Today, almost all organizations around the world are using Information Communication Technology (]CT) in their daily business. An ICT policy safeguards Confidentiality, Integrity and Availability (CIA) oflnformation Systems and ensures business continuity. This study sought to assess the level of compliance by Universities to their JCT security policies by assessing the three pillars of IT security: the CIA. Literature review on Confidentiality, Integrity and Availability ofinformation Systems as well as international standards and regulations such as HIP AA, FERP A, SOX and ISO 270003 that touch on CIA was carried • out. A cross-sectional survey study design incorporated self¬administered quantitative and qualitative research that was carried out in eight campuses within Kisumu and Siaya Counties. The survey was conducted on universities that gave authorization of the survey to go on. Stratified sampling method was used to arrive at the right population of respondents in the universities. The study targeted ten campuses within the two counties but only eight authorized the study. The findings of this study reveals that overall compliance ratings in the three key pillars ofJT security were below 50% on compliance ratings with confidentiality at 33.9%, integrity at 30% and availability at 36%. This study contributes to policy, practice and theory at county and individual level in two ways. Firstly it came up with empirical data on state of compliance to JCT policies in universities and secondly it will provide the government and the institutions' management with an objective profile of issues and a proactive approach that can solve the issues in cost effective manner.