Hello Chris
Yes, it would be correct to state that simple ACLs on Cisco IOS devices are not stateful. However, there are various degrees of “statefullness” if you allow the expression. You can use simple access lists with the “established” keyword to add a degree of statefulness as this filters TCP packets based on whether the ACK or RST bits are set. This will indicate if the packet is not the first in the session, and therefore, that the packet belongs to an established session. Reflexive ACLs provide a more advanced form of session filtering which can be considered more stateful.
I hope this has been helpful!
Laz