Chinese-manufactured unmanned aircraft systems (UAS), more commonly referred to as drones, continue to pose a significant risk to critical infrastructure and U.S. national security. While any UAS could have vulnerabilities that enable data theft or facilitate network compromises, the People’s Republic of China (PRC) has enacted laws that provide the government with expanded legal grounds for accessing and controlling data held by firms in China. The use of Chinese-manufactured UAS requires careful consideration and potential mitigation to reduce risk to networks and sensitive information. The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) encourage U.S. critical infrastructure owners and operators to procure UAS that follow secure-bydesign principles, including those manufactured by U.S. companies. CISA and FBI further recommend following principles and implementing cybersecurity recommendations listed in this guidance to any organization procuring and operating UAS.