CISA Files Security Requirements for DOJ’s Data Broker Rule
DOJ rules blocking large-scale transfers of Americans’ personal data to entities in hostile nations will apply to data used to “achieve business purposes,” the Cybersecurity and Infrastructure Security Agency said Monday. The security requirements were included in a notice for Wednesday's Federal Register.
Sign up for a free preview to unlock the rest of this article
The new requirements apply to DOJ’s final rule, which was issued Dec. 27 in response to executive order 14117. President Joe Biden signed the measure targeting transactions between data brokers and entities in six countries: China, Iran, Russia, North Korea, Cuba and Venezuela (see 2402280075). CISA was directed to develop security requirements for classes of restricted transactions. Assets are defined as “data, personnel, devices, systems, and facilities that enable the organization to achieve business purposes," CISA said. Covered data includes “government-related data” and “bulk U.S. sensitive personal data,” said CISA.