Covered Vendor List
Oregon Administrative Rules
Oregon Administrative Rules
(1) The State Chief Information Officer shall establish a list of covered vendors on its publicly accessible website, inclusive of information sufficient to identify covered products, and the date that each covered vendor was designated as a national security threat. The State Chief Information Officer shall maintain and update this list in accordance with the policies and procedures adopted pursuant to OAR 128-020-0025, Designation Process. (2) Subject to allowable investigatory, regulatory, or law enforcement exceptions, and all applicable policies and procedures, no covered products of a corporate entity listed as a covered vendor on the list maintained by the State Chief Information Officer under this Division 20 may be installed or downloaded onto a state information technology asset that is under the management or control of a state agency, or used or accessed by a state information technology asset. Statutory/Other Authority: ORS 276A.300 Statutes/Other Implemented: Or Laws 2023, ch 256 (HB 3127) History: OSCIO 1-2024, adopt filed 01/29/2024, effective 02/01/2024
Ask CiteLaw's AI Navigator anything about this regulation, verify citations, and research related authorities. Sign up for CiteLaw free today to get started.