ict authority

About GEA ICT Standards

The Government Enterprise Architecture (GEA) Framework defines the minimum components of an ICT Plan, and provides the ICT Standards as guidelines on how to implement it in Government.

A total of nine Standards falling under six different domain areas have been identified as relevant for Government ICT Standards. The GEA Framework provides a generic and minimum standard to be applied across all spheres and levels of Government including Ministries, Counties and Agencies (MCAs).

The development of the GEA Framework is in line with the ICT Authority mandate to set and enforce ICT standards and guidelines for the human resource, infrastructure, processes and system and technology for the public office and public service.

Why GEA was developed

The GEA was developed to ensure coherence and unified approach to acquisition, deployment, management and operation of ICTs across state agencies, in order to promote service integration, adaptability and cost savings through economies of scale in ICT investments.

The GEA Framework provides a blueprint for improving Government programmes and plans, by aligning the business processes, information flows, and technology consistently across and throughout the Government. The vision of GEA is to provide seamless integration for citizen services empowered through inter-departmental collaboration through ICT standardization.

Development of GEA Framework

The ICT Authority established a Standards Committee to identify the critical Standards domain areas as well as oversee the Standards development process.

The Authority has the oversight role and responsibility for management and enforcement of the GEA Framework. The review and approval of the standard is done by the ICTA Board upon recommendation of Standard Review Board.

The development of the Standards took into consideration international requirements, Government requirements, stakeholder participation as well as industry/sector best practices. Various base standards have been used as reference materials in the development of GEA Standards, including standards developed by IEEE, ISO, TIA, COBIT, NIST, ANSI, IEC, IETF, among others.

The GEA Standards have also been prepared in accordance with the Kenya Bureau of Standards (KEBS) standards development guidelines, in order to conform to the format of other existing national standards.


List of 3RD Edition of draft standards

1. Cloud Standards

2. Data Centre standards

3. Digitalization standards

4. End User standards

5. ICT Security standards

6. IT Governance standards

7. Network standards

8. System and Application standards

9. ERM System standards

10. ERM standards

For persons interested in an upcoming working forum. Click here

Download Draft Standards

Fiber Optic-Backbone, Metro and Last Mile Infrastructure Standard

Cloud Computing Standard

Standard: Cloud Computing Standard, ICTA-7.002:2019

Thematic Area: Infrastructure

Description: This standard provides a framework for acquisition and deployment of cloud based computing products and services.

 Areas Covered:

  a.   General requirements

  b.   User context of cloud computing: This entails the parties, the roles, the sub-roles and the cloud computing activities

        i.    Cloud service customer

         ii.    Cloud service provider

  c.    Cross cutting aspects.

Effective Date: 01 February 2020


Cloud Computing Standard, ICTA-7

Information Security Standard

Standard: Information Security Standard, ICTA-3.002:2019

Thematic Area: Information Security

Description: Information systems security standards aim at providing a framework for the setting up of appropriate controls that will ensure the protection of information from a wide range of threats in order to ensure continuity in government operations, minimize risk, and maximize return on government IT investments.

Areas Covered:

   1. Leadership & Accountability

   2. Cyber Security Management

   3. Risk Management

   4. Human Resource Security

   5. Operational Security

   6. Physical and Environmental security

   7. Cloud Security

   8. Cryptography

   9. Third Party Relationships

   10. Compliance

Effective Date: 01 February 2020


Information Security Standard Document

IT Governance Standard

Standard: IT Governance Standard, ICTA. 5.002: 2019

Thematic Area: IT Governance


This Standard defines the processes that ensure the effective and efficient use of IT in enabling a government institution to achieve its goals. It spans IT management and control in the institution’s culture, organisation, policy and practices.

Areas Covered:

   1. Enterprise Architecture

   2. ICT governance

   3. IT Service Management

   4. Legal and Regulatory

   5. ICT risk management

   6. Sourcing, resourcing and Financing of IT functions

Effective Date: 01 February 2020


IT Governance

Electronic Records and Data Management Standard

Standard: Electronic Records and Data Management Standard, ICTA-4.002:2019

Thematic Area: Electronic Records Management

Description: This Standard provides a framework for management of electronic records such that they meet the same requirements as their regular paper record counterparts.

Areas Covered:

   i. General considerations

  ii. Capturing records

  iii. Classification and indexing

  iv. Access Control and Storage

  v. Migration and Conversion

  vi. Retention and Disposal

  vii. E-records Management Systems

  viii. Business Systems

Effective Date: 01 February 2020


Electronic Records and Data Management Standard

Data Centre Standard

Standard: Data Centre Standard. ICTA-2.002:2019

Thematic Area: Infrastructure

Description: This Standard outlines the specifications to be used in setting up Government data centres that support the large amounts of data flow stored and handled by Government, and are efficient enough to ensure continuous service availability.

Areas Covered 

    i. Design and Planning (physical location)

   ii. Planning Layout

   iii. Cabling infrastructure

   iv. Environment (Cooling, power and lightning, fire detection and suppression)

    v. Physical Security

   vi. Data center monitoring

   vii. Maintenance and SLAs

Effective Date: 01 February 2020


Data Centre Standards

ICT Human Capital & Workforce Development Standard

Standard: ICT Human Capital and Workforce Development Standard, ICTA.6.002:2019
Thematic Area: ICT Human Capacity


This Standard seeks to enhance the opportunities for interoperability of public service ICT resources ensuring uniformity in skills and competencies, and guaranteeing uniform quality of government services everywhere and all the time. The Standard takes into account the needs and aims of all government’s e-service delivery competencies and thus provides standards on: ICT professional (technical) personnel in the public sector, ICT end users, and Kenyan citizens ICT training.

Areas Covered:

   1. Requirements for ICT Professionals in the Public Sector

   2. Capacity Development for End User Requirement

   3. Capacity Development for Citizen Competency Requirement

   4. Accreditation of ICT Institutions/Training Providers

   5. Accreditation of IT Professionals

Effective Date: 01 February 2020

ICT Human Capital and Workforce Development Standard, ICTA.6.002:2019

End-User Computing Devices Standard

Standard: End-User Equipment Standard, ICTA-2.002:2019

Thematic Area: Infrastructure

Description: This Standard establishes procedures for acquisition, data security, privacy, access, storage, management, retention and disposal of all end user devices and services. ICT systems and services should support data exchange, portability and interoperability.

End user devices include personal computers, consumer devices, or removable storage media that can collect, process, or store information.

Areas Covered:

   a.   End-user device security

   b.   Equipment acquisition

  c.    Equipment maintenance

  d.   Equipment disposal

Effective Date: 01 February 2020


End-User Computing Devices Standards

Systems & Applications Standard

Standard: Systems & Applications Standard, ICTA-6.002:2019

Thematic Area: Systems & Applications


The Standard establishes a common framework for software life cycle processes, with well-defined terminology that can be referenced by the MCDAs.

The document applies to the acquisition, supply, development, operation, maintenance, and disposal (whether performed internally or externally to the MCDA) of software systems, products and services, and the software portion of any system, Software includes the software portion of firmware.

 Areas Covered

   1. Architectural Model for E-Government Applications

    2. Software Acquisition, Maintenance and Disposal

    3. Messaging and Collaboration

    4. Website Development Management

    5. Interoperability

    6. Integration

    7. Licensing

    8. Governing of systems

Effective Date: 01 February 2020


System and Application Standards

ICT Authority Technician

ICT Authority Technician

ICT Authority Technician

ICT Authority Graduate

ICT Authority Graduate

ICT Authority Graduate

ICT Authority Practitioner

ICT Authority Practitioner

ICT Authority Practitioner

ICT Authority Professional

ICT Authority Professional

ICT Authority Professional

ICT Networks Standard

Standard: ICT Networks Standard, ICTA-2.002:2019

Thematic Area: Infrastructure

Description: This Standard establishes specifications for planning, design, implementation, utilization and management of network infrastructure that interconnects and provides internal connectivity in Ministries, Counties and Agencies (MCAs) for both single-tenant and multi-tenant buildings.

Areas Covered: 

    i. Telecommunication and Equipment path ways and spaces

   ii. Structured Cabling

   iii. Wireless Network Connectivity

   iv. Fixed telephony service

   v. Routing and Switching

   vi. Network design, configuration, documentation and commissioning

   vii. Internet

   viii.  Network monitoring and management

   ix. Preventive maintenance

   x. Network security

Effective Date: 01 February 2020


ICT Networks Standard

Government Enterprise Architecture

Standard: Government Enterprise Architecture, ICTA 1:001:2019
Description: This ICTA Guide defines the Government-wide Enterprise Architecture principles and provides guidelines on how to implement the Government Enterprise Architecture GEA) Framework in Ministries, Counties and Agencies. The GEA builds a blueprint for improving management of Government programmes by aligning Government’s business processes, information flows, and technology consistently across and throughout the Government.

Areas Covered:

Compliance, review and exceptions: MCA enterprise architecture, and Key artifacts

GEA Principles: GEA foundation principles, Enterprise Architecture Principles (EAP), Information/data architecture principles, Application Architecture Principles (AAP), Technology Architecture Principles (TAP), Security Architecture Principles (SAP), Integration architect principles

Date of Operationalisation: 01 October 2016


Government Enterprise Architecture

Document Search

customer service