75-7242. Information collected placing organization at risk confidential; exceptions. Information collected to effectuate this act shall be considered confidential by the executive branch agency and KISO unless all data elements or information that specifically identifies a target, vulnerability or weakness that would place the organization at risk have been redacted, including: (a) System information logs; (b) vulnerability reports; (c) risk assessment reports; (d) system security plans; (e) detailed system design plans; (f) network or system diagrams; and (g) audit reports. The provisions of this section shall expire on July 1, 2023, unless the legislature reviews and reenacts this provision pursuant to K.S.A. 45-229, and amendments thereto, prior to July 1, 2023.

History: L. 2018, ch. 97, § 7; July 1.