Section 889 Part B Prohibition

Section 889 Part B of the John S. McCain National Defense Authorization Act for Fiscal Year 2019 (NDAA) establishes federal restrictions on the use and procurement of specific telecommunications equipment and services deemed to pose a national security risk. This prohibition represents a key measure in the U.S. government’s ongoing efforts to protect its information systems, networks, and supply chains from potential foreign interference and cyber threats.

Under Section 889 Part B, federal agencies and contractors are prohibited from using or procuring covered telecommunications equipment or services from certain foreign entities. The goal is to prevent technology linked to adversarial nations from being integrated into federal systems, where it could compromise sensitive information or enable espionage.

The General Services Administration (GSA), the Department of Defense (DoD), and the Federal Acquisition Regulatory Council (FAR Council) play central roles in implementing and enforcing these restrictions across the federal marketplace. For contractors and suppliers, compliance with Section 889 Part B is not optional; it is a mandatory condition for doing business with the federal government.

The Origins and Purpose of Section 889

Section 889 was enacted as part of the 2019 NDAA in response to growing concerns over foreign-made telecommunications equipment being used within U.S. government systems. The legislation was introduced amid heightened awareness of potential cybersecurity risks posed by companies believed to have close ties to foreign governments.

The overarching purpose of Section 889 is to safeguard federal networks and information technology infrastructure from exploitation by foreign adversaries. The law is intended to:

1. Protect sensitive government data from unauthorized access.
2. Prevent potential espionage or cyberattacks through compromised hardware or software.
3. Strengthen the integrity and security of federal supply chains.
4. Promote the use of trusted, verified telecommunications technology within U.S. systems.

Section 889 serves as a cornerstone of federal cybersecurity policy, ensuring that the government and its contractors operate within a secure and trusted digital environment.

The Structure of Section 889: Parts A and B

Section 889 is divided into two key components, Part A and Part B, each addressing different aspects of the restriction.

Part A: Procurement Ban

Part A prohibits federal agencies from procuring or obtaining covered telecommunications equipment or services directly from identified foreign entities. This restriction applies to new acquisitions and renewals of existing contracts.

Part B: Usage Ban

Part B expands the restriction by prohibiting federal contractors themselves from using covered telecommunications equipment or services, even in their internal operations. This means that compliance extends beyond the specific products sold to the government—it encompasses the entire contractor organization and its operations.

Part B is particularly significant because it requires contractors to evaluate their entire supply chain, internal systems, and partnerships to ensure they are not indirectly using prohibited technology.

What Constitutes Covered Telecommunications Equipment and Services

The Federal Acquisition Regulation (FAR) defines covered telecommunications equipment and services as any equipment, system, or service produced or provided by specific companies identified by the federal government as security risks. These include:

1. Huawei Technologies Company.
2. ZTE Corporation.
3. Hytera Communications Corporation.
4. Hangzhou Hikvision Digital Technology Company.
5. Dahua Technology Company.

The prohibition extends to any subsidiary or affiliate of these entities, as well as any equipment or service that uses their technology as a substantial or essential component.

Covered items can include a wide range of products such as routers, switches, video surveillance systems, radio equipment, mobile devices, and cloud-based communication services. The scope of Section 889 is intentionally broad to ensure comprehensive protection of federal systems.

Key Requirements for Federal Contractors

Compliance with Section 889 Part B is mandatory for all federal contractors and subcontractors, regardless of the size or scope of their contracts. To remain eligible for federal awards, contractors must certify that they do not use covered telecommunications equipment or services anywhere in their operations.

Key requirements include:

1. Conducting a Supply Chain Review: Contractors must perform a thorough assessment of their internal systems and suppliers to identify any use of prohibited equipment.
2. Providing Annual Representations: FAR clause 52.204-24 requires contractors to disclose whether they use or plan to use covered telecommunications equipment or services.
3. Maintaining Ongoing Compliance: Contractors must monitor their supply chains continuously and update their disclosures if circumstances change.
4. Reporting Discoveries: If a contractor discovers prohibited equipment after certification, they must promptly report it to the contracting officer and provide a mitigation plan.

Failure to comply can result in severe consequences, including contract termination, suspension, or debarment from future federal contracting opportunities.

The Role of the Federal Acquisition Regulation (FAR)

The Federal Acquisition Regulation serves as the primary vehicle for implementing Section 889 Part B across the federal government. FAR Subpart 4.21 and the associated clauses (such as FAR 52.204-24, FAR 52.204-25, and FAR 52.204-26) outline the specific obligations of contractors and agencies.

These clauses require contractors to represent their compliance status, prohibit the delivery or use of covered equipment, and ensure that subcontractors adhere to the same standards.

The FAR Council periodically updates these clauses to reflect new guidance, technological developments, or additional entities added to the list of prohibited suppliers.

The Role of the General Services Administration

The General Services Administration plays a leading role in enforcing Section 889 compliance through its acquisition systems and contract vehicles. GSA integrates Section 889 requirements into its Federal Supply Schedule (FSS), Multiple Award Schedule (MAS), and other governmentwide acquisition contracts.

For contractors listed on GSA’s MAS program, compliance with Section 889 is a prerequisite for contract award and continued participation. GSA also provides detailed guidance, webinars, and resources to help vendors understand and implement compliance requirements.

By embedding Section 889 provisions into procurement processes, GSA ensures that all technology products and services offered through its platforms meet federal security standards.

Challenges Faced by Contractors

While the intent of Section 889 Part B is clear, compliance can present significant challenges for contractors, especially small businesses and those with complex global supply chains. Common challenges include:

• Identifying Hidden Dependencies: Many companies use third-party suppliers that integrate components from prohibited vendors without disclosing their sources.
• High Cost of Compliance: Conducting comprehensive supply chain audits and replacing equipment can be costly and time-consuming.
• Ambiguity in Scope: Determining whether a piece of technology qualifies as “substantial or essential” can be complex.
• Data Collection from Subcontractors: Ensuring that all subcontractors and vendors comply with Section 889 requirements requires continuous communication and monitoring.

Despite these challenges, federal contractors are expected to demonstrate a good faith effort in identifying and eliminating prohibited technology from their systems.

Best Practices for Achieving Section 889 Compliance

To manage compliance effectively, contractors should adopt a structured approach that integrates risk assessment, supply chain management, and documentation.

Recommended best practices include:

1. Establish a formal compliance team to oversee Section 889 activities.
2. Conduct a detailed inventory of all telecommunications and video surveillance equipment.
3. Develop a supplier questionnaire to identify potential use of covered technology.
4. Implement a continuous monitoring program to track supplier changes and new procurements.
5. Maintain detailed records of assessments, certifications, and communications with suppliers.
6. Provide training for procurement and IT staff on Section 889 requirements.
7. Engage with legal and cybersecurity experts to interpret evolving guidance.

Following these practices helps contractors minimize compliance risks and maintain eligibility for federal contracts.

The Broader Impact of Section 889

Section 889 Part B has had far-reaching effects on both government and industry. For the federal government, it has significantly strengthened the security of information systems by reducing reliance on high-risk foreign technology. For contractors, it has prompted greater awareness of supply chain integrity and cybersecurity.

The prohibition has also accelerated efforts to develop domestic and allied sources of telecommunications technology. By encouraging diversification and innovation, Section 889 contributes to building a more resilient and secure global supply chain.

Furthermore, it has influenced similar initiatives at the state and local levels, as well as among private-sector organizations seeking to align with federal standards for supply chain security.

Enforcement and Oversight

Compliance with Section 889 is monitored by contracting officers, inspectors general, and oversight agencies such as the Office of Management and Budget (OMB). Contractors must maintain accurate records to demonstrate due diligence and compliance during audits or reviews.

If a violation is identified, agencies may require contractors to replace prohibited equipment, implement corrective measures, or, in severe cases, face penalties such as contract termination. The government’s enforcement approach emphasizes both prevention and accountability.

The Future of Section 889 and Supply Chain Security

As global cybersecurity threats continue to evolve, Section 889 represents just one part of a broader federal effort to secure supply chains and technology infrastructure. Future regulations may expand the list of prohibited entities, tighten reporting requirements, or introduce new verification mechanisms.

The principles behind Section 889—transparency, accountability, and risk mitigation—are expected to shape future procurement policies. Technologies such as artificial intelligence and 5G will likely bring additional scrutiny, requiring contractors to adapt continuously to changing security expectations.

Conclusion

Section 889 Part B Prohibition marks a significant milestone in the U.S. government’s commitment to securing its telecommunications and information systems from foreign threats. By restricting the use and procurement of certain high-risk technologies, it protects critical infrastructure and promotes the use of trusted suppliers.

For federal contractors, compliance with Section 889 is not merely a legal obligation—it is a reflection of their commitment to security, transparency, and integrity in serving the government.

As agencies and industry partners continue to collaborate under this framework, Section 889 will remain a cornerstone of federal cybersecurity and supply chain assurance, ensuring that the nation’s digital environment remains secure and resilient for years to come.