SESSION OF 2025
SUPPLEMENTAL NOTE ON HOUSE BILL NO. 2271
As Recommended by House Committee on
Legislative Modernization
Brief*
HB 2271 would remove the July 1, 2026 sunset from
provisions of law related to the administration and
organization of information technology (IT) and cybersecurity
services within each branch of state government. [Note: The
bill would remove the sunset provision contained within 2024
House Sub. for SB 291.]
The bill would also add to the list of recipients the Joint
Committee on Information Technology to receive two reports
from the Information Technology Executive council (ITEC).
Under the bill, removal of the sunset would make the
following provisions permanent:
●Appointment of a Chief Information Security Officer
(CISO) for the offices of the Department of
insurance, Secretary of State, State Treasurer,
Attorney General, Kansas Bureau of Investigation
(KBI), Judicial Administration, and Legislature;
●The development of cybersecurity programs
compliant with National Institute of Standards and
Technology (NIST) Frameworks;
●Annual cybersecurity awareness training for
employees;
____________________
*Supplemental notes are prepared by the Legislative Research
Department and do not express legislative intent. The supplemental
note and fiscal note for this bill may be accessed on the Internet at
https://klrd.gov/ ●Coordination with the Cybersecurity and
Infrastructure Security Agency for security audits;
●Integration of cybersecurity services with the
respective branch CISOs by July 1, 2027;
●Development of an IT integration plan by the
Information Technology Executive Council for
executive branch IT services;
●Development of a cost estimate for provision of IT
services to State and county-funded district courts;
●Mandate all State websites be hosted on a .gov
domain by February 1, 2025;
●Require certain reports be made to legislative
committees;
●Provision of separate line-item appropriations for IT
and cybersecurity expenditures;
●Five percent appropriation reduction for agencies
found to be not compliant with cybersecurity
programs based on NIST standards; and
●Require certain cybersecurity measures and
compliance reports be made to the legislature.
Background
The bill was introduced by the House Committee On
Legislative Modernization at the request of Representative
Penn.
House Committee on Legislative Modernization
In the House Committee hearing no testimony was
provided.
2- 2271 Fiscal Information
According to the fiscal note prepared by the Division of
the Budget (DoB) on the bill, DoB indicates data to fulfill
requirements related line item appropriations of IT
expenditures, and historic IT expenditure information required
by 2024 House Substitute for SB 291 is not readily available,
and the potential shifting of fund in FY 2026 could be
problematic for federal fund tracking and commingling of fund
requirements. These provisions would require additional time
for the DoB to study.
The Office of Information Technology services indicates
it cannot determine the fiscal effect at this time, and will not
have a cost estimate until after presenting its final report to
the 2026 Legislature.
The Office of Judicial Administration (OJA) indicates
increased ongoing SGF expenditures totaling $459,500
beginning FY 2026 for ongoing implementation of SB 291,
cybersecurity enhancements, and software. OJA also
indicates the possible need for additional expenditures to
comply with provisions of the Act, but will make such request
in the next budget cycle.
Legislative Administrative Services indicates the bill
would increase expenditures for a CISO and other IT
procurement, but can not provide an estimate at this time.
The Office of the Attorney General estimates an
increase in SGF expenditures totaling $60,000 in both FY
2026 and FY 2027 for required cybersecurity software.
The Adjutant General indicates no fiscal effect on the
agency. Any fiscal effect associated with the bill is not
reflected in The FY 2026 Governor’s Budget Report.
Cybersecurity; Chief Information Security Officer; Chief Information Technology
Officer; sunset; information technology; integration
3- 2271