KS HB2271

Removes July 1, 2026 expiration dates from cybersecurity legislation enacted in 2024, making permanent the requirements for chief information security officers in each branch of state government and various state agencies

Requires each branch's chief information security officer to develop cybersecurity programs complying with NIST Cybersecurity Framework 2.0, achieving CSF tier 3.0 by July 1, 2028 and tier 4.0 by July 1, 2030

Mandates annual cybersecurity awareness training for all state employees, with access to state-issued hardware and networks revoked for non-compliance

Requires annual cybersecurity audits coordinated with the U.S. Cybersecurity and Infrastructure Security Agency (CISA), with audit results kept confidential and exempt from open records disclosure

Consolidates cybersecurity services under each branch's chief information technology officer and chief information security officer effective July 1, 2027, with the Information Technology Executive Council required to develop an integration plan by January 15, 2026