Yesterday, the OMB’s Office of Information and Regulatory Affairs announced that it had approved a notice of proposed rulemaking for DOC’s Bureau of Industry and Security on “Taking Additional Steps to Address the National Emergency With Respect to Significant Malicious Cyber-Enabled Activities”. The NPRM was sent to OIRA on August 16th, 2024.
According to the Fall 2023 Unified Agenda entry for this
rulemaking:
“Executive
Order 13984 [link added] of January 19, 2021, Taking Additional Steps To
Address the National Emergency With Respect to Significant Malicious
Cyber-Enabled Activities, (EO 13984 or the EO) directs the Secretary of
Commerce (Secretary) to propose regulations requiring certain providers and
resellers of certain Infrastructure as a Service (IaaS) products to verify the
identity of their foreign customers permitting the Secretary, in consultation
with Secretary of Defense, the Attorney General, the Secretary of Homeland
Security, and the Director of National Intelligence, to grant exemptions to the
verification requirement; and authorizing the Secretary to impose special
measures on providers with regard to certain foreign jurisdictions or foreign
persons. The Department of Commerce (Department) issues this notice of proposed
rulemaking (NPRM) to solicit comment on proposed regulations to implement
Sections 1, 2, and 5 of EO 13984.”
Posts
1 comment:
Indeed the Broadcom advisory is confusing. It does list three products as you noticed but gives no details for the 2 other products, as a user I cannot do much with such advisories.
Also, if I were to be a Broadcom user, and I search the KEV for Broadcom-related advisories, there's none to be found. How can I know that there is a GNU component in these products? Vulnerability trackers might not know about the relation. Time for SBOM!
You are right regarding the exploits for the library very likely not working on the devices. Vendors can do something here to help/inform us.
Post a Comment