Skip to main content

Purchasing

  1. UH Home
  2. Office of Finance
  3. Purchasing
  4. Procurement Planning
  5. prohibited

Procurement Planning

Prohibited Technologies

Prohibited Technology and Covered Applications


 In accordance with Texas Government Code and applicable federal telecommunications security regulations, the University of Houston prohibits the procurement and use of certain technologies, telecommunications equipment, video surveillance equipment, and software applications that pose cybersecurity and national security risks. These restrictions apply to purchases made with all fund types.

1.  Executive Order GA-48 – Hardening State Government

What It Is:
On November 19, 2024, Governor Greg Abbott issued Executive Order GA-48 – Hardening State Government, requiring Texas state agencies and public institutions of higher education to strengthen protections for critical infrastructure, systems, and sensitive information from foreign adversaries. The order directs agencies and universities to ensure that technologies and services used in state operations do not introduce cybersecurity vulnerabilities or national security risks.

Reference Link:
Executive Order GA-48 – Hardening State Government

https://gov.texas.gov/uploads/files/press/EO-GA-48_Hardening_State_Government_FINAL_11-19-2024.pdf

University of Houston Contact for GA-48 Inquiries:
Office of Compliance
Angelica M. Grado-Wright
amgradow@CougarNet.UH.EDU

2.  Chinese-Manufactured Medical Device Cybersecurity Directive
What It Is:
On March 9, 2026, Governor Greg Abbott issued a directive to Texas state agencies and public institutions of higher education addressing cybersecurity risks associated with certain Chinese-manufactured patient monitoring devices. Federal notices from the U.S. Food and Drug Administration (FDA) and the Cybersecurity and Infrastructure Security Agency (CISA) identified vulnerabilities that could allow unauthorized remote access, manipulation of device functions, or exposure of sensitive patient information.

Why It Matters:
State agencies and institutions must review and assess the use of such devices within their operations to ensure that critical systems and sensitive data are protected from potential foreign adversary cybersecurity threats.

Reference Link:
Chinese-Manufactured Patient Monitoring Devices – Governor Abbott Directive https://gov.texas.gov/uploads/files/press/Chinese_Manufactured_Patient_Monitoring_Devices.pdf

3.  FCC DA-25-1086 – Covered Telecommunications Equipment and Services
What It Is:
The Federal Communications Commission maintains a Covered List identifying telecommunications equipment and services that pose an unacceptable risk to U.S. national security. FCC DA-25-1086 Appendix A identifies equipment and services that are prohibited from procurement using federal funding or federal assistance programs.

Why It Matters:
Institutions receiving federal funds must ensure that covered telecommunications equipment, video surveillance equipment, or related services listed by the FCC are not procured, used, or supported in violation of federal regulations.


FCC DA-25-1086 Appendix A – Covered Telecommunications Equipment and Services https://docs.fcc.gov/public/attachments/DA-25-1086A1.pdf

Compliance Requirement
 Departments must consult with the Purchasing Department prior to acquiring telecommunications equipment, video surveillance systems, software applications, or related covered technology to ensure compliance with state and federal requirements. Purchases made without proper compliance review may be denied or deemed ineligible for funding.