Or. Admin. Code § 128-020-0010 - Definitions

For the purposes of these Chapter 020 rules, the following definitions apply:

(1) "Corporate entity" means any type of organization or legal entity other than an individual natural person, such as a corporation, partnership, limited liability company, or other organization, whether incorporated or unincorporated.

(2) "Covered product" means any form of hardware, software or service provided by a covered vendor.

(3) "Covered vendor" means any of the following corporate entities, or any parent, subsidiary, affiliate, or successor entity of:

(a) The following corporate entities:

(A) Ant Group Co., Limited;

(B) ByteDance Limited;

(C) Huawei Technologies Company Limited;

(D) Kaspersky Lab;

(E) Tencent Holdings Limited; and

(F) ZTE Corporation.

(b) Any other corporate entity designated by the State Chief Information Officer as a covered vendor because it is a national security threat.

(c) Any corporate entity that has been prohibited or had its products or services prohibited from use by a federal agency pursuant to the Secure and Trusted Communications Networks Act of 2019, 47 USC 1601, et seq, including as amended.

(4) "National security threat" means, for purposes of protecting state information technology assets, a corporate entity that has been designated as a covered vendor because its covered product(s) pose(s) an unacceptable risk of harm to the operations of government, business entities, or the economy, or an unacceptable risk of harm to the rights and privacy of individuals, because of its engagement in a pattern or serious instance(s) of conduct significantly adverse to the security of federal or state infrastructure, government operations or systems, public and private institutions, law enforcement or military intelligence, individuals' personal information, or other sensitive or protected information.

(5) "State agency" means any board, commission, department, division, office, or other entity of state government, as defined in ORS 174.111, except that state government does not include the Secretary of State or State Treasurer.

(6) "State information technology asset" means any form of hardware, software or service for data processing, office automation, or telecommunications that is used directly by a state agency or used to a significant extent by a contractor in the performance of a contract with a state agency.

Notes

Or. Admin. Code § 128-020-0010

OSCIO 1-2024, adopt filed 01/29/2024, effective 2/1/2024

Statutory/Other Authority: ORS 276A.300

Statutes/Other Implemented: Or Laws 2023, ch 256 (HB 3127)