CISA: Proposed Security Requirements for Restricted Transactions Pursuant to Exec. Order 14117

Following up on President Biden’s recent executive order and the Justice Department’s notice of proposed rulemaking, CISA has issued the following:

PROPOSED SECURITY REQUIREMENTS FOR RESTRICTED TRANSACTIONS

Pursuant to Exec. Order 14117, Preventing Access to Americans’ Bulk Sensitive Personal Data and
United States Government-Related Data by Countries of Concern

On February 28, 2024, President Biden signed Executive Order 14117, Preventing Access to Americans’ Bulk Sensitive Personal Data and U.S. Government-Related Data by Countries of Concern, to address national-security and foreign-policy
threats that arise when countries of concern and covered persons can access bulk U.S. sensitive personal data or government-related data that may be implicated by the categories of restricted transactions.

As directed by E.O. 14117, CISA has developed the following security requirements to apply to classes of restricted transactions identified in regulations issued by the Department of Justice (DOJ). See generally 28 C.F.R. part 202 (identifying classes of restricted transactions at 28 C.F.R. § 202.401).

Read their full publication at CISA  or below: