Educational Information Only
This page provides general educational information about cybersecurity laws and regulations. It does not constitute legal advice, legal interpretation, or a substitute for professional legal counsel. Laws change frequently. Always consult a qualified attorney and verify current requirements directly from official government sources before making compliance decisions. DecipherU is not a law firm and does not provide legal services.
National Defense Authorization Act Section 889
NDAA Section 889 prohibits US government agencies from procuring cybersecurity and telecommunications equipment from specified Chinese manufacturers (Huawei, ZTE, Hytera, Hikvision, Dahua). This cybersecurity supply chain law also prohibits agencies from contracting with entities that use covered equipment. It applies to both direct purchases and contractor systems.
Quick Reference
Key Requirements
Section 889(a)(1)(A)
Agencies may not procure covered telecommunications equipment or services from specified entities
Section 889(a)(1)(B)
Agencies may not contract with entities that use covered equipment as a substantial or essential component
FAR 52.204-25
Contractors must represent whether they use covered telecommunications equipment and report any discoveries during contract performance
How Does NDAA § 889 Affect Cybersecurity Careers?
Supply chain security analysts must audit hardware and software inventories for prohibited equipment. GRC analysts at defense contractors need to verify Section 889 compliance in their supply chains. Security architects must design solutions that exclude covered equipment.
How Does NDAA § 889 Affect Cybersecurity Sales?
Cybersecurity vendors must certify their products do not contain components from covered entities. Supply chain risk management platforms can position Section 889 compliance as a use case. Sales teams selling to federal buyers should proactively address Section 889 in proposals.
Cybersecurity Roles That Work With NDAA § 889
Related Cybersecurity Certifications
Related Cybersecurity Laws
Read the full text of NDAA § 889 at the official source: https://www.congress.gov/bill/115th-congress/house-bill/5515/text
Frequently Asked Questions
What is NDAA § 889 in cybersecurity?
NDAA Section 889 prohibits US government agencies from procuring cybersecurity and telecommunications equipment from specified Chinese manufacturers (Huawei, ZTE, Hytera, Hikvision, Dahua). This cybersecurity supply chain law also prohibits agencies from contracting with entities that use covered equipment. It applies to both direct purchases and contractor systems.
How does NDAA § 889 affect cybersecurity careers?
Supply chain security analysts must audit hardware and software inventories for prohibited equipment. GRC analysts at defense contractors need to verify Section 889 compliance in their supply chains. Security architects must design solutions that exclude covered equipment.
What are the penalties for NDAA § 889 non-compliance?
Contract termination, debarment from government contracting
Educational Information Only
This page provides general educational information about cybersecurity laws and regulations. It does not constitute legal advice, legal interpretation, or a substitute for professional legal counsel. Laws change frequently. Always consult a qualified attorney and verify current requirements directly from official government sources before making compliance decisions. DecipherU is not a law firm and does not provide legal services.
Sources
Explore Related Cybersecurity Resources
Get cybersecurity career insights delivered weekly
Join cybersecurity professionals receiving weekly intelligence on threats, job market trends, salary data, and career growth strategies.
Get Cybersecurity Career Intelligence
Weekly insights on threats, job trends, and career growth.
Unsubscribe anytime. More options