Securing the Information and Communications Technology and Services Supply Chain; Connected Software Applications

On November 26, 2021, the Department of Commerce (Department) published a Notice of Proposed Rulemaking (NPRM) proposing to amend Department regulations, "Securing the Information and Communications Technology Supply Chain," to implement provisions of Executive Order 14034, "Protecting Americans' Sensitive Data from Foreign Adversaries" (E.O. 14034). This final rule responds to, and adopts changes based on, the comments received to the NPRM. Consistent with the factors enumerated in E.O. 14034, the final rule amends the Securing the Information and Communications Technology Supply Chain regulations to provide additional criteria that the Secretary may consider when determining whether ICTS transactions involving connected software applications present undue or unacceptable risks (as those terms are defined in the regulations). The final rule also adds definitions for "end-point computing devices" and "via the internet" for the purposes of this rule to clarify the definition of connected software applications provided in E.O. 14034.