🔒New Cybersecurity Requirements for Restricted Transactions Announced
Notice of Availability of Security Requirements for Restricted Transactions Under Executive Order 14117
Summary
CISA is announcing publication of finalized security requirements for restricted transactions pursuant to Executive Order (E.O.) 14117, "Preventing Access to Americans' Bulk Sensitive Personal Data and United States Government-Related Data by Countries of Concern." In October 2024, CISA published proposed security requirements for restricted transactions which would apply to classes of restricted transactions identified in regulations issued by the Department of Justice (DOJ). CISA solicited comment on those proposed security requirements and considered that public feedback when developing the final security requirements. This notice also provides CISA's responses to the public comments received.
Agencies
- Homeland Security Department
Business Impact
$$ - Med
The finalized security requirements for restricted transactions impose compliance obligations on U.S. businesses regarding cybersecurity practices to protect sensitive personal data from foreign access. This will likely require significant investment in cybersecurity infrastructure and management to mitigate risks, particularly for industries handling bulk sensitive data.