishes uniform security controls for remote access across all applicable Entities. | |
| 7014 | Critical Vulnerability Patching Policy |
2024-11-01 | This policy aims to reduce the organization's exposure to cyber threats by ensuring the timely application of critical patches that address issues affecting the integrity, confidentiality, and availability of information and digital assets. | |
| 7016 | Domain Name Policy | 2024-11-01 | This policy establishes the mandatory use of “.ks.gov” or “.gov” domain names for all official online communications, publications, service delivery, online content design, and digital product development for covered entities within the State of Kansas. | |
| 7018 | IT Asset Management Policy | 2024-12-01 | This policy establishes a uniform approach to IT Asset management to ensure that components of the state network are accounted for and visible to software tools for monitoring the attack surface. | |
| 7020 | Software Usage Restriction Policy | 2024-12-01 | This policy establishes software usage and non-standard software restrictions. | |
| 7022-P | Configuration Management Policy | 2024-12-01 | This policy establishes standards to ensure baseline Configuration Settings are maintained to protect the confidentiality, integrity, and availability of State information assets. | |
| 7024 | Cloud Security Policy | 2025-02-01 | This policy establishes minimum information security requirements for Cloud Services. |
|
| 7026 | Identification and Authentication Management Policy | 2025-02-01 | This policy establishes minimum requirements for implementing identification, authentication, and authorization controls to ensure only authorized individuals, systems, and processes can access Information Assets and Information Systems. | |
| 7028-P | Media Protection Policy | 2025-02-01 | This policy establishes requirements for protecting data in all forms and media throughout their lifecycle based on sensitivity, criticality, value, and the impact of a loss of confidentiality, integrity, and availability on applicable stakeholders. | |
| 7030 | Mobile Device policy | 2025-02-01 |
This policy establishes specific security requirements for Mobile Devices. |
|
| 7032 | Telework Policy | 2025-02-01 |
This policy defines the security requirements and procedures for Organizational Users who telework to ensure the protection of the Entity’s information and systems. |
|
| 7034 | Acceptable use of IT Policy | 2025-03-01 | This policy establishes minimum requirements for the acceptable use of IT Resources to protect users’ resources. |
|
| 7036 | IT Hardware Maintenance Security Policy | 2025-03-01 | The purpose of this policy is to ensure IT Assets are properly maintained to minimize risks from emerging information security threats and prevent the potential loss of confidentiality, integrity, or availability due to system failures. |
|
| 7038 | Personnel Security Policy | 2025-04-01 |
The purpose of this policy is to ensure that Executive Branch personnel have the appropriate background, skills, and training to perform their job responsibilities in a competent, professional, and secure manner. |
|
| 7040 | Physical and Environmental Security Policy | 2025-04-01 |
This policy establishes requirements to ensure that Entities’ information assets are protected by physical controls to prevent tampering, damage, theft, or unauthorized physical access. |
|
| 7042-P | Information Security Program Policy | 2025-04-01 |
This policy defines and establishes roles and responsibilities for managing information security within the Entity. |
|
| 7044 | Information Security Risk Management Policy | 2025-04-01 |
This policy establishes requirements for identifying, assessing, treating, and monitoring information security risks to Entity operations, information systems, and information. |
|
| 7046 | Security Awareness Training Policy | 2025-05-01 | The purpose of this policy is to ensure Organizational Users are aware of Information Security threats to the State’s information assets, understand their responsibilities, and are aware of the statutory and policy requirements that are intended to protect State information and information systems from a loss of confidentiality, integrity, or availability. | |
| 7048 | Cybersecurity Incident Response Policy | 2025-11-01 | The purpose of this policy is to establish a consistent and organized approach for preparing for, identifying, reporting, and managing Information Security incidents that may compromise the confidentiality, integrity, availability, and privacy of the State’s information and information systems. | |
| 7050 | Secure System Development Policy | 2025-07-01 | The purpose of this policy is to establish common expectations Entities will follow to reduce the number of vulnerabilities in released software, mitigate the potential impact of the exploitation of undetected or unaddressed vulnerabilities, and address the root causes of vulnerabilities to prevent future recurrences. | |
| 7052 | Information Security Exception Policy |
2025-07-01 | To establish a clear and structured process for requesting, evaluating, and approving security exceptions. Security exceptions are deviations from established security policies, standards, or controls, and this policy ensures that such deviations are carefully considered and appropriately mitigated. | |
| 7054 | Open-Source Software Security Policy | 2025-10-01 | The purpose of this policy is to establish a consistent and organized approach for evaluating, approving, implementing, monitoring, and retiring Open-Source Software (OSS) to ensure that its use supports the agency’s mission while safeguarding the confidentiality, integrity, availability, and ownership of the State’s information systems, software assets, and intellectual property. | |
| 7056 | System Documentation Policy |
2026-01-01 | This policy establishes the requirements for creating, maintaining, and managing system documentation for information systems, components, or services within the Entity. |
|
|
7058-P |
Audit and Accountability Policy | 2025-11-01 | The purpose of the Audit and Accountability policy is to establish and maintain situational awareness within individual Entities, and across the Executive Branch as a whole, through timely collection and investigation of security-related event logs. | |
| 7230 | Enterprise Security Policy | This policy is superseded by ITEC 7000-P IT Enterprise Security Policy. | ||
| 7300 | Security Council Charter | 2015-01-16 | 2022-07-01 | To establish an Information Technology Security Council (ITSC) that is advisory to the Information Technology... |
7000 Series Standards & Guidelines
|
No. |
Title |
Effective |
Revised |
Purpose |
|---|---|---|---|---|
|
7230A |
IT Security Standards |
2019-07-01 |
To define the Information Technology Policy 7230 minimum security standards and procedures for. . |
8000 Series - Shared Solutions
8000 Series Policies
| No. | Title | Effective | Revised | Purpose |
|---|---|---|---|---|
| 8000 | Kansas Data Review Board Charter | 2021-07-01 | 2021-06-15 | To establish the Kansas Data Review Board (KDRB) to advise the Chief Information Tech... |
| 8010 | Kansas Data Review Board Policy | 2021-07-01 | To define the policy and requirements for Kansas data management for all agency... |
8000 Series Standards & Guidelines
| No. | Title | Effective | Revised | Purpose |
|---|---|---|---|---|
| 8010A | Kansas DATA Review Board Standards | 2021-07-01 | To define the Information Technology Policy 8010 minimum security stand... | |
| 8010B | Data Sensitivity Worksheet (Excel) | 2021-07-01 |
9000 Series - Infrastructure
9000 Series Policies
| No. | Title | Effective | Revised | Purpose |
|---|---|---|---|---|
| 9200 | Public Key Infrastructure | 2001-07-19 | 2007-07-26 | To establish policy for the implementation and use of public key infrastructure within Kansas state government... |
| 9210 | Identity Management Group Charter | 2008-07-24 | To establish an Information Technology Identity Management Group that is advisory to the Information... | |
| 9500 | Wireless Local Area Network Policy | 2006-04-27 | 2023-06-20 | To establish a common, uniform use policy for all state agencies regarding the acquisition, installation... |
9000 Standards & Guidelines
| No. | Title | Effective | Revised | Purpose |
|---|---|---|---|---|
| 9200A | Kansas PKI Certificate | 2009-06-26 | This CP governs the issuance and use of certificates for the purposes of authentication, signature... | |
| 9500-S | Wireless Local Area Network Standard | 2023-06-20 | To define the ITEC 9500-P minimum standards and procedures. | |
| 9500-S Attachment A | Kansas IT Architecture Waiver Request | 2023-06-20 | Used to request a waiver from ITEC-4010-P KITO compliance requirements. | |
| 9500-S Attachment B | Wireless Infrastructure Inventory Template | 2023-06-20 | Template for the creation of a Wireless Infrastructure Inventory | |
| 9501 | KITA Wireless Architecture Section | 2011-07-01 | 2023-06-20 | Updated Wireless Section of the Kansas IT Architecture. |
Free viewers are required for some of the attached documents.
They can be downloaded by clicking on the icons below.
Download Windows Media Player
Download Word Viewer
Download Excel Viewer
Download PowerPoint Viewer
