Attachments - Part 2 - Kansas Turnpike Authority

Page created by Diane Love
 
CONTINUE READING
Attachments - Part 2 - Kansas Turnpike Authority
Roadside Toll Collection System RFP                                  Attachments

                                      Attachments - Part 2
Attachment 6 – KTA Information Security Overview
Attachment 7 – Kansas License Plate Guide
Attachment 8 – Implementation Responsibility Matrix
Attachment 9 – Special Instructions – Traffic Control Restrictions
Attachment 10 – KTA Network Topology
Attachment 11 – Maintenance Responsibility Matrix
Attachment 12 – KTA COVID-19 Vendor Information
Attachment 13 – NIOP ICD - Appendix C

Kansas Turnpike Authority (KTA)             March 18, 2021           Attachments
Attachments - Part 2 - Kansas Turnpike Authority
Roadside Toll Collection System RFP                    Attachment 6 – KTA Information Security Overview

                        Attachment 6
              KTA Information Security Overview

Kansas Turnpike Authority (KTA)       March 18, 2021                                      Attachment 6
Attachments - Part 2 - Kansas Turnpike Authority
Roadside Toll Collection System RFP                                    Attachment 6 – KTA Information Security Overview

                                  5-3-1. COMPUTER USAGE POLICY AND GUIDELINES

1. Purpose:
   1.1. This document establishes Kansas Turnpike Authority policy governing computer usage and the
        authorized limited personal use of Authority assets. This includes the use of Authority equipment and
        resources, computers, tablets, telephones, Internet access, electronic mail (email), voice mail,
        reproduction equipment, and facsimile systems.

2. Definitions:
   2.1. Authority Assets – Property, materials, equipment, facilities, proprietary information, and resources,
        hereinafter collectively referred to as “assets,” intended to be used for the conduct of the Authority’s
        business.

    2.2. Electronic Mail (email) – Electronically transferred information, typically in the form of messages and
         attached documents, from a sending party to one or more receiving parties via an electronic mail system.

    2.3. Internet – A public global computer network connecting commercial, government and educational
         organizations.

    2.4. Intranet – The computer network connecting Kansas Turnpike Authority sites and computers.

3. Policy:
   3.1. Kansas Turnpike Authority assets are to be used for business purposes to advance the Authority’s
        strategic objectives. However, occasional personal use by employees of Authority assets may occur
        without compromising Kansas Turnpike Authority’s interests. This policy establishes the conditions for
        such use.

    3.2. Certain terms used in this policy, particularly with regards to the content and use of electronic
         materials/transmissions, is not amenable to precise definition. For example, it is not possible to define
         the term "insignificant value" by means of a precise dollar limitation, or "occasional use" by means of a
         specific number. Employees and their department directors are expected to use good judgment in
         appropriate use of Authority assets consistent with the purposes of this policy. However, the final
         determination regarding what constitutes appropriate use consistent with this policy is reserved to the
         Chief Executive Officer in coordination with the Department Director.

    3.3. All electronic data stored on Authority computers or other electronic devices is the property of the
         Authority. Employees are reminded there is no expectation of privacy with respect to files maintained on
         Authority computers or data transmitted over the Authority data or communication network(s), inclusive
         of the Intranet and Internet. All computer transmissions originating from, sent through, or terminating at
         the Authority are subject to audit without notice, and all such transmissions are identifiable by origin and
         destination.

    3.4. Employees who use Authority assets for personal purposes are responsible for any and all liability that
         may arise from such personal use to include any violation of law, regulation or policy during such use.

    3.5. Employees and other authorized users of Authority assets shall report any violations of this policy to local
         management.

Kansas Turnpike Authority (KTA)                 March 18, 2021                                          Attachment 6-1
Attachments - Part 2 - Kansas Turnpike Authority
Roadside Toll Collection System RFP                                      Attachment 6 – KTA Security Information Overview

   3.6. Violation of this policy may result in disciplinary action up to and including termination of employment.
4. Applicability:
   4.1. This policy and procedure applies to all departments within the Kansas Turnpike Authority.

5. Guidelines:
   5.1. Occasional limited personal use of Authority assets is permitted subject to the following conditions.
        Discretion shall be exercised both by local management and the employee to ensure the Kansas Turnpike
        Authority’s interests are not adversely affected by such use.

         5.1.1.The personal use of Authority assets shall not compromise security or the integrity of the
               Authority’s communications, computers and/or network.

         5.1.2.Typical authorized limited personal use of the Authority’s computer and related assets includes:
               occasional emails to home, friends, school, doctor, etc.; accessing travel information, forms or
               information on the Intranet or Internet; etc.

         5.1.3.Authority assets shall not be used to play computer games or games on the Internet.

         5.1.4.Authority assets shall not be used in support of personal business, private consulting effort or
               similar venture, the business of any other company or firm, outside fund- raising activity, political or
               lobbying activity, nor for any illegal or other purpose that could cause embarrassment to the
               Authority or otherwise adversely affect its interests.

         5.1.5.Authority assets (other than items such as laptops or mobile devices required by the employee for
               job responsibilities and supplies) must remain on Kansas Turnpike Authority controlled premises, or
               appropriate authorization must be obtained from management for removal of the asset.

    5.2. Access to the Authority’s communications, computers and/or network by means of any personal device
         is strictly prohibited.

         5.2.1.Employee access to the Internet using the Authority’s computers and/or network is governed by the
               provisions of Disciplinary Rules Policy 5-4-1 “Electronic Mail and Internet/Intranet”.

         5.2.2.Although employees may have individual access passwords to voicemail, email, and computer
               network systems (including the Internet), these assets are accessible at all times to and by the
               Authority. The source of any message and the information it contains are not private, and are
               subject to disclosure under the Kansas Open

         5.2.3.Records Act. The Authority reserves the right in its sole discretion to monitor and/or access
               information and messages in these communication and information systems. Anyone using
               Authority assets expressly consents to the monitoring of such use. The Authority also retains the
               right to review, audit, and disclose for business purposes all information and messages in its
               communication and information systems.

         5.2.4.Use of Authority assets, including email systems and access to the Internet, for purposes which, in
               the sole discretion of the Authority, may be considered disruptive or offensive to others is
               prohibited. This prohibition includes, but is not limited to accessing or transmitting sexual images,
               messages, jokes or cartoons; hate speech, or material that ridicules others on the basis of race,

Kansas Turnpike Authority (KTA)                   March 18, 2021                                         Attachment 6-2
Attachments - Part 2 - Kansas Turnpike Authority
Roadside Toll Collection System RFP                                      Attachment 6 – KTA Security Information Overview

               creed, religion, color, sex, disability, age, national origin, or sexual orientation or is otherwise
               defamatory or derogatory; content prohibited by law and/or regulation; and any material that
               would reflect negatively on the Authority. Creating, distributing or circulating “chain” or “pyramid”
               mail/transmissions is also prohibited, as is proselytizing or soliciting for outside or personal
               commercial venture, religious or political cause, outside organizations, or other solicitations that are
               not job related. Refer to Disciplinary Rules Policy 5-4-1 “Electronic Mail and Internet/Intranet”.

         5.2.5.The acquisition, installation, distribution or use of personal or illegally obtained software (including
               freeware, screen savers and backgrounds) whether by disk or downloading from the Internet is
               prohibited. However, the Authority recognizes that employees use specific freeware tools in the
               performance of their jobs. Downloading and/or the installation of freeware (including shareware)
               tools require advance approval by the Information Technology department.

         5.2.6.Knowingly downloading, installing, storing or using malicious software, viruses, “cracking,”
               keystroke monitoring software, or other actions that may be disruptive or counter-productive to
               business operations is prohibited.

         5.2.7.The introduction or use of packet sniffing software or any software intended to capture passwords
               is prohibited except when explicitly authorized and coordinated in advance with the Information
               Technology department.

         5.2.8.Use of Authority assets to copy and/or transmit documents, software, technical data or other
               information protected by copyright, patent or trademark law, or other law and regulation is
               prohibited.

         5.2.9.Any attempt to obtain unauthorized access to any computer and/or communication system on the
               Internet or the Authority’s Intranet is prohibited.

         5.2.10. The storage, processing or transmission of government classified information on unclassified
              computer systems, networks or via the Intranet and Internet is prohibited.

         5.2.11. Messages disseminated to all employees, large distribution lots using Kansas Turnpike Authority
              communication and/or data networks must be business relatedand approved in advance by the
              applicable Department Director. Using large distribution lots for non-business-related purposes, or
              sending large, memory intensive files or applications which may impede or disturb network
              operation is prohibited.

         5.2.12. Consultation with IT is required in advance prior to using specific file sharing applications for
              sharing large files (such as engineering documents or response to KORA requests).

    5.3. The Authority operates email systems to facilitate communication between employees, customers,
         vendors, and business associates. These email systems and employee email accounts are Authority
         assets. External email accounts are not to be used to communicate Authority information. Use of the
         Authority’s email systems for personal use is not allowed.

         5.3.1.Email messages shall meet the same standards of business etiquette that govern hard copy (e.g.,
               written) business correspondence. Use of the Authority’s email systems for communications that
               violate law, regulation and policy is prohibited. This is including, but not limited to:
                  •       Defamatory, inflammatory, or obscene messages

Kansas Turnpike Authority (KTA)                   March 18, 2021                                         Attachment 6-3
Attachments - Part 2 - Kansas Turnpike Authority
Roadside Toll Collection System RFP                                      Attachment 6 – KTA Security Information Overview

                  •        Offensive or harassing messages
                  •        Reprimands or unprofessional conflict avoidance matters
                  •        Personal favors or inappropriate personal messages
                  •        Graphic content/pictures
                  •        Inappropriate language
                  •        Confidential information that is not sent through secure email, such as protected health
                           information or social security or account numbers
                  •        Political influencing, campaigning, or solicitation
                  •        Any communication that would otherwise be deemed inappropriate for the workplace

    5.4. Employees and other authorized email users should promptly delete email messages sent or received
         that no longer require action and that are not required to be retained by law or contract. Employees are
         reminded that the deletion of a message or file may not fully eliminate the message or file from the
         system. Please see General Policy 4-35-1 Record Retention Policy for further guidance on when to delete
         email messages and other records that are property of KTA.

    5.5. Disciplinary Action – Violation of this policy may result in disciplinary action up to and including
         termination of employment.

5-4-1. ELECTRONIC MAIL AND INTERNET/INTRANET.

1. Purpose:
   1.1. Electronic mail ("email"), Internet access and Intranet systems, and other electronic media and
        equipment are business tools provided by Kansas Turnpike Authority for the timely and efficient conduct
        of the business. To help ensure these tools are used appropriately and consistently with company
        policies, ethics and values, the Kansas Turnpike Authority has developed the following email and Internet
        usage policy. This policy addresses access, use and disclosure of electronic mail and Internet messages
        and material created, sent or received by Kansas Turnpike Authority employees using the Authority's
        systems. The Kansas Turnpike Authority reserves the right to change this policy as it deems appropriate.

2. Policy:
   2.1. Access to and use of the email, communications, and computers are reserved primarily for the conduct
        of Company business. Limited personal use of these systems is permitted subject to the provisions of
        Disciplinary Rules Policy 5-3-1 “Kansas Turnpike Authority Computer Usage Policy and Guidelines”.

3. Applicability:
   3.1. This policy and procedure applies to all departments within the Kansas Turnpike Authority.

4. Guidelines:
   4.1. Authority Property – The email and Internet access/Intranet systems and hardware are company
        property. All messages and attachments composed, sent or received on the email or Internet
        access/Intranet systems are and remain the property of the Kansas Turnpike Authority. They are not the
        private property of any employee, and employees should not consider email or Internet/Intranet
        messages or material private or their personal possessions. Email messages should meet the same
        standards of business etiquette that govern "hard copy" business correspondence.

    4.2. Downloads and Attachments – The Kansas Turnpike Authority prohibits downloading files or documents
         from the Internet. However, in some cases obtaining files from the Internet may be a necessary

Kansas Turnpike Authority (KTA)                   March 18, 2021                                         Attachment 6-4
Attachments - Part 2 - Kansas Turnpike Authority
Roadside Toll Collection System RFP                                    Attachment 6 – KTA Security Information Overview

          requirement for certain job functions. In those instances the Authority requires that such documents be
          job-related or consistent with the provisions of Kansas Turnpike Authority Disciplinary Rules Policy 5-3-1
          “Kansas Turnpike Authority Computer Usage Policy and Guidelines” and constitute a reasonable use of
          Kansas Turnpike Authority's resources.

    4.3. Virus Scanning – Files downloaded from the Internet must be scanned using the Kansas Turnpike
         Authority approved virus scanning program prior to executing on a company computer. It is
         recommended the source code be retrieved and reviewed as opposed to binary formats.

    4.4. Viruses – Employees may not use Kansas Turnpike Authority's email or Internet access systems to
         develop or send any virus or otherwise malicious program. Employees should not open emails or
         attachments unless they are confident of the identity of the sender.

    4.5. Offensive or Harassing Use Prohibited – The email and Internet access/intranet systems shall not be used
         to create and/or distribute any offensive or disruptive messages or material. Messages or material
         deemed offensive or disruptive include, but are not limited to, sexual images or cartoons (video or audio
         medium), hate speech, material that ridicules on the basis of race, creed, religion, color, sex, disability,
         age, national origin, or sexual orientation, or is otherwise defamatory, derogatory or inappropriate for a
         business environment. The electronic mail and Internet access/Intranet systems must not be used to
         commit any crime, including but not limited to sending obscene emails over the Internet with the intent
         to annoy, abuse, threaten or harass another person. The Authority will have the sole discretion to
         determine what messages or materials are deemed offensive, harassing or disruptive.

    4.6. No Sexually Oriented Sites – Kansas Turnpike Authority's Internet access system must not be used to visit
         sexually-oriented or otherwise offensive or inappropriate web sites, or to send, display, download or
         print offensive material, obscene, pornographic or sexually- oriented pictures or any other such
         materials.

    4.7. Solicitation Prohibited – The email and Internet access/Intranet systems may not be used to solicit or
         proselytize for outside or personal commercial ventures, religious or political causes, outside
         organizations, or other solicitations which are not job-related.

    4.8. Chain Letters – Employees must not send or forward "chain letter" emails.

    4.9. Gaming or Gambling – The email and Internet/Intranet systems shall not be used to facilitate any
         Internet gaming or games of chance, including sports betting pools (regardless of the amount of money
         involved) and fantasy sports leagues.

    4.10.       Copyrighted Material and Trade Secrets – The electronic mail and Internet access systems must
         not be used to send (upload) or receive (download) copyrighted materials, trade secrets, proprietary
         financial information or similar materials without prior management authorization.

    4.11.        Company Right to Monitor – Kansas Turnpike Authority reserves and exercises the right to review,
         audit, intercept, store, access and/or disclose messages or material, including attachments, created,
         received or sent, web sites visited and/or files downloaded over the Authority's electronic mail or
         Internet access systems. Information Technology support staff may monitor the use of its systems in its
         sole discretion, at any time, with or without notice to any employee and may by-pass any access control

Kansas Turnpike Authority (KTA)                  March 18, 2021                                        Attachment 6-5
Attachments - Part 2 - Kansas Turnpike Authority
Roadside Toll Collection System RFP                                     Attachment 6 – KTA Security Information Overview

          in place. The Information Technology Department shall block access to Internet websites and protocols
          that are deemed inappropriate for the Authority’s corporate environment. Certain individuals may
          require specific exceptions based on job requirements. The following protocols and categories of
          websites will be blocked:
              •       Adult/Sexually explicit material
              •       Advertisements & pop-ups
              •       Chat and instant messaging
              •       Gambling
              •       Hacking
              •       Illegal drugs
              •       Intimate apparel and swimwear
              •       Peer-to-peer file sharing
              •       Personals and dating
              •       Political influencing, campaigning, or solicitation
              •       Social network services
              •       SPAM, phishing and fraud
              •       Spyware
              •       Tasteless and offensive content
              •       Violence, intolerance and hate

    4.12.       File sharing – Employees who need to share large files for a business purpose, e.g., engineering
         documents or response to KORA requests, should consult with IT for approval to use designated file
         sharing applications. If confidential information needs to be communicated via email, employees should
         use secure email (consult with IT if needed).

    4.13.       Confidentiality – The confidentiality of any message or material should not be assumed. Even
         when a message or material is erased, it may still be possible to retrieve and read that message or
         material. Further, the use of passwords for security does not guarantee confidentiality. Notwithstanding
         Kansas Turnpike Authority's right to retrieve and read any email or Internet messages or material, such
         messages or material should be treated as confidential by other employees and accessed only by the
         intended recipient. Employees are responsible for maintaining the confidentiality of material on the
         systems. Without prior management authorization, employees are not permitted to retrieve or read
         email messages that are not sent to them. The contents of electronic mail or Internet messages or
         materials may, however, be disclosed to others within the Authority, with prior management
         authorization. Please refer to Policy 4-35-1 Record Retention Policy for further guidance on when to
         delete email messages and other records.

    4.14.      Disciplinary Action – Violation of this policy may result in disciplinary action up to and including
         termination of employment.

Kansas Turnpike Authority (KTA)                  March 18, 2021                                         Attachment 6-6
Attachments - Part 2 - Kansas Turnpike Authority
Roadside Toll Collection System RFP                                    Attachment 6 – KTA Security Information Overview

                                          Information Security Program

Policy:

This policy defines the types of data and assets that make up Kansas Turnpike Authority’s (KTA) production
network, who should have access to the various systems and data, and how that access is enforced. This policy is
designed to build and maintain a secure network.

Responsibilities:

This policy is the responsibility of, and maintained by, the Manager of Information Security and information
technology ("IT") staff. It is the responsibility of all managers and employees to assist with the enforcement of the
policies referenced herein. This article should be reviewed annually, or sooner as need dictates, based on
significant network or business rule changes.

All breaches of policy should be reported to the IT staff immediately to determine full scope of the issue. All
breaches and failure to follow these policies should be reported to management and the human resources
department, and may result in disciplinary actions up to and including termination of employment. The policy
here affects all users who have access to any portions of the systems that process cardholder data through any
means. Exclusions to any individual policies must be documented in the policy.

Implementation Security and Acceptable Use:

This policy should be disseminated to all relevant personnel (including vendors and business partners) at least
annually. This policy should be reviewed annually and updated whenever the CHD environment changes.
Security policies identifies information and security responsibilities to all personnel. Responsibility for
information security is formally assigned to the Network and Security Manager. Ensuring the establishment,
documentation, and distribution of the incident response and escalation procedures to ensure due diligence prior
to engaging a service provider with whom cardholder data is shared, a process must be established that:
Requires that service providers acknowledge their responsibility for securing cardholder data. Requires that any
user working with card holder data does not transmit this data in any electronic format (ie. Email, instant
messaging, etc.) Guides due diligence actions prior to engaging a new service provider, monitors service
providers to ensure PCI DSS compliance at least annually. The incident response plan must include:

    •        Roles, responsibilities, communication and contact strategies in the event of a compromise.
    •        Specific incident response procedures.
    •        Business recover and continuity procedures.
    •        Data back-up processes.
    •        Analysis of legal requirements for reporting compromises.
    •        Coverage and response of all critical components.
    •        Reference or inclusion of incident response procedures from the payment brands.
    •        The incident response plan must be tested at least annually.
    •        Personnel must be designated to be available to respond to incidents at all hours. These individuals
             will be trained on a periodic basis on their security breach responsibilities.
    •        The incident response plan will be updated according to lessons learned and industry developments.

Kansas Turnpike Authority (KTA)                  March 18, 2021                                        Attachment 6-7
Attachments - Part 2 - Kansas Turnpike Authority
Roadside Toll Collection System RFP                                     Attachment 6 – KTA Security Information Overview

Security Awareness Program:

A security awareness program will exist which designed to make all personnel aware of the importance of data
security. The program will meet the following requirements:
Security awareness will be communicated to personnel using multiple methods (e.g., posters, letters, memos,
web-based training, etc.) All personnel will attend training upon hire and annually, thereafter.

Physical Security:

All employees and visitors with access to the primary or backup data centers, must be issued badges which
adhere to the following guidelines:

    •        All visitors to areas where cardholder data is processed or maintained must wear a visitor badge
             which is to be easily distinguishable from non-visitor badges.
    •        Badges must be updated as needed, when employee’s access changes. Visitor badges must be
             revoked or expire when no longer needed.
    •        Visitor badges must be surrendered upon departure or expiration.
    •        Access and event logs are reviewed periodically, as well as alerts sent to distribution list upon any
             abnormal events or alarms.

Access to sensitive areas where card holder data is interacted with requires the individual to have a job related
function or justification. If employees need temporary access, they will be required to fill out a ticket containing
the appropriate information to be able to grant access.

The individual(s) allowed to issue badges is Michael Schneider or Thomas Engdahl. Administrative access to the
badge system is limited to the following employees: Richard Woodward, Nick Parrott, Thomas Engdahl, Michael
Schneider.

A visitor log must be maintained for areas where cardholder data is processed or maintained:
     •        Wichita KTAG CSR area
     •        Lawrence KTAG CSR area.
The logs must be retained for a minimum of 90 days.

Physical Inspection of POS readers:

Point of Sale devices must be inspected on a regular basis. This is to check for skimmers, damaged readers,
physical cabling issues, tamper sticker damage, etc. For KTA’s automatic payment machines, the insertion readers
inspections should be tracked using the appropriate tracking form, provided at each Automatic Payment Machine.

Physical Media Destruction:

Kansas Turnpike Authority employees that work with any type of card holder data are required to adhere to the
following shredded media policy.

    •        Hard-copy materials must be crosscut shredded daily such that there is reasonable assurance the
             hard-copy materials cannot be reconstructed.
    •        Storage containers used for materials that are to be destroyed must be secured.

Kansas Turnpike Authority (KTA)                  March 18, 2021                                         Attachment 6-8
Roadside Toll Collection System RFP                                    Attachment 6 – KTA Security Information Overview

    •     Cardholder data on electronic media must be rendered unrecoverable (e.g. via a secure wipe program
          in accordance with industry-accepted standards for secure deletion, or by physically destroying the
          media).
KTA Change Control Policy:

Any modification to KTA systems whether planned or unplanned that can impact regular business operations.
Industry requirements that govern particular classifications of data may dictate controls, this is the case with PCI
compliance. These requirements affect any part of the cardholder environment. A formal request for change
(RFC) will be required under the following circumstances:
    •        Modification of network infrastructure, security, controls, hardware, operating systems, applications,
             database’s, etc.
    •        Addition of new hardware or software to the environment.
    •        The primary objective of this process is to ensure that a valid business case has been prepared that
             demonstrate greater costs and risks associated with the change, also all PCI requirements continue to
             be met. All changes must be approved by the KTA management that is directly involved with changes
             be made.

KTA Password Policy:

KTA requires users to have a unique and complex password, for CSR workstations (windows login) users must
adhere to the following requirements:
   •        Minimum of 8 characters, cannot reuse last 10 passwords, 90-day expiration, account locked after 6
            attempts, 30-minute lockout timer, password complexity required.
   •        KTA requires users to have a unique and complex password, for web server’s users must adhere to
            the following requirements:
   •        Minimum of 7 characters, restriction of repeating characters, cannot reuse last 5 passwords, can
            contain all characters (letter, number, special character), 45-day expiration.

KTA Cardholder Data Retention Policy:

KTA does not store any card holder data. All card holder data is encrypted upon entering, swipe, etc. This data is
then sent to the credit card processing provider, and a token is returned for KTA reference.

KTA Software and Vulnerability Update Policy:

    •        Software and Vulnerability notifications for the web server(s) are sent currently by our Tripwire
             software. In addition, manual retrieval of security updates for the RHEL servers will be required in
             order to ensure updates are applied.
    •        For our Checkpoint IDS/IPS database and signature revisions, updates and notification are available
             within the Checkpoint dashboard, updates can also be downloaded and applied from within that
             location, and this also requires user interaction.
    •        In addition monitoring of CVE vulnerability database, action is taken if applicable.
    •        Installation of applicable vendor-supplied “critical” security patches are installed within one month of
             release.
    •        Installation of all applicable vendor-supplied security patches are installed within an appropriate
             timeframe.

KTA Privileged Access Policy:

Kansas Turnpike Authority (KTA)                  March 18, 2021                                        Attachment 6-9
Roadside Toll Collection System RFP                                   Attachment 6 – KTA Security Information Overview

    •        Users that require administrative access to any card holder environment are evaluated based on the
             individuals job function. User accounts are requested through KTA’s ticketing system.

KTA List of Service Provider’s:

    •        The following service providers are associated with procedures and processes that integrate with
             KTA’s card holder environment.
             o Bank of America – First Data
             o Tempus Technologies
             o Lifeboat Creative
    •        These service providers are required at least on an annual basis to provide evidence that they are PCI
             compliant (based on their business function), and that they keep up with secure practices
             surrounding their area of involvement with KTA.

KTA Approved POS Devices:

    •        All card holder transactions are used with only the following devices, these devices have been
             approved by KTA management. See hardware spec sheets.
             o IDTECH SecureKey M100/M130 encrypted keypad
             o IDTECH SecureMOIR encrypted insertion readers

KTA Remote Access Policy:

    •        Users who require remote VPN access to the card holder environment are required to request
             through the appropriate KTA channels, this will involve use of KTA’s ticketing system.
             o Account expiration is determined at the time of creation (no greater than 90 days).
             o Remote accounts become disconnected after a period of inactivity, this will require the remote
                 user to re-authenticate.
             o Remote users authenticate to KTA’s network using 2-Factor Authentication.

KTA Audit Logging and Review Policy:

Security auditing must be enabled on the following components and systems. In addition, the clocks on these
systems must be synchronized through KTA’s internal NTP server.

    •        Webserver
    •        Firewall
    •        Physical access control system.

These logs must be maintained for 12 months with 3 months (90 days) readily accessible. Items that are logged
may include:

    •        User identification
    •        Type of Event
    •        Date and Time
    •        Success or failure indication
    •        Origination of event

Kansas Turnpike Authority (KTA)                 March 18, 2021                                        Attachment 6-10
Roadside Toll Collection System RFP                                    Attachment 6 – KTA Security Information Overview

    •        Name of affected data, system or resource.

All audit trails are protected and only viewable to those with a job-related need. Log data is backed up daily on all
systems. Certain systems utilized a FIM (File Integrity Monitor) to ensure that any changes to files is not only
logged but certain items generate real time alerting.

Kansas Turnpike Authority (KTA)                  March 18, 2021                                        Attachment 6-11
Roadside Toll Collection System RFP                                      Attachment 6 – KTA Security Information Overview

                                           Incident Response Plan / Policy

Policy:

This policy defines procedures that allow the Kansas Turnpike Authority to respond quickly and adequately to
Information Technology security incidents.

Guidance:

The following regulations, guidance, and standards were considered as part of the development of this policy:
Network Security and addressing PCI DSS ver 3.2.1

Scope:

This policy applies to all systems that store, process, or transmit cardholder data. This includes all point-of-sale
devices.

Commentary:

As they pertain to Information Technology, security incidents are defined as events that interrupt normal
operating procedures and trigger some level of crisis or data compromise. Some examples of applicable incidents
could be:
    •       Attempted or successful network or computer penetration attempts
    •       An outbreak of a computer virus or other malicious software
    •       Any physical security breaches, to include point-of-sale devices
    •       Unexpected escalation of account privileges
    •       The appearance of unexpected network or other user accounts
    •       Any unauthorized access to cardholder data or systems

One of the primary purposes of this policy is to define primary responsibilities in the event of a suspected or
verified security incident. It is not possible to define all aspects of every possible security incident and every step
to be taken by the organization in the event of any incident. However, basic steps can be defined, including who
will make which major decisions as the organization responds and recovers.

Please find the individuals listed below with security breach response responsibilities:
    •        Nick Parrott (Team Lead) – Network and Security manager - Responsible for communication and
             strategies to neutralize any incident in a timely and efficient manner.
    •        Tim Means (Computer System Administrator) - Responsible for anything to do with FW related
             breaches, end user terminals / systems.
    •        Blake Butterworth (App/Dev Manager) – Responsible for any breaches regarding website security,
             online customer applications, etc.

This policy documents the overall planning and responsibility for incident response.

Incident Response Team – Roles and Communication Strategy:

Identify and document Incident Response Team members and their emergency contact information. Make this
contact information available to each team member when at work or away from work. Assign a Primary Team

Kansas Turnpike Authority (KTA)                   March 18, 2021                                         Attachment 6-12
Roadside Toll Collection System RFP                                    Attachment 6 – KTA Security Information Overview

Leader who is responsible for overall incident response and a Secondary Team Leader who functions as Team
Leader in the absence of the Primary Leader.

Include in the Incident Response Team representation from the following areas:
    •        Bruce Meisch – Director of Technology
    •        Nick Parrott (Team Lead/Primary) – Network and Security Manager
    •        Tim Means (Secondary) – Computer System Administrator
    •        Blake Butterworth – App Development Manager

External security consultants as determined necessary by senior management
    •       OPTIV Security

Ensure team membership includes personnel that:
   •       Have appropriate training to investigate and report findings.
   •       Have access to backup data and systems, an inventory of all approved hardware and software, and
           monitored access to systems (as appropriate).
   •       Have appropriate authority and/or access to senior management for timely approval of incident-
           related decisions.

Availability:

Personnel designated as part of the incident response team must be available for incident monitoring and
response at all times.
Monitoring will include, as appropriate:
    •       Evidence of unauthorized activity
    •       Detection of unauthorized access points
    •       Critical IDS alerts
    •       Reports of unauthorized critical system or content file changes

Coverage:

Coverage of systems included in this response plan will extend to all critical systems within the in-scope
environment.

Incident Response Training, Testing, and Documentation:

Perform appropriate training of the Incident Response Team periodically. Design training and testing to include
team orientation (review of responsibilities and interaction with personnel and appropriate outside agencies,
such as law enforcement), as well as scenario-driven discussions in which various types of incidents, including
external service providers, are reviewed and evaluated. Document incident response tests in the same manner as
real incidents (as described below). Document suspected or verified security incidents that invoke the
involvement of the Incident Response Team.

Service Providers:

Upon notification of a security incident from a service provider, follow the same procedures as those involving
company-controlled systems and premises.

Notification Checklist:

Kansas Turnpike Authority (KTA)                 March 18, 2021                                         Attachment 6-13
Roadside Toll Collection System RFP                                     Attachment 6 – KTA Security Information Overview

In the event of a suspected security incident, the acting Team Leader will ensure that a Notification Checklist is
promptly started and is filled out as completely as possible. The notification checklist will include the following, at
a minimum:

    •        Upon notification of a breach, ensure notification to the payment brand.
    •        Ensure legal requirements are considered to ensure customer reporting is completed, if required

Incident Response Procedures:

As soon as the checklist is completed, the acting Team Leader will determine whether an incident has occurred. If
an incident has occurred, the Team Leader will call the Incident Response Team together to begin the process of
investigation, response, and restoration. At this point, the Team Leader will contact external security
professionals if deemed necessary.

Response Strategy / Coverage and Response for all Critical System Components:

Immediately following determination of a security incident, the acting team leader will convene the Incident
Response Team. As a team, develop a response strategy to be approved by senior management. Such a strategy
normally includes:
   •        Isolation of compromised systems or enhanced monitoring of intruder activities
   •        Search for additional compromised systems
   •        Collection and preservation of evidence
   •        Reaching out to technical experts, if needed

Notification of Authorities and/or Customers (Requirements for reporting compromises):

Based on evaluation of the notification checklist and subsequently collected information, the Incident Response
Team will determine if sensitive customer information has been accessed in an unauthorized fashion. For the
purpose of this plan, "sensitive customer information" has been defined as any of the following information:
    •       A customer's name
    •       A customer's address
    •       A customer's telephone number
    •       In conjunction with any of the following customer information:
    •       A personal identification number or password that would permit access to the customer's account
    •       In the event that a card provider has specific terms, incident response procedures those must be
            included in the restoration strategy.

Restoration Strategy:

As the response strategy is developed, appropriate restoration procedures are approved by senior management
and implemented. These should address the following:
    •       Elimination of an intruder's means of access
    •       Freezing or closing affected customer accounts when applicable
    •       Restoration of systems, programs, and data
    •       Internal communication/training as appropriate

Kansas Turnpike Authority (KTA)                  March 18, 2021                                         Attachment 6-14
Roadside Toll Collection System RFP                    Attachment 7 – Kansas License Plate Guide

                               Attachment 7
                         Kansas License Plate Guide

Kansas Turnpike Authority (KTA)       March 18, 2021                              Attachment 7
VERSION 3.0
                                          2020

KANSAS LICENSE PLATE GUIDE
        EMBOSSED & DIGITAL LICENSE PLATES
               PREPARED BY: DIVISION OF VEHICLES
                                VEHICLE SERVICES
Confidential
KANSAS LICENSE PLATE GUIDE
The Division of Vehicles implemented a new manufacturing process and delivery method for Kansas license plates. The change
became effective August 1, 2018 for license plates issued to Apportioned vehicles engaged in interstate commerce. For all passenger
vehicles and intrastate Commercial vehicles, the change became effective August 15, 2018. In addition to the embossed and digital
plates, the K-State, Ag in the Classroom, KCC Equipment Tag, Personalized, and Disabled Personalized plates all have new
designs for 2020. Also for 2020, Dealer plate text is now green and a new Rental Fleet plate was added by the legislature.
               NOTE: Although limited, there are some old Capital/Dome embossed plates still on the road. They can be Standard,
               Standard Disabled, Amateur Radio, Special Interest and Street Rod in design. These are rare and are slowly being
               replaced.

CURRENT PLATE IMAGES

       Title             Note                 Embossed                             Digital                  New Digital 2020

                       renewals &
                        duplicate
 Baker University     replacements
                          only

Benedictine College

  Emporia State
   University

  Fort Hays State
    University

2020                                                  Kansas License Plate Guide                                                   1
Confidential
         Title          Note        Embossed                           Digital   New Digital 2020

Friends University

                     motorcycle
   Kansas State
                       plates
    University
                      available

                      renewals &
 Ottawa University     duplicate
                     replacements
                         only

  Pittsburg State
    University

                     motorcycle
   University of
                       plates
     Kansas
                      available

       Washburn
       University

2020                                      Kansas License Plate Guide                                   2
Confidential
       Title             Note         Embossed                              Digital   New Digital 2020

   Wichita State
    University

 Agriculture in the
    Classroom

  Amateur Radio       Dark Blue or
    Operator          Black letters

 Autism Awareness                     Digital Only

  Breast Cancer
    Research

2020                                           Kansas License Plate Guide                                   3
Confidential
       Title           Note           Embossed                              Digital   New Digital 2020

 Children’s Trust
      Fund

                                     Digital Only
  City of Wichita   black letters
                                    Limited Edition

  City of Wichita   white letters    Digital Only

                    motorcycle
   Donate Life        plates
                     available

 Ducks Unlimited

2020                                           Kansas License Plate Guide                                   4
Confidential
         Title         Note       Embossed                           Digital   New Digital 2020

   Eisenhower
   Foundation

                     motorcycle
Emergency Medical
                       plates
    Services
                      available

                     motorcycle
  Families of the
                       plates
     Fallen
                      available

                     motorcycle
       Firefighter     plates
                      available

                     motorcycle
 Gold Star Mother      plates
                      available

  Horse Council

2020                                    Kansas License Plate Guide                                   5
Confidential
         Title        Note       Embossed                           Digital   New Digital 2020

     Foreign
   Organization

                    motorcycle
 I’m Pet Friendly     plates
                     available

                    motorcycle
 In God We Trust      plates
                     available

  Masonic Lodge

       Shriner’s

 Support the Arts

2020                                   Kansas License Plate Guide                                   6
Confidential
               Title                        Note                                 Embossed                                                    Digital             New Digital 2020

      Special Olympics                                                          Digital Only

                                        motorcycle
     Antique1 – current
                                          plates
           issue
                                         available

         Antique2 –                   Original plate
      previously issued                   only

                                        motorcycle
         Personalized
                                          plates
           Antique
                                         available

1
    Vehicle must be at least 35 model years old or older, and not be altered or modified from the original manufacturer’s model, except for safety components.
2
    These antique plates are still valid, however Kansas no longer issues the blue and yellow plates.
    2020                                                                                       Kansas License Plate Guide                                                              7
Confidential
              Title                        Note                                  Embossed                                                      Digital                                        New Digital 2020

                                    Original plate
     Special Antique3
                                        only

                                      motorcycle
     Special Interest4                  plates
                                       available

                                      motorcycle
           Street Rod   5
                                        plates
                                       available

      Cong. Medal of
         Honor

3
  Kansas antique vehicle owners are allowed to display a Kansas issued license plate that corresponds to the vehicle year of the antique, providing the vehicle and license plate are at least thirty-five years old. Example: 1956
Ford with Kansas License plate initially issued in 1956 will have a “56” on the plate. The plate used must not be altered or defaced and must be as originally issued by the State of Kansas.
4
  Motor vehicle more than 20 years of age and which has not been altered or modified from the original manufacturer’s specifications except to assure normal running operation or to meet specific safety inspection requirements
on original equipment, or both.
5
  Manufactured in 1949 or before that has been altered or modified. The main component of a street rod that must still be part of the original vehicle is the body, i.e. the body must be all original steel. “Kit Cars” do not qualify
as street rod vehicles.
    2020                                                                                        Kansas License Plate Guide                                                                                                          8
Confidential
       Title           Note       Embossed                           Digital   New Digital 2020

Ex-Prisoner of War

                     motorcycle
  National Guard       plates
                      available

   Pearl Harbor
     Survivor

                     motorcycle
   Purple Heart        plates
                      available

                     motorcycle
   U.S. Veteran        plates
                      available

                     motorcycle
 Vietnam Veteran       plates
                      available

2020                                    Kansas License Plate Guide                                   9
Confidential
       Title           Note       Embossed                              Digital   New Digital 2020

                     motorcycle
Enduring Freedom       plates     Digital Only
                      available

                     motorcycle
  Iraqi Freedom        plates     Digital Only
                      available

                     motorcycle
   Desert Storm        plates     Digital Only
                      available

                     motorcycle
Korean War Veteran     plates     Digital Only
                      available

                     motorcycle
 Disabled Veteran      plates
                      available

2020                                       Kansas License Plate Guide                                  10
Confidential
       Title             Note         Embossed                           Digital   New Digital 2020

                      Motorcycle
     Standard        and motorized
   current issue     bicycle plates
                       available

                      motorcycle
 Standard Disabled
                        plates
    current issue
                       available

                      motorcycle
 2015 Personalized      plates
                       available

                      motorcycle
  2015 Disabled
                        plates
   Personalized
                       available

                      motorcycle
 2020 Personalized      plates
                       available

                      motorcycle
  2020 Disabled
                        plates
   Personalized
                       available

2020                                        Kansas License Plate Guide                                  11
Confidential
               Title                        Note                                Embossed                                     Digital      New Digital 2020

    City/County/School
    District/Township6

                                       motorcycle
              Dealer
                                         plates                                                                            Digital Only
                                        available

                                       motorcycle
        Dealer Lender                    plates                                                                            Digital Only
                                        available

       Dealer Salvage                                                                                                      Digital Only

      Dealer Wholesale                                                                                                     Digital Only

6
    Decals at the bottom read either: City, County, School District or Township. A0000 or 00000 combinations available.
    2020                                                                                      Kansas License Plate Guide                                       12
Confidential
       Title          Note       Embossed                             Digital      New Digital 2020

     Dealer
Manufactured Home                                                   Digital Only

   Dealer Trailer                                                   Digital Only

 Dealer D-Hauler                                                    Digital Only

                    motorcycle
  Dealer Full Use     plates                                        Digital Only
                     available

Dealer Drive Away                                                   Digital Only

 Rental Car Fleet                                                   Digital Only

2020                                   Kansas License Plate Guide                                       13
Confidential
       Title             Note        Embossed                             Digital      New Digital 2020

  Highway Patrol

 Highway Patrol –
 Capitol Police and
   Motor Carrier
   Enforcement

 KCC Equipment                                                          Digital Only

                      motorcycle
  Kansas Official       plates
                       available

                       motorcycle
                         plates,
                       renewals &
  Kansas Official       duplicate
                      replacements
                          only

  Motor Carrier
Apportioned Trailer
   Permanent

2020                                       Kansas License Plate Guide                                       14
Confidential
       Title          Note   Embossed                           Digital   New Digital 2020

  Motor Carrier
Apportioned Truck

   Motor Carrier
   Commercial

  Motor Carrier
 Custom Harvester

Motor Carrier Fleet

   Motor Carrier
   Utility Trailer

2020                               Kansas License Plate Guide                                  15
Roadside Toll Collection System RFP                    Attachment 8 – Implementation Responsibility Matrix

                       Attachment 8
             Implementation Responsibility Matrix

Kansas Turnpike Authority (KTA)       March 18, 2021                                        Attachment 8
Roadside Toll Collection System RFP                               Attachment 8 – Implementation Responsibility Matrix

                                  Implementation Responsibility Matrix

 Work Item:
  1 = Design
  2 = Furnish
  3 = Install
 Responsibility:
  A = Primary Responsibility – The party has the primary responsibility for completion of the item.
  B = Support / Coordination – The party provides either support or coordination to assist the primary
      responsible party with successful completion of the item.
  C = No Responsibility – The party has no action for the item.

                                                                                                     RTCS
 Item      Element / Task / Component / Sub-system Description                       KTA
                                                                                                   Contractor
                                                                                 1     2     3     1       2      3

 Roadside Toll Inf rastructure Design and Construction

         Oversight of all aspects of toll site construction to ensure all
  1.                                                                            A     A      A     B       C     C
         parties are coordinated and performing to expectations.

  2.     Selection of Toll Zone locations.                                      A     A      A     C       C     C

         Site work, including earthwork, grading, paving, barrier,
  3.                                                                            A     A      A     C       C     C
         retaining walls, and drainage throughout the corridor.

  4.     Toll gantries and foundations.                                         A     A      A     B       C     C

  5.     RTCS PoP toll equipment buildings.                                     A     A      A     B       C     C
         Conduit, junction boxes, pull boxes, etc. from toll equipment
  6.     buildings/vaults and cabinets to toll gantries, including              A     A      A     B       B     C
         loop/lead-in boxes.
         All WAN network communications equipment and wiring to
         the Tolling Locations demark location at each PoP for the
  7.                                                                            A     A      A     B       C     B
         RTCS and to the primary and secondary location for the
         RSS.
         Electrical wiring and network communications from
         demarcation point in toll equipment PoP buildings to
  8.                                                                            B     C      B     A       A     A
         overhead toll equipment, in-pavement toll equipment and
         DVAS cameras.
         Power and utility services to all Tolling Locations, including
  9.     utility power, backup generator, automatic transfer switch             A     A      A     C       C     C
         and UPS installation.
  10.    Maintenance of Traf fic (MOT) during civil construction.               A     A      A     C       C     C

Kansas Turnpike Authority (KTA)                  March 18, 2021                                        Attachment 8 - 1
Roadside Toll Collection System RFP                             Attachment 8 – Implementation Responsibility Matrix

                                                                                                   RTCS
 Item      Element / Task / Component / Sub-system Description                     KTA
                                                                                                 Contractor
                                                                               1     2     3     1       2      3

 Roadside Toll Collection System (RTCS)

         RTCS Design, Installation Drawings, and System
  11.    Documentation for Roadside and Roadway Support                       C     C      C     A       A     A
         Systems.
         RTCS equipment enclosures in the PoP buildings, as
  12.    needed. (No equipment cabinets are expected outside of the           B     C      C     A       A     A
         PoP buildings or on the toll gantry structure.)
         Def ine the tolling business rules and tolling policies for the
  13.                                                                         A     A      A     B       B     B
         turnpike.
         Equipment brackets and mounting hardware for overhead
  14.    toll equipment on toll gantries, for both existing and newly         B     C      C     A       A     A
         constructed gantries.
         All RTCS equipment and mounting hardware, including the
  15.                                                                         C     C      C     A       A     A
         AVI readers/antennas.
         KTA Interoperable Partner compatible tri-protocol readers
  16.    and Automatic Vehicle Identification (AVI) System as                 B     C      C     A       A     A
         Approved by KTA.
         All RTCS equipment installations, terminations, and
  17.                                                                         C     C      C     A       A     A
         connections, including DVAS.

  18.    Any required in-pavement toll equipment.                             B     C      C     A       A     A

         Automatic Vehicle Detection and Classification (AVDC)
  19.                                                                         C     C      C     A       A     A
         System.
         Digital Video Audit System (DVAS) with overview cameras of
  20.                                                                         C     C      C     A       A     A
         each RTCS Toll Zone.
         Image Capture and Processing Systems (ICPS) including
  21.    f ront & rear color cameras, lighting, lighting sensors, and         C     C      C     A       A     A
         accurate and timely image processing.
         Wrong Way Vehicle detection at existing and new Tolling
         Locations, integrated with the RTCS for sending real-time
  22.                                                                         C     C      C     A       A     A
         alerts, images, and video and interfaces to Wrong Way signs
         on the roadway.
         Wrong Way Vehicle detection signs at existing and new
  23.                                                                         A     A      A     C       C     C
         Tolling Locations.
         Wrong Way Vehicle detection communication tie-ins at
  24.                                                                         B     C      C     A       A     A
         existing and new Tolling Locations.
         Management of Traffic (MOT) during RTCS installation and
  25.                                                                         B     B      B     A       A     A
         maintenance.
         Physical access control, fire detection, and security CCTV at
  26.                                                                         A     A      A     C       C     C
         PoP locations.

 Roadside Support Systems (RSS)

Kansas Turnpike Authority (KTA)                March 18, 2021                                        Attachment 8 - 2
Roadside Toll Collection System RFP                             Attachment 8 – Implementation Responsibility Matrix

                                                                                                   RTCS
 Item      Element / Task / Component / Sub-system Description                     KTA
                                                                                                 Contractor
                                                                               1     2     3     1       2      3

         Facilities for Primary and Secondary (Disaster Recovery)
  27.                                                                         A     A      A     C       C     C
         data center sites for Roadway Support Systems.
         WAN Network communications equipment (including all
  28.    switches) for Roadway Support Systems to the WAN                     A     A      A     C       C     C
         demark.
         Roadway Support Systems network equipment (behind the
  29.    WAN demark), computer servers, and software in primary               C     C      C     A       A     A
         and DR locations.
  30.    Interf ace between RTCS and the KTA CSC Back Office.                 B     B      B     A       A     A

  31.    Digital Video Audit Subsystem                                        C     C      C     A       A     A
         Maintenance Online Management System (MOMS),
  32.    integrated with the RTCS f or sending real-time alerts and for       C     C      C     A       A     A
         logging maintenance records.
         Accurate and timely License Plate (LP) values, state
         jurisdictions, and plate types (if applicable) using OCR/ALPR
  33.                                                                         C     C      C     A       A     A
         f or all AVI and image-based transactions and images
         presented to KTA CSC Back Office.
         Physical access control, fire detection, and security CCTV at
  34.                                                                         A     A      A     C       C     C
         primary and DR data center locations.

  35.    Power and HVAC at primary and DR data center locations.              A     A      A     C       C     C

 Other Responsibilities

  36.    Incident Management services for the turnpike.                       A     A      A     C       C     C

  37.    Maintain the roadway and roadside structures.                        A     A      A     C       C     C

  38.    Onsite Maintenance of the Roadway Toll Collection System.            A     A      A     C       C     C

         Remote Maintenance of the Roadway Toll Collection
  39.                                                                         C     C      C     A       A     A
         System.
         Responsible for issuing AVI transponders, for providing
         account maintenance services, and for providing the
  40.    transponder status list for all KTA and compatible                   A     A      A     B       B     B
         transponders via Bulk and Incremental TVL downloads to
         the RTCS.
         Responsible for presenting fully-formed toll transactions
  41.    including AVI and image-based transactions from the RTCS             C     C      C     A       A     A
         to the RSS and to the KTA CSC Back Office.
         Responsible for processing all fully-formed toll transactions
  42.    including AVI and image-based transactions presented from            A     A      A     B       C     C
         the RTCS.

Kansas Turnpike Authority (KTA)                March 18, 2021                                        Attachment 8 - 3
Roadside Toll Collection System RFP                             Attachment 8 – Implementation Responsibility Matrix

                                                                                                   RTCS
 Item      Element / Task / Component / Sub-system Description                     KTA
                                                                                                 Contractor
                                                                               1     2     3     1       2      3
         Responsible for processing the posting disposition from the
  43.    KTA Back Office for all toll transactions sent to the KTA Back       B     C      C     A       A     A
         Of f ice for reporting and reconciliation purposes.
         Responsible for providing all collection efforts for all image-
         based toll transactions and associated selected images
  44.    presented from the RTCS including generating and mailing             A     A      A     C       C     C
         “image-based transaction” invoices, processing payments
         and dispute resolution.
         Coordination and suspension of tolls during incidents per the
  45.                                                                         A     A      A     C       C     C
         KTA-approved operating procedures.
         Responsible for immediately updating MOMs as devices are
  46.    added or taken out of service on KTA facilities during the           B     B      B     A       A     A
         Implementation Phase.
         Responsible for immediately updating MOMs as devices are
  47.    added or taken out of service on KTA facilities during the           A     A      A     B       B     B
         Maintenance Phase.
         Responsible for providing secure access to the RTCS f rom
  48.                                                                         B     B      B     A       A     A
         KTA workstations and laptops.
         Wide Area Network (WAN) physical network from PoP to
  49.    PoP and from each PoP to the KTA Primary and Secondary               A     A      A     B       C     B
         data centers.
         Maintenance of conduit, junction boxes, pull boxes, etc. for
  50.                                                                         A     A      A     B       C     B
         all network civil infrastructure.

  51.    FCC licenses and permitting for the RTCS at each Toll Zone           A     A      A     B       B     B

Kansas Turnpike Authority (KTA)                March 18, 2021                                        Attachment 8 - 4
Roadside Toll Collection System RFP      Attachment 9 – Special Instructions – Traffic Control Restrictions

                         Attachment 9
             Special Instructions – Traffic Control
                          Restrictions

Kansas Turnpike Authority (KTA)       March 18, 2021                                        Attachment 9
Roadside Toll Collection System RFP                                 Attachment 9 – Special Instructions – Traffic Control Restrictions

                                          KANSAS TURNPIKE AUTHORITY
                                          PROJECT SPECIAL PROVISION
                                                    TO THE
                                           STANDARD SPECIFICATIONS
                                                EDITION OF 2015

                   SPECIAL INSTRUCTIONS – TRAFFIC CONTROL RESTRICTIONS

1.0 KANSAS TURNPIKE MAINLINE LANE CLOSURES I-70 (MM 183 to MM 224):
      Mainline single lane closures on the I-70 corridor from MM 183 to MM 224, will not be allowed before 9:00
      AM and must be removed before 3:30 PM. All lane closures must be removed on Fridays, by 12:00 Noon.
      When working in the six lane segment during this time period the left lane may be closed while leaving both
      the middle and right lane open, or the right lane may be closed leaving the middle and left lane open.

         Work in the middle lane shall require two lanes of closure and will only be allowed during Weekday Off-Peak
         Hours as defined in Section 3.0. When working in the middle lane, the Contractor will have the option of
         closing the left lane and middle lane or the middle lane and right lane.

2.0 KANSAS TURNPIKE MAINLINE LANE CLOSURES I-35, I-335 and I-470 (MM 0 to MM 183):
      Mainline lane closures on all other corridors, (I-35, I-335 and I-470 from MM 0 to MM 183), will not be allowed
      before 7:00 AM and must be removed before 7:00 PM. The Engineer has final discretion in adjusting these
      hours if conditions, (in his sole opinion), warrant doing so.

3.0      WEEKDAY OFF-PEAK HOUR WORK:
         Weekday off-peak hours are defined as follows: 7:00 P.M. to 6:00 A.M.

         Weekday off-peak hour work and hours must be pre-approved by the Engineer. The Contractor is required to
         request weekday off-peak hour work and hours, a minimum of 48 hours in advance. The Engineer may restrict
         weekday off-peak hour work due to special events that may adversely affect traffic and cause disruption to KTA
         customers. It is the sole opinion of the Engineer when weekday off-peak hour work will be restricted.

         Work to set up traffic control for a lane closure during weekday off-peak hour work is not allowed to begin until
         7:00 P.M. All Traffic Control for lane closures during off-peak hour work must be removed before 6:00 A.M.

4.0      SATURDAY OFF-PEAK HOUR WORK:
         Saturday off-peak hour work and hours must be pre-approved by the Engineer. The Contractor shall request
         Saturday off-peak hour work and hours a minimum of 48 hours in advance. The Engineer may restrict Saturday
         off-peak hour work due to special events that may adversely affect traffic and cause disruption to KTA
         customers. It is the sole opinion of the Engineer when Saturday off-peak hour work will be restricted. No
         Sunday Work Will Be Allowed.

5.0      CONSTRUCTION VEHICLE MOVEMENTS WITHIN PROJECT LIMITS:
         All Contractor and construction vehicles are prohibited from making turnarounds through the median barrier
         wall. Turnarounds shall be made at Service Areas and Interchanges ONLY! If the contractor or any
         subcontractor is observed making a turnaround through the median barrier wall, the project engineer(s) shall
         have discretion to notify the General Contractor that all work, regardless of who violated this rule, is immediately
         suspended for the remainder of that day. No allowance shall be made in work schedule related penalties for this
         lost time.

6.0      TRAFFIC CONTROL SIGNS AND DEVICES:
         The speed limit through the construction zone will be reduced to 65 mph. The Contractor shall use conical
         delineators on this project for all traffic control delineation. The Contractor shall be responsible for covering all
Kansas Turnpike Authority (KTA)                    March 18, 2021                                                Attachment 9-1
You can also read