Saturday, January 20, 2024

OMB Approves BIS Cyber-Enabled Activities NPRM

Yesterday, the OMB’s Office of Information and Regulatory Affairs announced that it had approved a notice of proposed rulemaking for DOC’s Bureau of Industry and Security on “Taking Additional Steps to Address the National Emergency With Respect to Significant Malicious Cyber-Enabled Activities”. The NPRM was sent to OIRA on August 16th, 2024.

According to the Fall 2023 Unified Agenda entry for this rulemaking:

Executive Order 13984 [link added] of January 19, 2021, Taking Additional Steps To Address the National Emergency With Respect to Significant Malicious Cyber-Enabled Activities, (EO 13984 or the EO) directs the Secretary of Commerce (Secretary) to propose regulations requiring certain providers and resellers of certain Infrastructure as a Service (IaaS) products to verify the identity of their foreign customers permitting the Secretary, in consultation with Secretary of Defense, the Attorney General, the Secretary of Homeland Security, and the Director of National Intelligence, to grant exemptions to the verification requirement; and authorizing the Secretary to impose special measures on providers with regard to certain foreign jurisdictions or foreign persons. The Department of Commerce (Department) issues this notice of proposed rulemaking (NPRM) to solicit comment on proposed regulations to implement Sections 1, 2, and 5 of EO 13984.”

1 comment:

Anonymous said...

Indeed the Broadcom advisory is confusing. It does list three products as you noticed but gives no details for the 2 other products, as a user I cannot do much with such advisories.

Also, if I were to be a Broadcom user, and I search the KEV for Broadcom-related advisories, there's none to be found. How can I know that there is a GNU component in these products? Vulnerability trackers might not know about the relation. Time for SBOM!

You are right regarding the exploits for the library very likely not working on the devices. Vendors can do something here to help/inform us.

 
/* Use this with templates/template-twocol.html */