Definitions
In accordance with OAR 128-020, definitions are as follows:
Corporate entity: Any type of organization or legal entity other than an individual natural person, such as a corporation, partnership, limited liability company, or other organization, whether incorporated or unincorporated.
Agency leadership: State agency Chief Information Officers, and state agency directors for those state agencies without a Chief Information Officer.
Covered product: Any form of hardware, software or service provided by a covered vendor.
Covered vendor: Any of the following corporate entities, or any parent, subsidiary, affiliate, or successor entity of the following corporate entities:
- Entities defined in Oregon Laws Chapter 256 Section 1(2)/OAR 128-020;
- Any other corporate entity designated by the State Chief Information Officer as a covered vendor because it is a national security threat (see designations below); and
- Any corporate entity that has been prohibited or had its products or services prohibited from use by a federal agency pursuant to the Secure and Trusted Communications Networks Act of 2019, 47 USC 1601, et seq, including as amended. (Please see the federal covered list for more information)
National security threat: For purposes of protecting state information technology assets, a corporate entity that has been designated as a covered vendor because its covered product(s) pose(s) an unacceptable risk of harm to the operations of government, business entities, or the economy, or an unacceptable risk of harm to the rights and privacy of individuals, because of its engagement in a pattern or serious instance(s) of conduct significantly adverse to the security of federal or state infrastructure, government operations or systems, public and private institutions, law enforcement or military intelligence, individuals’ personal information, or other sensitive or protected information.
State agency: Any board, commission, department, division, office, or other entity of state government, as defined in ORS 174.111, except that state government does not include the Secretary of State or State Treasurer.
State information technology asset: Any form of hardware, software or service for data processing, office automation, or telecommunications that is used directly by a state agency or used to a significant extent by a contractor in the performance of a contract with a state agency.