Thursday, October 21, 2021

Review - BIS Publishes Cybersecurity Export Controls Interim Final Rule

Today the DOC’s Bureau of Industry and Security (BIS) published an interim final rule (IFR) in the Federal Register (86 FR 58205-58216) on “Information Security Controls: Cybersecurity Items”. This interim final rule outlines the progress the United States has made in export controls pertaining to cybersecurity items and revised Commerce Control List (CCL) implementation.

According to the Summary from the preamble:

“Specifically, this rule establishes a new control on these items for National Security (NS) and Anti-terrorism (AT) reasons, along with a new License Exception Authorized Cybersecurity Exports (ACE) that authorizes exports of these items to most destinations except in the circumstances described. These items warrant controls because these tools could be used for surveillance, espionage, or other actions that disrupt, deny or degrade the network or devices on it.”

The effective date for this IFR is January 19th, 2022. BIS is soliciting public comments on this rule. Comments may be submitted via the Federal eRulemaking Portal (; Docket # BIS-2020-0038). Comments should be submitted by December 6th, 2021.

For more details about the IFR including changes to the existing cyber related ECCNs, see my article at CFSN Detailed Analysis - - subscription required.

No comments:

/* Use this with templates/template-twocol.html */