The Department of Commerce is extending from Dec. 27 to Jan. 11 the deadline for public input on a proposal to amend the interim final rule on securing the information and communications technology and services supply chain to provide for additional criteria that the DOC may consider when determining whether ICTS transactions that involve connected software applications present an undue or unacceptable risk.
Executive Order 14034 lists the following as potential risk indicators related to connected software applications:
- ownership, control, or management by persons that support a foreign adversary’s military, intelligence, or proliferation activities
- use of the connected software application to conduct surveillance that enables espionage, including through a foreign adversary’s access to sensitive or confidential government or business information, or sensitive personal data
- ownership, control, or management of connected software applications by persons subject to coercion or cooption by a foreign adversary
- ownership, control, or management of connected software applications by persons involved in malicious cyber activities
- a lack of thorough and reliable third-party auditing of connected software applications
- the scope and sensitivity of the data collected
- the number and sensitivity of the users of the connected software application
- the extent to which identified risks have been or can be addressed by independently verifiable measures
Input may be submitted on the adoption of these potential risk indicators as criteria to be considered by the DOC when assessing whether an ICTS transaction involving connected software applications poses an undue or unacceptable risk. Commenters may also address whether additional criteria should be considered, as well as whether the criteria under consideration should be applied to all ICTS transaction reviews or just those that involve connected software applications.
For more information, please contact Kristine Pirnia.
Copyright © 2024 Sandler, Travis & Rosenberg, P.A.; WorldTrade Interactive, Inc. All rights reserved.