Current through 2024 Session Acts Chapter 111 and 2024 Special Session Acts Chapter 4
Section 75-710 - Assistants and employees; powers and duties(a) The attorney general shall appoint such assistants, clerks, and stenographers as shall be authorized by law, and who shall hold their office at the will and pleasure of the attorney general. All fees and allowances earned by said assistants or any of them, or allowed to them by any statute or order of court in any civil or criminal case whatsoever, shall be turned into the general revenue fund of the state treasury, and the vouchers for their monthly salaries shall not be honored by the director of accounts and reports until a verified account of the fees collected by them, or either of them, during the preceding month, has been filed in the director of accounts and reports' office. Assistants appointed by the attorney general shall perform the duties and exercise the powers as prescribed by law and shall perform other duties as prescribed by the attorney general. Assistants shall act for and exercise the power of the attorney general to the extent the attorney general delegates them the authority to do so.(b)(1) The attorney general shall appoint a chief information security officer who shall be responsible for establishing security standards and policies to protect the office's information technology systems and infrastructure. The chief information security officer shall: (A) Develop a cybersecurity program for the office that complies with the national institute of standards and technology cybersecurity framework (CSF) 2.0, as in effect on July 1, 2024. The chief information security officer shall ensure that such programs achieve a CSF tier of 3.0 prior to July 1, 2028, and a CSF tier of 4.0 prior to July 1, 2030;(B) ensure that the attorney general and all employees complete cybersecurity awareness training annually and that if an employee does not complete the required training, such employee's access to any state-issued hardware or the state network is revoked; and(C)(i)(a) coordinate with the United States cybersecurity and infrastructure security agency to perform annual audits of the office for compliance with applicable state and federal laws, rules and regulations and office policies and standards; and(b) make an audit request to such agency annually, regardless of whether or not such agency has the capacity to perform the requested audit.(ii) Results of audits conducted pursuant to this paragraph shall be confidential and shall not be subject to discovery or disclosure pursuant to the open records act, K.S.A. 45-215 et seq., and amendments thereto.(2) The provisions of this subsection shall expire on July 1, 2026.Amended by L. 2024, ch. 95,§ 14, eff. 7/1/2024.R.S. 1923, 75-710; L. 2005, ch. 149, § 2; July 1.