Skip to main content
govconCyber
State profile

Illinois

Responsible agency: Dep't of Central Management Servs.

Last reviewedJune 7, 2026Version v1

Cybersecurity statutes (background)

In plain terms. Illinois law restricts which cybersecurity products state agencies may buy and routes IT security through the Department of Innovation and Technology's enterprise security policy.

Who it applies to. State agencies (procurement runs through Central Management Services) and the vendors selling them software and cybersecurity products.

What it requires. State law identifies prohibited and authorized cybersecurity products, meaning some vendors or products are off-limits for state purchase. Software licensing procurement has agency-specific rules (for example, for the Department of Financial and Professional Regulation). Acquisitions and systems are expected to follow the state's enterprise information-security policy and standard IT contract terms.

Why it matters. Before selling a cybersecurity product to Illinois, confirm it isn't on the prohibited list, and expect contracts to carry the state's standard security terms.

Citation. 30 Ill. Comp. Stat. 500, including § 25-90 (Prohibited and Authorized Cybersecurity Products) and § 20-25.2 (licensing software procurement); Illinois DoIT Enterprise Information Security Policy.

Regulations & policies (background)

In plain terms. Illinois has no separate cybersecurity regulations; the operative rules are the state's enterprise information-security policy and standard contract terms.

Who it applies to. State agencies and their IT vendors.

What it requires. The Department of Innovation and Technology's Enterprise Information Security Policy sets expectations across security assessment and authorization, system and communications protection, and system and services acquisition. The standard Illinois IT contract template carries matching security terms and conditions.

Why it matters. Vendors should expect these policy areas to appear as contract obligations, even though Illinois has no formal cyber regulation.

Citation. Illinois DoIT Enterprise Information Security Policy (Security Assessment and Authorization; System and Communications Protection; System and Services Acquisition); Illinois IT Contract Template, Standard Terms and Conditions.