NDAA Section 889 | Fortress Information Security

Which technologies are banned?

The following technologies have been banned:

Telecommunications equipment produced by

Video surveillance and telecommunications equipment produced by

Huawei Technologies Company
ZTE Corporation
Any subsidiaries or affiliates of the above

Hytera Communications Corporation
Hangzhou Hikvision Digital Technology Company
Dahua Technology Company
Any subsidiaries or affiliates of the above

What contractors are covered?

All government contractors and subcontractors are required to comply.

DoD Contractors 889 Section B applies to contract vehicles for commercial items, including COTS items, purchases below the simplified acquisition threshold, task/delivery orders, and Basic Ordering Agreement and Blanket Purchase Agreements DoD solicitations awarded after August 13, 2020 will now require compliance with:

FAR 52.204-24, Representation Regarding Certain Telecommunications and Video Surveillance Services or Equipment
FAR 52.204-25, Prohibition on Contracting for Certain Telecommunications and Video Surveillance Services or Equipment.

Existing DoD agreements will be modified to include FAR 52.204-24 if “executing a modification to extend the period of performance, including exercising an option,” after August 13, 2020. Officers are directed to permit contractors to have a sufficient period to provide notice for exercising the option as well as provide the representation but provides no specific GSA Multiple Award Schedule (MAS) solicitations now include a requirement for incorporating Section 889 Part B of FY19 National Defense Authorization Act into all existing MAS contracts.

MAS contractors will have 90 days to accept the August 13, 2020, modification.
In the interim, orders may not be placed under the contract until the contract is modified to incorporate FAR clause 52.204-25.

GSA may initiate a “contract ending action” for those MAS contractors that fail to accept the modification by the deadline.

Waivers

Section 889(d) permits waivers when granted by the Director of National Intelligence as deemed “in the national security interests of the United States,” and when the head of an executive agency issues a one-time waiver on a case-by-case basis. Waiver determinations may not be processed until offers are received and representations regarding the use of covered telecommunications equipment and services has been reviewed.

Steps to Compliance with 889B

Technology
1. Adopt an “Enterprise Tracking Tool” and integrate with your existing systems
Corporate Policy
1. Assign responsibility for implementation of compliance with 889b
2. Draft an 889B policy & implement it across your organization
3. Institute training on compliance
4. Implement a plan to remove & replace non-compliant equipment and services
Discovery
1. Obtain a list of covered products
2. Conduct discovery to identify any current or former covered products or services by obtaining information from procurement, contracts & legal, IT, and Telecom departments.
Subcontractors & Data Exchange
1. Notify subcontractors of their obligations to comply with 889B and direct them on methods for implementing & representing their compliance
2. Participate in a contractor data exchange

Fortress Solutions Help You Prepare for 889B Compliance

Software Platform
Assessments
Data & Analytics
Information Exchange

Software Platform

Fortress is an Orchestration Platform with modules to manage third party risk and vulnerability risk

Assessments

Fortress provides vendor and product assessments, resolution and program management. Assessment services can be interchanged throughout the contract.