State agencies are prohibited from purchasing any products that, due to cybersecurity risks, are prohibited for purchase by federal agencies pursuant to a United States Department of Homeland Security Binding Operational Directive. However, a State agency or public institution of higher education may purchase those offerings that are included in the Authorized Product List maintained by StateRAMP and that have been verified by StateRAMP as having an authorized security status.
30 ILCS 500/25-90