Article Details

CISA proposes new security requirements to protect govt, personal data. The U.S. Cybersecurity & Infrastructure Security Agency (CISA) is proposing security requirements to prevent adversary states from accessing American's personal data as well as government-related information. The requirements are aimed at entities that engage in restricted transactions that involve bulk U.S. sensitive personal data or U.S. government-related data, especially if the info is exposed to "countries of concern" or "covered persons." The proposal is linked to the implementation of Executive Order 14117, signed by President Biden earlier this year, aimed at addressing severe data security liabilities that extend to or amplify national security risks. Impacted organizations may include technology businesses such as AI developers and cloud service providers, telecommunication firms, health and biotech organizations, financial institutions, and defense contractors. Countries of concern typically refer to nations the U.S. government views as adversarial or posing a security risk due to a history of cyber espionage, data breaches, and state-sponsored hacking campaigns. Security requirements CISA proposes security measures categorized into organizational/system-level requirements and data-level requirements. Below is a summary of some of them:  CISA is looking for public input to further develop the proposal into its final form. Those interested in doing so can visit regulations.gov, enter CISA-2024-0029 in the search field, click the "Comment Now!" icon, and then enter their comments in the fields.