- (1) The State Chief Information Officer shall establish a list of covered vendors on its publicly accessible website, inclusive of information sufficient to identify covered products, and the date that each covered vendor was designated as a national security threat. The State Chief Information Officer shall maintain and update this list in accordance with the policies and procedures adopted pursuant to OAR 128-020-0025, Designation Process.
- (2) Subject to allowable investigatory, regulatory, or law enforcement exceptions, and all applicable policies and procedures, no covered products of a corporate entity listed as a covered vendor on the list maintained by the State Chief Information Officer under this Division 20 may be installed or downloaded onto a state information technology asset that is under the management or control of a state agency, or used or accessed by a state information technology asset.
Statutory/Other Authority
ORS 276A.300
Statutes/Other Implemented
Or Laws 2023, ch 256 (HB 3127)
History
OSCIO 1-2024, adopt filed 01/29/2024, effective 02/01/2024