The Department of Commerce has issued a notice of proposed rulemaking (NPRM) that seeks comment on procedures the Secretary of Commerce plans to use to identify, assess and address potential security risks from the information and communications technology and services (ICTS) supply chain. There will be a 30-day comment period about the DOC communications supply chain threat rules.

Executive Order 13873, “Securing the Information and Communications Technology and Services (ICTS) Supply Chain,” issued by President Trump on May 15 gives the Secretary of Commerce the right, in consultation with relevant federal agencies, to prohibit or mitigate ICTS-based transactions deemed to pose “undue risk to ICTS in the United States, to the critical infrastructure or the digital economy in the United States, or an unacceptable risk to national security or to the security and safety of U.S. persons,” according to the Department of Commerce.

DOC Communications Supply Chain Threat Rules
Secretary of Commerce Wilbur Ross has adopted a “case-by-case, fact-specific approach” to choose which transactions must be prohibited or mitigated, the DOC said. He will use assessments developed by the Director of National Intelligence and other approaches in his evaluations.

“These actions will safeguard the Information and Communications Technology Supply Chain,” Ross said in a press release. “These rules demonstrate our commitment to securing the digital economy, while also delivering on President Trump’s commitment to our digital infrastructure.”

The DOC news follows FCC action last week to prevent wireless carriers from receiving funding through the Universal Service Fund (USF) program from spending it on equipment and services from Chinese vendors Huawei and ZTE.

The FCC also adopted a further notice of proposed rulemaking seeking comment on a proposal to require carriers receiving USF funds to remove and replace equipment from the two companies. ZTE and Huawei are accused of having products with backdoors that could enable them to spy on the U.S. It was also found that Huawei devices had an average of 102 known vulnerabilities in testing.