Current through 2024 Regular Session legislation
Section 276A.344 - Policies and standards; national security threat; rules(1) The State Chief Information Officer shall adopt:(a) Rules pertaining to the designation of a corporate entity as a covered vendor under ORS 276A.340 (2)(g); and(b) Policies and standards for state agencies to implement the provisions of ORS 276A.342.(2) The rules adopted under this section must include:(a) The definition of "national security threat" for purposes of protecting state information technology assets;(b) Criteria and a process for determining when a corporate entity poses a national security threat; and(c) Criteria and a process for determining when a corporate entity no longer poses a national security threat.(3) The policies and standards adopted under this section must include: (a) The procedures for providing state agencies, the Secretary of State and the State Treasurer notice that a corporate entity is designated or no longer designated a covered vendor under ORS 276A.340 (2)(g);(b) The time schedules for implementing the requirements under ORS 276A.342 with regard to a corporate entity that is designated a covered vendor by the State Chief Information Officer; and(c) The time schedules for incorporating the requirements under ORS 276A.342 into a state agency's information security plans, standards or measures.Added by 2023 Ch. 256, § 3