ORS § 276A.344

Current through 2024 Regular Session legislation
Section 276A.344 - Policies and standards; national security threat; rules
(1) The State Chief Information Officer shall adopt:
(a) Rules pertaining to the designation of a corporate entity as a covered vendor under ORS 276A.340 (2)(g); and
(b) Policies and standards for state agencies to implement the provisions of ORS 276A.342.
(2) The rules adopted under this section must include:
(a) The definition of "national security threat" for purposes of protecting state information technology assets;
(b) Criteria and a process for determining when a corporate entity poses a national security threat; and
(c) Criteria and a process for determining when a corporate entity no longer poses a national security threat.
(3) The policies and standards adopted under this section must include:
(a) The procedures for providing state agencies, the Secretary of State and the State Treasurer notice that a corporate entity is designated or no longer designated a covered vendor under ORS 276A.340 (2)(g);
(b) The time schedules for implementing the requirements under ORS 276A.342 with regard to a corporate entity that is designated a covered vendor by the State Chief Information Officer; and
(c) The time schedules for incorporating the requirements under ORS 276A.342 into a state agency's information security plans, standards or measures.

ORS 276A.344

Added by 2023 Ch. 256, § 3