Oregon Administrative Rules
Chapter 128 - DEPARTMENT OF ADMINISTRATIVE SERVICES, OFFICE OF THE STATE CHIEF INFORMATION OFFICER
Division 20 - STATE INFORMATION TECHNOLOGY ASSET PROTECTION - COVERED VENDORS
Section 128-020-0025 - Designation Process
Current through Register Vol. 63, No. 9, September 1, 2024
(1) Enterprise Information Services shall adopt and implement a policy and procedure that establishes the schedule for review of corporate entities associated with hardware, software, and services against the criteria in OAR 128-020-0020, and under which Enterprise Information Services will update its covered vendor list to reflect designations made pursuant to the Secure and Trusted Communications Networks Act of 2019, 47 USC 1601, et seq, including as amended. If review or other update identifies that a corporate entity is or may be a national security threat, the State Chief Information Officer will determine if the corporate entity should be designated as a covered vendor.
(2) The determination of the State Chief Information Officer will be reflected in an update of the covered vendor list on the publicly accessible Enterprise Information Services website.
Statutory/Other Authority: ORS 276A.300
Statutes/Other Implemented: Or Laws 2023, ch 256 (HB 3127)