Washington State SEC-01 Cybersecurity Program Policy adopted and approved (replacing IT Policy 141 and parts of IT Standard 141.10)

WaTech’s SEC-01 Washington State Cybersecurity Program Policy was adopted by the State CIO and approved by the Technology Services Board on 2024-12-10. The policy establishes enterprise cybersecurity program requirements for covered Washington State agencies (and entities using WaTech services for the services provided), including maintaining an agency cybersecurity program, annual review and updates after significant change, annual certification/attestation by agency leadership to WaTech regarding implementation and compliance with enterprise security policies/standards, and alignment of vendor/partner contract language with security requirements. The policy states it replaces prior IT Policy 141 and IT Standard 141.10 (as indicated in the policy metadata). The document also lists a sunset review date of 2027-12-10 (not a compliance deadline).