Kansas Department of Administration

20-A-008 NACHA Requirement for Data Security Enforcement Delay (February 25, 2020)

Posted on October 21, 2021 at 12:51 PM by Kansas Department of Administration


Informational Circular No. 20-A-008
Effective Date: June 30, 2020
Contact Name:
Nancy Ruoff

Sunni Zentner		 Ph:
(785) 296-2853

(785) 296-7058		 Email:
Nancy.Ruoff@ks.gov

Sunni.Zentner@ks.gov
Approval: Nancy Ruoff/Sunni Zentner
(Original Signatures on File)
Summary:
Delay of enforcement for NACHA data security requirement 

This revises Informational Circular No. 20-A-007 issued on January 16, 2020.

Background:

The National Automated Clearing House Association (NACHA) has increased the level of security measures required for large-volume processors when storing account information. The new requirement states that account information used for ACH purposes must be rendered unreadable when it is stored electronically.  This includes ACH account information stored at rest in any system or in any electronic format.  ACH account information in transit is not affected by this requirement.  Forms collected electronically (including those which are scanned and stored) are subject to the requirement.

Revised deadline:

As published in the National Association of State Auditors, Controllers and Treasurers’ (NASACT) newsletter dated January 21, 2020, NACHA will be taking the position of “no enforcement” of the new data security rule through June 30, 2021 for governmental entities that are working in good faith toward implementation and compliance.  Agencies subject to the NACHA requirement should develop and document a plan of action by June 30, 2020 that will ensure compliance with the new security requirements is achieved on or before June 30, 2021.

Security of ACH account information and attachments stored in SMART and SHARP will be addressed by the Department of Administration.  Each state agency retaining ACH account information and attachments in any agency system or database must adhere to the new requirement for data security by June 30, 2021.

Additional Resources
NACHA web site, Supplementing Data Security Requirements:
https://www.nacha.org/rules/supplementing-data-security-requirements

PCI DSS Requirement 9
https://www.solarwindsmsp.com/content/pci-dss-requirement-9

Printable version 20-A-008

Comments
There are no comments yet.
Add Comment

* Indicates a required field

« Go Back

RSS Feed
Subscribe to Email Notifications

Popular Posts

What is the difference between a classified position and an unclassified position
01-a-021 - Capital Outlay Policy Raising Capitalization Threshold to $5,000 and Policy for Safeguarding Assets (June 21, 2001) (Supersedes 00-a-021, Supplements 01-a-018) (Supplemented by 02-a-017)
05-a-005 - Mandatory Direct Deposit for State Employee Reimbursements (July 7, 2004) (supplemented by 05-a-012)
02-a-018 - Capital Asset Reporting (June 4, 2002)
03-a-003 - Budgetary Worksheet Reports (August 6, 2002) (Supersedes 02-a-003)

Authors

Kansas Department of Administration
22-P-002 Addition of New Reports with W-2 Production Load (July 27, 2021)
22-072 Research Services - closes 9/17/21
Kansas Department of Administration

© 2023 Kansas Department of Administration. All rights reserved.

© 2023 Kansas Department of Administration. All rights reserved.