(a) "Executive department" has the meaning given that term in ORS 174.112, except that "executive department" does not include:
(A) The Secretary of State.
(B) The State Treasurer.
(C) The Attorney General.
(D) The Oregon State Lottery.
(E) Public universities listed in ORS 352.002.
(b) "State agency" means an agency, as defined in ORS 183.310, in the executive department.
(2) All state agencies shall:
(a) Cooperate with the office of Enterprise Information Services in the implementation of a continuing statewide agency-by-agency risk-based information technology security assessment and remediation program.
(b) Cooperate in the development of, and follow, the plans, rules, policies and standards adopted by the State Chief Information Officer with regard to the unification of agency information technology security functions in this state.
(c) Conduct and document the completion of annual information technology security awareness training for all agency employees.
(d) Report security metrics using methodologies developed by the office of Enterprise Information Services.
(e) Participate in activities coordinated by the office of Enterprise Information Services in order to better understand and address security incidents and critical cybersecurity threats to the state.
(3) The State Chief Information Officer shall determine and allocate the costs to state agencies associated with providing information technology services, third-party security evaluations, vulnerability assessments and remediation measures. State agencies shall pay the costs to the State Chief Information Officer in the same manner as the state agency pays other claims. The State Chief Information Officer shall deposit into the State Information Technology Operating Fund established under ORS 276A.209 all moneys that the State Chief Information Officer receives from state agencies for purposes of providing information technology services and administering and enforcing the duties, functions and powers under this section. [2017 c.513 §2; 2021 c.17 §3]
Structure 2021 Oregon Revised Statutes
Volume : 07 - Public Facilities and Finance
Chapter 276A - Information Technology
Section 276A.200 - Legislative findings on information resources.
Section 276A.209 - State Information Technology Operating Fund.
Section 276A.230 - Definitions.
Section 276A.253 - Oregon transparency website.
Section 276A.256 - Reports of tax expenditures connected to economic development.
Section 276A.259 - Transparency Oregon Advisory Commission; members; duties; terms; reports.
Section 276A.262 - Transparency Oregon Advisory Commission Fund.
Section 276A.270 - Definitions.
Section 276A.273 - Electronic Government Portal Advisory Board.
Section 276A.276 - Ability to offer government services through portal; portal provider fee; rules.
Section 276A.300 - Information systems security in executive department; rules.
Section 276A.306 - Information security incidents and assessments; reports.
Section 276A.323 - State agency coordination.
Section 276A.326 - Oregon Cybersecurity Advisory Council.
Section 276A.329 - Oregon Cybersecurity Center of Excellence.
Section 276A.332 - Authority of State Chief Information Officer to enter into agreements.
Section 276A.335 - Moneys from federal government and other sources.
Section 276A.350 - Definitions.
Section 276A.353 - Chief Data Officer; duties; rules.
Section 276A.356 - Open data standard.
Section 276A.359 - Technical standards manual.
Section 276A.362 - Release of publishable data on web portal; exemptions; rules.
Section 276A.365 - Information management by state agencies.
Section 276A.368 - Purpose of data; limitation of liability; publishable data in public domain.
Section 276A.403 - Coordination of telecommunications systems.
Section 276A.406 - Acquisition of broadband and communications services.
Section 276A.424 - Connecting Oregon Schools Fund; rules.
Section 276A.500 - Definitions.
Section 276A.506 - Powers of council; advisory committees.
Section 276A.512 - Oregon Geographic Information Council Fund; records and reports.
Section 276A.515 - State geographic information officer; qualifications; duties.