House Document 117-11: Taking Additional Steps to Address the National Emergency with Respect to Significant Malicious Cyber-Enabled Activities, Communication from the President of the United States, Transmitting Additional Steps to Address the National Emergency with Respect to Significant Malicious Cyber-Enabled Activities as Declared in Executive Order 13694 of April 1, 2015, Pursuant to 50 U.S.c. 1703(b); Public Law 95- 223, SEC. 204(b); (91 Stat. 1627) and 50 U.S.c. 1641(b); Public Law 94-412, SEC. 401(b); (90 Stat. 1257), January 21, 2021 [open pdf - 270KB]
From the Executive Order: "[A]dditional steps must be taken to deal with the national emergency related to significant malicious cyber-enabled activities declared in Executive Order 13694 of April 1, 2015 (Blocking the Property of Certain Persons Engaging in Significant Malicious Cyber-Enabled Activities), as amended, to address the use of United States Infrastructure as a Service (IaaS) products by foreign malicious cyber actors. [...] This order provides authority to impose record-keeping obligations with respect to foreign transactions. To address these threats, to deter foreign malicious cyber actors' use of United States IaaS products, and to assist in the investigation of transactions involving foreign malicious cyber actors, the United States must ensure that providers offering United States IaaS products verify the identity of persons obtaining an IaaS account ('Account') for the provision of these products and maintain records of those transactions. In appropriate circumstances, to further protect against malicious cyber-enabled activities, the United States must also limit certain foreign actors' access to United States IaaS products. Further, the United States must encourage more robust cooperation among United States IaaS providers, including by increasing voluntary information sharing, to bolster efforts to thwart the actions of foreign malicious cyber actors."
House Document 117-11
U.S. Government Publishing Office: http://www.gpo.gov/