Quiero saber acerca de...

khammond on DSKJM1Z7X2PROD with RULES

4924

Federal Register / Vol. 86, No. 11 / Tuesday, January 19, 2021 / Rules and Regulations
by a foreign adversary; any person, wherever located, who is a citizen or resident of a nation-state controlled by a foreign adversary; any corporation, partnership, association, or other organization organized under the laws of a nation-state controlled by a foreign adversary; and any corporation, partnership, association, or other organization, wherever organized or doing business, that is owned or controlled by a foreign adversary.
Secretary means the Secretary of Commerce or the Secretarys designee.
Sensitive personal data means:
1 Personally-identifiable information, including:
i Financial data that could be used to analyze or determine an individuals financial distress or hardship;
ii The set of data in a consumer report, as defined under 15 U.S.C.
1681a, unless such data is obtained from a consumer reporting agency for one or more purposes identified in 15 U.S.C.
1681ba;
iii The set of data in an application for health insurance, long-term care insurance, professional liability insurance, mortgage insurance, or life insurance;
iv Data relating to the physical, mental, or psychological health condition of an individual;
v Non-public electronic communications, including email, messaging, or chat communications, between or among users of a U.S.
businesss products or services if a primary purpose of such product or service is to facilitate third-party user communications;
vi Geolocation data collected using positioning systems, cell phone towers, or WiFi access points such as via a mobile application, vehicle GPS, other onboard mapping tool, or wearable electronic device;
vii Biometric enrollment data including facial, voice, retina/iris, and palm/fingerprint templates;
viii Data stored and processed for generating a Federal, State, Tribal, Territorial, or other government identification card;
ix Data concerning U.S. Government personnel security clearance status; or x The set of data in an application for a U.S. Government personnel security clearance or an application for employment in a position of public trust; or 2 Genetic information, which includes the results of an individuals genetic tests, including any related genetic sequencing data, whenever such results, in isolation or in combination with previously released or publicly available data, constitute identifiable
VerDate Sep<11>2014

16:33 Jan 17, 2021

Jkt 253001

data. Such results shall not include data derived from databases maintained by the U.S. Government and routinely provided to private parties for purposes of research. For purposes of this paragraph, genetic test shall have the meaning provided in 42 U.S.C. 300gg 91d17.
Undue or unacceptable risk means those risks identified in Section 1aii of the Executive Order.
United States person means any United States citizen; any permanent resident alien; or any entity organized under the laws of the United States or any jurisdiction within the United States including such entitys foreign branches.
7.3

Scope of Covered ICTS Transactions.

a This part applies only to an ICTS
Transaction that:
1 Is conducted by any person subject to the jurisdiction of the United States or involves property subject to the jurisdiction of the United States;
2 Involves any property in which any foreign country or a national thereof has an interest including through an interest in a contract for the provision of the technology or service;
3 Is initiated, pending, or completed on or after January 19, 2021, regardless of when any contract applicable to the transaction is entered into, dated, or signed or when any license, permit, or authorization applicable to such transaction was granted. Any act or service with respect to an ICTS
Transaction, such as execution of any provision of a managed services contract, installation of software updates, or the conducting of repairs, that occurs on or after January 19, 2021
may be deemed an ICTS Transaction within the scope of this part, even if the contract was initially entered into, or the activity commenced, prior to January 19, 2021; and 4 Involves one of the following ICTS:
i ICTS that will be used by a party to a transaction in a sector designated as critical infrastructure by Presidential Policy Directive 21Critical Infrastructure Security and Resilience, including any subsectors or subsequently designated sectors;
ii Software, hardware, or any other product or service integral to:
A Wireless local area networks, including:
1 Distributed antenna systems; and 2 Small-cell or micro-cell base stations;
B Mobile networks, including:
1 eNodeB based stations;
2 gNodeB or 5G new radio base stations;

PO 00000

Frm 00048

Fmt 4700

Sfmt 4700

3 NodeB base stations;
4 Home location register databases;
5 Home subscriber servers;
6 Mobile switching centers;
7 Session border controllers; and 8 Operation support systems;
C Satellite payloads, including:
1 Satellite telecommunications systems;
2 Satellite remote sensing systems;
and 3 Satellite position, navigation, and timing systems;
D Satellite operations and control, including:
1 Telemetry, tracking, and control systems;
2 Satellite control centers;
3 Satellite network operations;
4 Multi-terminal ground stations;
and 5 Satellite uplink centers;
E Cable access points, including:
1 Core routers;
2 Core networks; and 3 Core switches;
F Wireline access points, including:
1 Access infrastructure datalinks;
and 2 Access infrastructure digital loops;
G Core networking systems, including:
1 Core infrastructure synchronous optical networks and synchronous digital hierarchy systems;
2 Core infrastructure dense wavelength division multiplexing or optical transport network systems;
3 Core infrastructure internet protocol and internet routing systems;
4 Core infrastructure content delivery network systems;
5 Core infrastructure internet protocol and multiprotocol label switching systems;
6 Data center multiprotocol label switching routers; and 7 Metropolitan multiprotocol label switching routers; or H Longand short-haul networks, including:
1 Fiber optical cables; and 2 Repeaters;
iii Software, hardware, or any other product or service integral to data hosting or computing services, to include software-defined services such as virtual private servers, that uses, processes, or retains, or is expected to use, process, or retain, sensitive personal data on greater than one million U.S. persons at any point over the twelve 12 months preceding an ICTS Transaction, including:
A Internet hosting services;
B Cloud-based or distributed computing and data storage;
C Managed services; and D Content delivery services;

E:FRFM19JAR1.SGM

19JAR1