Voglio sapere a riguardo di…

4916

Federal Register / Vol. 86, No. 11 / Tuesday, January 19, 2021 / Rules and Regulations
khammond on DSKJM1Z7X2PROD with RULES

of Homeland Security, the Secretary of Defense, or the Director of National Intelligence or their designee pursuant to recommendations of the Federal Acquisition Security Council, under 41
U.S.C. 1323; 3 relevant provisions of the Defense Federal Acquisition Regulation and the Federal Acquisition Regulation, and their respective supplements; 4 entities, hardware, software, and services that present vulnerabilities in the United States as determined by the Secretary of Homeland Security pursuant to section 5b of the Executive Order, Department of Homeland Security Cybersecurity and Infrastructure Security Agency, Information and Communications Technology Supply Chain Risk Management Task Force: Interim Report, September 18, 2019; 5 actual and potential threats to execution of a National Critical Function identified by the Department of Homeland Security Cybersecurity and Infrastructure Security Agency; 6 the nature, degree, and likelihood of consequence to the United States public and private sectors that could occur if ICTS vulnerabilities were to be exploited; and 7 any other source or information that the Secretary deems appropriate.
7.100dRisk Management The Department specifically requested comments on transactions that could present an undue or unacceptable risk, but where that risk could be reliably and adequately mitigated or prevented. Commenters suggested creating national security risk categories for transactions and providing assurance that the Secretary would impose the least intrusive measures to mitigate transactions in each category. Other commenters advocated creating risk categories or bands with different assessment approaches. The Department did not adopt these suggestions. ICTS
Transaction reviews are made on a caseby-case basis. Therefore, categorically labeling transactions with predetermined mitigation requirements would effectively counteract that individualized approach and may result in ICTS Transactions proceeding that otherwise should have been reviewed, and possibly prohibited or mitigated.
In determining whether an ICTS
Transaction poses an undue or unacceptable risk, the rule clarifies the risk factors the Secretary, in consultation with the appropriate agency heads, may consider.
Specifically, the Secretary may consider: 1 Threat assessments and reports prepared by the Director of
VerDate Sep<11>2014

16:33 Jan 17, 2021

Jkt 253001

National Intelligence pursuant to section 5a of the Executive Order; 2
removal or exclusion orders issued by the Secretary of Homeland Security, the Secretary of Defense, or the Director of National Intelligence or their designee pursuant to recommendations of the Federal Acquisition Security Council, under 41 U.S.C. 1323; 3 relevant provisions of the Defense Federal Acquisition Regulation and the Federal Acquisition Regulation, and their respective supplements; 4 entities, hardware, software, and services that present vulnerabilities in the United States as determined by the Secretary of Homeland Security pursuant to section 5b of the Executive Order, Department of Homeland Security Cybersecurity and Infrastructure Security Agency, Information and Communications Technology Supply Chain Risk Management Task Force: Interim Report, September 18, 2019; 5 actual and potential threats to execution of a National Critical Function identified by the Department of Homeland Security Cybersecurity and Infrastructure Security Agency; 6 the nature, degree, and likelihood of consequence to the United States public and private sectors that could occur if ICTS vulnerabilities were to be exploited; and 7 any other source or information that the Secretary deems appropriate.
7.101 Information To Be Furnished on Demand The proposed rule contemplated that individuals might be requested to furnish the Secretary with information related to a transaction under review.
Section 7.101 in this rule clarifies that, under the Secretarys authority pursuant to IEEPA, persons may be required to furnish under oath complete information relative to any ICTS
Transaction under review. The Secretary may require that such reports include the production of any books, contracts, letters, papers, or other hard copy or electronic documents relating to any such act, transaction, or property, in the custody or control of the persons required to make such reports. Reports may be required either before, during, or after an ICTS Transaction under review.
Additionally, under the authorities provided by IEEPA, the Secretary may, through any person or agency, conduct investigations, hold hearings, administer oaths, examine witnesses, receive evidence, take depositions, and require by subpoena the attendance and testimony of witnesses and the production of any books, contracts, letters, papers, and other hard copy or
PO 00000

Frm 00040

Fmt 4700

Sfmt 4700

electronic documents relating to any matter under investigation.
7.102 Confidentiality of Information The proposed rule requested comments and recommendations from stakeholders on additional recordkeeping requirements for information related to transactions.
Most commenters focused on the confidentiality and the public availability of any information received.
Commenters strongly advocated that the Department protect confidential or proprietary business information when making or publishing reports. Some commenters advocated for more open publication of these reports, and how each threat was mitigated or eliminated.
To address these concerns and provide additional certainty for entities required to produce documents related to transactions, the rule clarifies the Departments responsibility to preserve the confidentiality of information requested by the Department.
Specifically, the rule provides that information or documentary materials that are not otherwise publicly or commercially available, submitted or filed with the Secretary under this part, will not be released publicly except to the extent required by law. However, the Secretary may disclose information or documentary materials, not otherwise publicly or commercially available: 1
Pursuant to any administrative or judicial proceeding; 2 pursuant to an act of Congress; 3 pursuant to a request from any duly authorized committee or subcommittee of Congress; 4 pursuant to a request to any domestic governmental entity, or to any foreign governmental entity of a United States ally or partner, information or documentary materials, not otherwise publicly or commercially available and important to the national security analysis or actions of the Secretary, but only to the extent necessary for national security purposes, and subject to appropriate confidentiality and classification requirements; 5 where the parties or a party to a transaction have consented the information or documentary materials not otherwise publicly or commercially available may be disclosed to third parties; and 6 any other purpose authorized by law. These provisions largely incorporate the record release requirements of the Freedom of Information Act, 5 U.S.C.
552. While the Department will, as always, seek to protect business and other confidential information provided by parties, parties providing such information in response to this rule must clearly mark those documents as business or other confidential.

E:FRFM19JAR1.SGM

19JAR1