#  DOJ Data Security Program 

 



 ##  

  expand\_more  

 
  

 

The Data Security Program (“DSP”) implemented by the National Security Division (“NSD”)  
under Executive Order 14117 comprehensively and proactively addresses the continued efforts  
of foreign adversaries to use commercial activities to access, exploit, and weaponize U.S.  
Government-related data and Americans’ bulk sensitive personal data.



 

##  Data Security Program: Frequently Asked Questions 

On January 8, 2025, NSD issued a final rule implementing Executive Order 14117, which is now  
available at 28 CFR Part 202. Unless otherwise indicated, all citations are to the sections of the  
DSP regulations in 28 CFR Part 202. These Frequently Asked Questions (“FAQs”) address high-  
level clarifications about Executive Order 14117 and the DSP. NSD, which implements the DSP  
primarily through the Foreign Investment Review Section, will periodically update this list of  
FAQs with additional questions and answers...

[*Data Security Program: Frequently Asked Questions (PDF)*](<https://support.dataverse.harvard.edu/sites/g/files/omnuum821/files/2026-01/DOJ FAQ_PUBLIC.pdf>)



 

##  U.S. Data Security Program Cheat Sheet 

The U.S. Department of Justice’s final rule on protecting Americans’ sensitive data took effect on 8 April 2025. The Data Security Program was adopted pursuant to Executive Order 14117 and is implemented by the DOJ’s National Security Division. The DSP establishes controls to prevent foreign adversaries, and those subject to their control and direction, from accessing bulk U.S. sensitive personal data and U.S. government-related data.

- [U.S. Data Security Program Cheat Sheet (PDF)](<https://support.dataverse.harvard.edu/sites/g/files/omnuum821/files/2026-01/Bulk Data Cheat Sheet_PUBLIC.pdf>)