- (1) The State Chief Information Officer has responsibility for and authority over executive department information systems security in accordance with ORS 276A.300, including responsibility for taking all measures that are reasonably necessary to protect the availability, integrity or confidentiality of information systems or the information stored in information systems.
- (2) The primary purpose of these rules is to establish the criteria and processes by which the State Chief Information Officer will determine when a corporate entity poses a national security threat, and when a corporate entity no longer poses a national security threat. These rules define “national security threat” and “artificial intelligence” for purposes of protecting state information technology assets.
Statutory/Other Authority
ORS 276A.300
Statutes/Other Implemented
ORS 276A.340-276A.344 & Or Laws 2025, ch 396 (HB 3936)
History
OSCIO 1-2025, amend filed 12/04/2025, effective 01/01/2026
OSCIO 1-2024, adopt filed 01/29/2024, effective 02/01/2024