Oregon Statutes 276A.323 – State agency coordination
(1) As used in this section:
Terms Used In Oregon Statutes 276A.323
- executive department: means all statewide elected officers other than judges, and all boards, commissions, departments, divisions and other entities, without regard to the designation given to those entities, that are within the executive branch of government as described in Article III, section 1, of the Oregon Constitution, and that are not:
(a) In the judicial department or the legislative department;
(b) Local governments; or
(c) Special government bodies. See Oregon Statutes 174.112
(a) ‘Executive department’ has the meaning given that term in ORS § 174.112, except that ‘executive department’ does not include:
(A) The Secretary of State.
(B) The State Treasurer.
(C) The Attorney General.
(D) The Oregon State Lottery.
(E) Public universities listed in ORS § 352.002.
(b) ‘State agency’ means an agency, as defined in ORS § 183.310, in the executive department.
(2) All state agencies shall:
(a) Cooperate with the office of Enterprise Information Services in the implementation of a continuing statewide agency-by-agency risk-based information technology security assessment and remediation program.
(b) Cooperate in the development of, and follow, the plans, rules, policies and standards adopted by the State Chief Information Officer with regard to the unification of agency information technology security functions in this state.
(c) Conduct and document the completion of annual information technology security awareness training for all agency employees.
(d) Report security metrics using methodologies developed by the office of Enterprise Information Services.
(e) Participate in activities coordinated by the office of Enterprise Information Services in order to better understand and address security incidents and critical cybersecurity threats to the state.
(3) The State Chief Information Officer shall determine and allocate the costs to state agencies associated with providing information technology services, third-party security evaluations, vulnerability assessments and remediation measures. State agencies shall pay the costs to the State Chief Information Officer in the same manner as the state agency pays other claims. The State Chief Information Officer shall deposit into the State Information Technology Operating Fund established under ORS § 276A.209 all moneys that the State Chief Information Officer receives from state agencies for purposes of providing information technology services and administering and enforcing the duties, functions and powers under this section. [2017 c.513 § 2; 2021 c.17 § 3]
[2017 c.513 § 3; 2021 c.17 § 4; 2021 c.539 § 29; repealed by 2023 c.489 § 2 (276A.560 enacted in lieu of 276A.326)]
[2017 c.513 § 4; repealed by 2023 c.489 § 6 (276A.555 enacted in lieu of 276A.329)]