Commerce Seeks Comment to Implement Trump Cybersecurity Order on Logging Foreign Actors  


The rule would require cloud providers to verify the identities of certain users. 

The Commerce Department wants feedback on how it should shape rules for infrastructure-as-a-service providers to protect against foreign cyber threats.

“IaaS products provide the ability to run software and store data on servers offered for rent or lease without responsibility for the maintenance and operating costs of those servers,” reads a notice published in the Federal Register Friday. “The United States must ensure that providers offering United States IaaS products verify the identity of persons obtaining an IaaS account for the provision of these products and maintain records of those transactions.”

The rules are required under Executive Order 13984, one among a slew of orders former President Donald Trump issued on his way out of office. President Joe Biden almost immediately reversed many of those, but kept EO 13984 in the wake of multiple large-scale attacks. The order highlights the role of resellers, which some observers believe were connected to the attack on Microsoft Office 365 software.  

Comments are due within 30 days on the advanced notice of proposed rulemaking which is one part of a larger push to secure the information and communications technology ecosystem, particularly through scrutiny of the software supply chain. 

NEXT STORY: What’s Next in Cybersecurity