Section 125.183 | Applications prohibited on state networks and devices.

(A) As used in this section:

(1) "Covered application" means any application owned or controlled, directly or indirectly, by an entity identified as a foreign adversary as defined in 15 C.F.R. 791.2.

(2) "State agency" means every organized body, office, or agency established by the laws of this state for the exercise of any function of state government, other than any state-supported institution of higher education, the courts, or any judicial agency. "State agency" includes the general assembly, any legislative agency, and the capitol square review and advisory board.

(B) Subject to division (C) of this section, the state chief information officer shall do all of the following:

(1) Require state agencies immediately to remove any covered application from all equipment they own or lease;

(2) Prohibit all of the following on equipment owned or leased by a state agency:

(a) The downloading, installation, or use of a covered application;

(b) The downloading, installation, or use of a covered application using an internet connection provided by a state agency;

(c) The downloading, installation, or use of a covered application by any officer, employee, or contractor of a state agency.

(3) Require state agencies to take measures to prevent the downloading, installation, or use of a covered application as described in division (B)(2) of this section.

(C) Division (B) of this section shall include exceptions to allow a qualified person to download, install, or use a covered application for law enforcement or security purposes, so long as the person takes appropriate measures to mitigate the security risks involved in doing so.