Skip to content Skip to left sidebar Skip to right sidebar Skip to footer

Tag: intellectual property

What Brand is Your Telcom and Video?

Section 889 of the FY 2019 National Defense Authorization Act was passed to fight national security and intellectual property threats to the United States.  The legislation includes two prohibitions Part A and Part B. (GSA Section 889 Industry Focused Flyer, GSA.gov, July 16, 2020)

Part A, which became effective on August 13, 2019 bans telecommunications/video surveillance equipment made by the following companies:

  • Huawei Technologies Company
  • ZTE Corporation
  • Hytera Communications Corporation
  • Hangzhou Hikvision Digital Technology Company
  • Dahua Technology Company

Part A can be found in the Federal Acquisition Regulation (FAR) at FAR subpart 2.1.

Part B, effective 13 August 2020, prohibits the government from contracting with any organization that uses equipment or services of any of the companies listed under Part A. Part B applies, whether or not that usage is in performance of work under a Federal contract. In other words, if you use any of the banned companies in the fulfillment of a  non-government contract, you will be prohibited from working with the government. All contractors must verify whether they do or do not use prohibited telecommunications/video surveillance equipment or services. Part B has been added to the Federal Acquisition Regulation (FAR) at FAR subpart 4.21. (ibid)

GSA recommends companies to complete an in-depth review of all in-house technology to rule out using banned companies in Part A . If prohibited equipment or services are being used, companies that wish to continue doing business with the government must eliminate them. GSA does not take responsibility for changes contractors make, unless done so by a modification to a current contract.

However, two possible waiver procedures with extremely high standards are available. This is to ensure waivers are not used to get “around” the prohibitions.

GSA is modifying all solicitations, Indefinite Delivery Vehicles (IDVs), GWACs, and other IDIQ contracts, to include Section 889 Part B requirements immediately. These requirements will be added to GSA’s existing non-IDV contracts as those contracts have their periods of performance extended.

GSA is hosting the following events so that industry may obtain additional guidance:

  1. The GSA Office of Small Business Utilization webinar on Section 889, July 30, 2020, 2:00 p.m. EST, registration may be found here.
  2. GSA recorded virtual webinar August 12, 2020, at 1:00 p.m. EST, registration forthcoming. This webinar will include leaders from GSA’s business lines explaining how they are implementing Section 889 into their business lines and panelists will answer pre-collected questions. (Questions may be sent to gsaombudsman@gsa.gov to arrive by COB August 5, 2020.) (ibid)

GSA recommends that vendors study the tools and publications to aid their understanding and compliance, as provided in Acquisition.gov.

Not certain if your contract is affected by Section 889 Part B and if so, what you can do? Give us a call.

New Cybersecurity Certification Requirements

The Office for the Under Secretary of Defense and Sustainment (OUSD (A&S)) recently released its Cyber Security Maturity model Certification (CMMC). DoD stakeholders, University Affiliated Research Centers (UARCs), Federally Funded Research and Development Centers (FFRDCs) and the Defense Industrial Base (DIB) all had a hand in developing the CMMC model. This model measures cybersecurity maturity using five levels (from basic to advanced) and aligns a set of processes and practices with the type and sensitivity of the information to be protected and any associated threats to that information. (CMMC Model v1.0, January 30, 2020)

DoD’s CMMC enhances the protection of:

  • Federal Contract Information (FCI) provided or generated by the government, but not intended for public release
  • Controlled Unclassified Information (CUI), which requires safeguarding or dissemination consistent with laws, regulations and government-wide policies. (ibid)

The CMMC model includes the safeguarding requirements for FCI spelled out in FAR clause 52.204-21 and the security requirements for CUI stated in the National Institute of Standards and Technology (NIST) Special Publication (SP) 800-171 per DFARS clause 252.204-7012 [3,4,5].

Included in the CMMC model is a certification piece verifying the implementation of cybersecurity maturity measure processes and practices. This is intended to deliver assurance to the DoD that contractors and subcontractors can sufficiently protect CUI at a level equal to the risk. (ibid)

To obtain a full overview of the CMMC Model, domains, practices, and processes, please review the Cybersecurity Maturity Model Certification.

Have questions about the effect on your current contract or one in works? Give us a call.