Which technologies are banned?

The following technologies have been banned:

Telecommunications equipment produced by
Video surveillance and telecommunications equipment produced by
  • Huawei Technologies Company
  • ZTE Corporation
  • Any subsidiaries or affiliates of the above
  • Hytera Communications Corporation
  • Hangzhou Hikvision Digital Technology Company
  • Dahua Technology Company
  • Any subsidiaries or affiliates of the above

What contractors are covered?

All government contractors and subcontractors are required to comply.

DoD Contractors 889 Section B applies to contract vehicles for commercial items, including COTS items, purchases below the simplified acquisition threshold, task/delivery orders, and Basic Ordering Agreement and Blanket Purchase Agreements DoD solicitations awarded after August 13, 2020 will now require compliance with:

  • FAR 52.204-24, Representation Regarding Certain Telecommunications and Video Surveillance Services or Equipment
  • FAR 52.204-25, Prohibition on Contracting for Certain Telecommunications and Video Surveillance Services or Equipment.

Existing DoD agreements will be modified to include FAR 52.204-24 if “executing a modification to extend the period of performance, including exercising an option,” after August 13, 2020.  Officers are directed to permit contractors to have a sufficient period to provide notice for exercising the option as well as provide the representation but provides no specific GSA Multiple Award Schedule (MAS) solicitations now include a requirement for incorporating Section 889 Part B of FY19 National Defense Authorization Act into all existing MAS contracts.

  • MAS contractors will have 90 days to accept the August 13, 2020, modification.
  • In the interim, orders may not be placed under the contract until the contract is modified to incorporate FAR clause 52.204-25.

GSA may initiate a “contract ending action” for those MAS contractors that fail to accept the modification by the deadline.

Waivers

Section 889(d) permits waivers when granted by the Director of National Intelligence as deemed “in the national security interests of the United States,” and when the head of an executive agency issues a one-time waiver on a case-by-case basis. Waiver determinations may not be processed until offers are received and representations regarding the use of covered telecommunications equipment and services has been reviewed.

Steps to Compliance with 889B

  1. Technology
    1. Adopt an “Enterprise Tracking Tool” and integrate with your existing systems
  2. Corporate Policy
    1. Assign responsibility for implementation of compliance with 889b
    2. Draft an 889B policy & implement it across your organization
    3. Institute training on compliance
    4. Implement a plan to remove & replace non-compliant equipment and services
  3. Discovery
    1. Obtain a list of covered products
    2. Conduct discovery to identify any current or former covered products or services by obtaining information from procurement, contracts & legal, IT, and Telecom departments.
  4. Subcontractors & Data Exchange
    1. Notify subcontractors of their obligations to comply with 889B and direct them on methods for implementing & representing their compliance
    2. Participate in a contractor data exchange

Fortress Solutions Help You Prepare for 889B Compliance

  • Software Platform
  • Assessments
  • Data & Analytics
  • Information Exchange

NDAA Section 889 3

Software Platform

Fortress is an Orchestration Platform with modules to manage third party risk and vulnerability risk

NDAA Section 889 4

Assessments

Fortress provides vendor and product assessments, resolution and program management. Assessment services can be interchanged throughout the contract.

NDAA Section 889 5

Data & Analytics

Fortress subscribes to dozens of data sources and has a team of research analysts that enable data-driven solutions and comprehensive monitoring.

NDAA Section 889 6

Information Exchange

The Asset to Vendor Network is the only exchange that is utility focused, offers royalties and provides both product and vendor assessments.

NDAA Section 889 7

Get in touch

Want to find out how Fortress can solve problems specific to your business?

Let's connect!

NDAA Section 889 8407.573.6800

NDAA Section 889 9sales@fortressinfosec.com

 


NDAA Section 889 10

NDAA Section 889 11 NDAA Section 889 12 NDAA Section 889 13

189 S. Orange Avenue, Ste 1950, Orlando, FL 32801
(407) 573.6800
sales@fortressinfosec.com

COPYRIGHT © 2020. FORTRESS INFORMATION SECURITY. ALL RIGHTS RESERVED. PRIVACY POLICY

DOWNLOAD THE FULL

THREAT INTELLIGENCE REPORT

ORACLE LINUX 7 REPOSITORIES INFECTED WITH “HTML.EXPLOIT.C99-24” EXPLOIT

DOWNLOAD THE FULL

THREAT INTELLIGENCE REPORT

ZOOM VIDEO CONFERENCING AND COMMUNICATIONS

THREAT INTELLIGENCE REPORT

Windows CryptoAPI Vulnerability

White Paper

Asset to Vendor Network for Power Utilities

PRESS RELEASE

FORTRESS LAUNCHES INNOVATIVE COLLABORATION TO HELP PROTECT THE POWER GRID FROM CYBER THREATS

Emerging Risk Brief

ASSET RISK MANAGEMENT - FOR PORT AUTHORITIES

Advisory

5 STEPS FOR AN EFFECTIVE THIRD PARTY VENDOR RISK PROGRAM

White Paper

CIP COMPLIANCE – UPDATES, ENFORCEMENT AND PRACTICAL IMPLEMENTATION

Advisory

5 STEPS TO A STRONG VULNERABILITY MANAGEMENT PROGRAM

WHITE PAPER

NERC CIP COMPLIANCE

Subscribe to Fortress Newsletter

For breach reports, threat intelligence, regulatory updates, cyber security news alerts and more, sign up to receive the Fortress Newsletter.

No, thanks!

Threat Advisory

Outdated Security Appliance Facilitates Denial-of-Service Attack on U.S. Grid

WEBINAR DOCUMENT

NERC CIP SUPPLY CHAIN SECURITY STANDARDS