Current through 2024 Regular Session legislation
Section 276A.348 - State Treasurer prohibited from using covered products; risk mitigation; exceptions(1) As used in this section:(a) "Covered product" means any form of hardware, software or service provided by a covered vendor.(b) "Covered vendor" means any of the following corporate entities, or any parent, subsidiary, affiliate or successor entity of the following corporate entities: (A) Ant Group Co., Limited.(C) Huawei Technologies Company Limited.(E) Tencent Holdings Limited.(c) "State information technology asset" means any form of hardware, software or service for data processing, office automation or telecommunications used directly by the office of the State Treasurer or used to a significant extent by a contractor in the performance of a contract with the office of the State Treasurer.(2) Except as provided in subsection (4) of this section, the State Treasurer shall: (a) Prohibit a covered product from being: (A) Installed or downloaded onto a state information technology asset; or(B) Used or accessed by a state information technology asset;(b) Remove any covered product that is installed or downloaded onto a state information technology asset; and(c) Implement all measures necessary to prevent the:(A) Installation or download of a covered product onto a state information technology asset; or(B) Use or access of a covered product by a state information technology asset.(3) For any corporate entity that the State Chief Information Officer designates as a covered vendor under ORS 276A.344, the State Treasurer may:(a) Prohibit a covered product from being:(A) Installed or downloaded onto a state information technology asset; or(B) Used or accessed by a state information technology asset;(b) Remove any covered product that is installed or downloaded onto a state information technology asset; and(c) Implement all measures necessary to prevent the:(A) Installation or download of a covered product onto a state information technology asset; or(B) Use or access of a covered product by a state information technology asset.(4) If the State Treasurer adopts risk mitigation standards and procedures related to the installation, download, use or access of a covered product, the State Treasurer may, for investigatory, regulatory or law enforcement purposes, permit the: (a) Installation or download of the covered product onto a state information technology asset; or(b) Use or access of the covered product by a state information technology asset.Added by 2023 Ch. 256, § 5