Identifies certain covered vendors. Directs State Chief Information Officer to adopt rules pertaining to designation of corporate entity as additional covered vendor for purposes of protecting state information technology assets. Prohibits installation or download of certain] covered products onto state information technology assets. Prohibits use or access of certain] covered products by state information technology assets. Requires state agencies to remove covered products from state information technology assets and implement all measures necessary to prevent installation or download of certain] covered products onto state information technology assets and use or access of certain] covered products by state information technology assets. Permits state agency to permit download, installation, use or access of covered product for purpose of carrying out law enforcement activities] investigatory, regulatory or law enforcement purposes. Requires state agency that permits download, installation, use or access of covered product to adopt risk mitigation standards and procedures. Requires Secretary of State and State Treasurer to prohibit covered products of certain covered vendors from being installed or downloaded onto, or used or accessed by, state information technology assets, remove covered products installed or downloaded onto state information technology assets and implement all measures necessary to prevent installation or download of covered products onto, and use or access of covered products by, state information technology assets. Permits Secretary of State or State Treasurer to permit download, installation, use or access of covered product for investigatory, regulatory or law enforcement purposes if Secretary of State or State Treasurer adopts risk mitigation standards and procedures. Takes effect on 91st day following adjournment sine die.