The following words and terms, when used in this chapter, shall have the following meanings, unless the context clearly indicates otherwise.
- (1) Computer Equipment--A desktop or notebook computer and includes a computer monitor or other display device that does not contain a tuner.
- (2) Department--The Department of Information Resources.
- (3) Independent Certification Testing--A formal, documented, and repeatable process of testing performed by an Independent Testing Laboratory. The testing may result in a written declaration that certifies the system tested conforms and complies with a set of industry-recognized standards, or present a rating related to variable compliance. Independent certification testing for vulnerabilities may not identify vulnerabilities that are not known or relevant at the time of testing.
- (4) Independent Testing Laboratory--A testing facility, recognized or accredited by an industry organization or government entity, that provides testing, evaluation and certification services to manufacturers.
(5) Manufacturer--A person:
(A) who manufactures or manufactured computer equipment or network hardware under a brand that:
- (i) the person owns or owned; or
- (ii) the person is or was licensed to use, other than under a license to manufacture Computer Equipment or network hardware for delivery exclusively to or at the order of the licensor;
(B) who sells or sold Computer Equipment or network hardware manufactured by others under a brand that:
- (i) the person owns or owned; or
- (ii) the person is or was licensed to use, other than under a license to manufacture Computer Equipment or network hardware for delivery exclusively to or at the order of the licensor;
- (C) who manufactures or manufactured Computer Equipment or network hardware without affixing a brand;
(D) who manufactures or manufactured Computer Equipment or network hardware to which the person affixes or affixed a brand that:
- (i) the person does not or has not owned; or
- (ii) the person is not or was not licensed to use; or
- (E) who imports or imported computer equipment or network hardware manufactured outside the United States into the United States unless at the time of importation the company or licensee that sells or sold the Computer Equipment or network hardware to the importer has or had assets or a presence in the United States sufficient to be considered the Manufacturer.
(6) Network Hardware--Equipment that facilitates the use of a computer network, such as network computer appliances, firewalls, hubs, gateways, routers and switches. This definition excludes:
- (A) Desktop equipment and incidental items, such as cables, internal components, mobile devices, peripherals, printers, removable media, or workstations.
- (B) Data center physical requirements, environmental equipment and management tools, including, but not limited to, raised floor, equipment cabling, electrical power, HVAC, physical security, UPS, generators, interfaces to state-provided data network and other related environmental equipment.
- (C) Electronic and information resources equipment that contains embedded software that is used as an integral part of the product, but the principal function of which is not the acquisition, storage, manipulation, management, movement, control, display, switching, interchange, transmission, or reception of information, including thermostats or temperature control devices or other heating, ventilation, and air conditioning equipment.
- (7) Network Software--All non-application or embedded software intended to run on Network hardware in a networked environment, including, but not limited to, operating systems, storage management, online transaction management, database management, utilities, communications management, security management, systems management, and other related software. This definition excludes computer programs used by individual users on desktop or portable equipment, such as mobile devices, peripherals, laptops or workstations.
- (8) Standard--An established norm or requirement, usually formally documented and publicly available, that establishes uniform engineering or technical criteria, such as, but not limited to, measurements, metrics, methods, processes, and practices. A standard may be developed privately or unilaterally by groups, such as, but not limited to, corporations, regulatory bodies, governments, or trade associations.
- (9) Vulnerability--Any weakness in a system that may be exploited in order to negatively impact the confidentiality, availability, or integrity of information resources or information resources technologies.
Source Note:The provisions of this §217.1 adopted to be effective June 10, 2009, 34 TexReg 3511; amended to be effective June 9, 2010, 35 TexReg 4655.