Oklahoma

In plain terms. Oklahoma consolidates state IT under OMES and protects personal data by statute, with strong vendor and supply-chain security standards.

Who it applies to. State agencies and their IT vendors. Oklahoma references NIST/FIPS. The state participates in StateRAMP, its baseline for vetting cloud-service security.

What it requires. State law includes the Information Technology Consolidation and Coordination Act, sets the State Purchasing Director's powers, and requires disclosure of security breaches involving personal computer data.

Why it matters. Vendors selling IT to Oklahoma must meet the state's contractor and supply-chain security standards and breach-disclosure duties.

Citation. Okla. Stat. tit. 62, §§ 34 and 35 (Information Technology Consolidation and Coordination Act); tit. 74, §§ 85.5 (State Purchasing Director) and 3113.1 (Disclosure of Security Breach). References NIST/FIPS.

In plain terms. Oklahoma sets explicit IT-contractor and third-party security standards through OMES Information Security.

Who it applies to. IT contractors and third parties serving the state.

What it requires. OMES Information Security standards establish IT-contractor requirements, supply-chain security, and third-party cybersecurity management — a clear set of obligations for vendors.

Why it matters. Expect Oklahoma to hold you to its IT-contractor, supply-chain, and third-party cybersecurity standards.

Citation. OMES Information Security standards: IT Contractor Requirements Standard; Supply Chain Security Standard; Third-Party Cybersecurity Management Standard.