Cybersecurity Awareness Month is a good time to highlight one trend in federal efforts to address cyber risk: proscriptive regulation of the information and communications technology and services (“ICTS”) supply chain.

Supply chain risk management is a broad field encompassing, among other things, federal efforts to improve software security, and proposals to revise the FAR

On September 15, 2022, President Biden issued an executive order (the “Order”) to provide further detail and expand on the factors that the Committee on Foreign Investment in the United States (“CFIUS”) uses to evaluate whether a foreign investment provides a risk to US national security. The Order1 is the first executive order to

On January 19, 2021, the US Department of Commerce (“Commerce”) issued a long-awaited interim final rule (“Interim Final Rule”),1 which would enable Commerce to prohibit or otherwise restrict transactions involving the information and communication technology and services (“ICTS”) supply chain, including both hardware and software, that have a nexus to certain designated “foreign adversaries,”

On August 13, 2018, President Trump signed into law the Foreign Investment Risk Review Modernization Act, or FIRRMA, legislation designed to enhance US national security and protect US technological achievements and superiority.

FIRRMA contains a number of provisions that modify the scope and responsibilities of the Committee on Foreign Investment in the United States, or

The Trans-Pacific Partnership trade agreement (TPP) was signed on February 4, 2016. The TPP concerns a wide range of issues and has been negotiated over several years by the United States and 11 Pacific Rim trading partners (collectively, the Parties). Signing the agreement is not ratification. Rather, it triggers the process by which the TPP