Notice
The Maine Office of Information Technology (OIT) regularly determines cybersecurity risks to the State associated with certain technologies and follows guidance from federal Directives to preserve the safety and security of the State’s information systems and critical infrastructure from potential threats. In accordance with Public Law 2023, Chapter 681, An Act to Increase Cybersecurity in Maine, and OIT Cybersecurity Directive 2024-02, OIT has developed the list below of prohibited technologies, including foreign adversary business entities, identified by federal statute, regulation or official guidance from relevant federal agencies as posing a national security risk or a risk to the security and safety of persons of the United States. With certain exceptions, state agencies, local governmental entities, the judicial branch and the legislative branch are prohibited from contracting with a company or using, obtaining or purchasing information and communications technology and services included on the lists. Certain limited exceptions apply for law enforcement investigations and other legitimate uses. Any waivers must be approved by the Chief Information Officer, or the respective designee within the legislative and judicial branches.
This list is not exhaustive and follows current guidance from the relevant federal statutes, regulations and directives. The contents of this Directive are in addition to OIT's policies, procedures, directives and guidelines and associated procurement requirements established by the Office of State Procurement Services. The absence of any technology from this list does not constitute approval from Office of Information Technology to use the technology. This list is effective August 9, 2024, and will be updated on an annual basis thereafter with any inconsistencies with relevant federal guidance addressed at that time.
Prohibited Technologies List*
- Dahua Technology Company
- Huawei Technologies Company
- Hangzhou Hikvision Digital Technology Company
- Hytera Communications Corporation
- SZ DJI Technology Company
- ZTE Corporation
- China Mobile International USA Inc.
- China Telecom (Americas) Corp.
- Pacific Networks Corp and its wholly-owned subsidiary ComNet (USA) LLC
- China Unicom (Americas) Operations Limited
- AO Kaspersky Lab
- Kaspersky Lab, Inc.
- TikTok, or any successor application or service developed or provided by ByteDance Limited, or an entity owned by ByteDance Limited
*This list should be read to include the subsidiaries and affiliates of such entities listed above.
In addition, the Federal Government has identified foreign adversaries under 15 C.F.R § 791.4 (see United States Code of Federal Regulations, Title 15, Part 791.4, Determination of Foreign Adversaries to include: (1) The People’s Republic of China, including the Hong Kong Special Administrative Region (China); (2) Republic of Cuba (Cuba); (3) Islamic Republic of Iran (Iran); (4) Democratic People’s Republic of Korea (North Korea); (5) Russian Federation (Russia); and (6) Venezuelan politician Nicola´s Maduro (Maduro Regime). Maine law (Public Law 2023, Chapter 681) defines "foreign adversary business entity" as any type of organization, entity or enterprise engaged in commerce, whether operated for profit, that is organized under the laws or rules of a foreign adversary, directly or indirectly owned or controlled by a foreign adversary or domiciled within the geographic borders of a foreign adversary. Beginning August 9, 2024, the State is prohibited from entering into any contracts with a foreign adversary business entity.
Additional Federal Resources:
- Federal Communications Commission List of Equipment and Services Covered by Section 2 of The Secure Networks Act, see https://www.fcc.gov/supplychain/coveredlist
- Section 889 of the John S. McCain National Defense Authorization Act (NDAA) for Fiscal Year (FY) 2019 regarding the prohibition on the purchase or use of certain covered telecommunications or video surveillance equipment, systems, or services, see https://www.acquisition.gov/Section-889-Policies
Please direct any questions on these lists to Nathan Willigar, Chief Information Security Officer, for the State of Maine at Nathan.Willigar@maine.gov.