Current through 2024 Regular Session legislation
Section 276A.342 - State agencies prohibited from using covered products; risk mitigation; exceptions(1) A covered product may not be:(a) Installed or downloaded onto a state information technology asset; or(b) Used or accessed by a state information technology asset.(2) A state agency shall:(a) Remove any covered product that is installed or downloaded onto a state information technology asset that is under the management or control of the state agency; and(b) Implement all measures necessary to prevent the:(A) Installation or download of a covered product onto a state information technology asset that is under the management or control of the state agency; or(B) Use or access of a covered product by a state information technology asset that is under the management or control of the state agency.(3)(a) Notwithstanding subsections (1) and (2) of this section, a state agency may, for investigatory, regulatory or law enforcement purposes, permit the: (A) Installation or download of a covered product onto a state information technology asset; or(B) Use or access of a covered product by a state information technology asset.(b) A state agency that permits the installation, download, use or access of a covered product under this subsection shall adopt risk mitigation standards and procedures related to the installation, download, use or access of the covered product.(4) The State Chief Information Officer shall coordinate with and oversee state agencies to implement the provisions of this section in accordance with the policies and standards adopted under ORS 276A.344 (3).Added by 2023 Ch. 256, § 2