Federal Register - January 25, 2021
Versione di testo Cosa è?Dateas è un sito indipendente non affiliato a entità governative. La fonte dei documenti PDF che pubblichiamo qui è l'entità governativa indicata in ciascuno di essi. Le versioni in testo sono trascrizioni che realizziamo per facilitare l'accesso e la ricerca di informazioni, ma possono contenere errori o non essere complete.
Source: Federal Register
Federal Register / Vol. 86, No. 14 / Monday, January 25, 2021 / Presidential Documents
6837
Presidential Documents
Executive Order 13984 of January 19, 2021
Taking Additional Steps To Address the National Emergency With Respect to Significant Malicious Cyber-Enabled Activities By the authority vested in me as President by the Constitution and the laws of the United States of America, including the International Emergency Economic Powers Act 50 U.S.C. 1701 et seq. IEEPA, the National Emergencies Act 50 U.S.C. 1601 et seq. NEA, and section 301 of title 3, United States Code:
I, DONALD J. TRUMP, President of the United States of America, find that additional steps must be taken to deal with the national emergency related to significant malicious cyber-enabled activities declared in Executive Order 13694 of April 1, 2015 Blocking the Property of Certain Persons Engaging in Significant Malicious Cyber-Enabled Activities, as amended, to address the use of United States Infrastructure as a Service IaaS products by foreign malicious cyber actors. IaaS products provide persons the ability to run software and store data on servers offered for rent or lease without responsibility for the maintenance and operating costs of those servers.
Foreign malicious cyber actors aim to harm the United States economy through the theft of intellectual property and sensitive data and to threaten national security by targeting United States critical infrastructure for malicious cyber-enabled activities. Foreign actors use United States IaaS products for a variety of tasks in carrying out malicious cyber-enabled activities, which makes it extremely difficult for United States officials to track and obtain information through legal process before these foreign actors transition to replacement infrastructure and destroy evidence of their prior activities;
foreign resellers of United States IaaS products make it easier for foreign actors to access these products and evade detection. This order provides authority to impose record-keeping obligations with respect to foreign transactions. To address these threats, to deter foreign malicious cyber actors use of United States IaaS products, and to assist in the investigation of transactions involving foreign malicious cyber actors, the United States must ensure that providers offering United States IaaS products verify the identity of persons obtaining an IaaS account Account for the provision of these products and maintain records of those transactions. In appropriate circumstances, to further protect against malicious cyber-enabled activities, the United States must also limit certain foreign actors access to United States IaaS products. Further, the United States must encourage more robust cooperation among United States IaaS providers, including by increasing voluntary information sharing, to bolster efforts to thwart the actions of foreign malicious cyber actors.
jbell on DSKJLSW7X2PROD with EXECORD2
Accordingly, I hereby order:
Section 1. Verification of Identity. Within 180 days of the date of this order, the Secretary of Commerce Secretary shall propose for notice and comment regulations that require United States IaaS providers to verify the identity of a foreign person that obtains an Account. These regulations shall, at a minimum:
a set forth the minimum standards that United States IaaS providers must adopt to verify the identity of a foreign person in connection with the opening of an Account or the maintenance of an existing Account, including:
VerDate Sep<11>2014
17:24 Jan 22, 2021
Jkt 253001
PO 00000
Frm 00001
Fmt 4790
Sfmt 4790
E:FRFM25JAE2.SGM
25JAE2
