Last Updated on January 20, 2023 by Josh Mahan
The National Defense Authorization Act (NDAA) is a federal law that authorizes the U.S. military to conduct operations worldwide. Read on to learn more about NDAA compliance and what you need to do to stay within the law.
What is The NDAA?
The National Defense Authorization Act (NDAA) is a United States federal law that prescribes the budgeting process for the Department of Defense and for military construction. The NDAA also lays out guidelines for how businesses can protect themselves from becoming inadvertently complicit in these operations. Congress must pass the NDAA each year to fund the military.
What is NDAA Compliance?
To comply with the NDAA, businesses must implement specific security measures to protect their information systems. These measures include things like ensuring data is encrypted, implementing multi-factor authentication, and conducting regular risk assessments. Failure to comply with the NDAA can result in steep penalties, including the loss of government contracts.
The Evolution of the NDAA
The history of the NDAA begins in 1961 when Congress first enacted legislation to authorize funding for the DOD. In subsequent years, Congress has passed an annual NDAA to continue this authorization. This process ensures that each year’s funding is provided in a timely and efficient manner while also allowing Congress to conduct regular oversight of DOD programs and activities.
Do you want to know more about the Technology industry? Visit our blog today!
Prohibition of Certain Telecommunications and Video Surveillance Equipment
NDAA Section 889 prohibits the U.S. government from procuring or entering into contracts for procuring telecommunications equipment or services that use specific Chinese-manufactured equipment or services. The goal of this section is to protect the U.S. against espionage and other threats posed by Chinese telecom equipment and services.
Why is NDAA Section 889 Compliance Important?
If your business provides telecommunications equipment or services to the U.S. government, it’s crucial that you ensure that your products and services are in compliance with NDAA Section 889. Non-compliance could result in your business being barred from doing business with the U.S. government, which could have a devastating impact on your bottom line. Furthermore, even if your business doesn’t provide products or services directly to the government, it’s still important to be compliant because many contractors who do business with the government will only work with other contractors who are also compliant.
How Can My Business Become Compliant with NDAA Section 889?
If you want to become compliant with NDAA Section 889, there are a few steps you’ll need to take. First, you’ll need to assess whether any of the equipment or services you provide use Chinese-manufactured components. If they do, you’ll need to replace those components with ones that aren’t manufactured in China. Additionally, you’ll need to put procedures in place to ensure that any future equipment or services you procure don’t use Chinese-manufactured components. Finally, you’ll need to provide documentation proving that your products and services are in compliance with NDAA Section 889.
FY2021 NDAA Examples
The 2021 NDAA includes a number of compliance-related provisions that businesses should be aware of, including a requirement for certain contractors to use E-Verify when hiring employees. Here are some key compliance requirements contained in the FY2021 NDAA and explain why businesses should care about them.
E-Verify Requirement: Section 1611 of the FY2021 NDAA requires all federal contractors and subcontractors to use E-Verify when hiring employees. The E-Verify system is operated by the U.S. Department of Homeland Security and confirms that an employee is authorized to work in the United States. Contractors who fail to comply with this requirement risk losing their contracts with the federal government.
Hiring Preferences for Federal Employees: Section 1784 of the FY2021 NDAA gives hiring preferences to certain categories of veterans when filling vacant positions within the federal government. This section applies to positions at all levels, from entry-level positions to senior executive positions. Businesses that are seeking to fill vacant positions within the federal government should keep this section in mind when making hiring decisions.
Related Link: Security Technology: New & Future Trend Guide
NDAA Compliance & CyberSecurity
Part of the NDAA includes a section on cybersecurity, which sets forth standards for securing federal contractors’ information systems. The reason the NDAA includes provisions on cybersecurity is to protect sensitive government information. In this day and age, data breaches are becoming increasingly common, and the last thing the government wants is for classified information to fall into the wrong hands. By holding businesses that work with the government accountable to high standards of security, the NDAA helps ensure that sensitive information stays safe.
Related Link: 7 Key Tips for Navigating Smart Building Design
What Are the Penalties for Non-Compliance?
If your business is found to be non-compliant with the NDAA’s cybersecurity provisions, you could face severe penalties. These can include things like loss of your government contract, damage to your reputation, and financial penalties. In some cases, non-compliance may even result in criminal charges. As such, it’s important to take compliance seriously and make sure your business is in compliance with all relevant laws and regulations.
Looking to take your company to the next level? Contact us today to learn how C&C Technology Group can assist you!
Following NDAA Compliance
NDAA compliance is a complex topic, but understanding the basics is essential for any business owner who works with the government. The bottom line is this: if you want to stay compliant, you need to make sure your information systems are secure. This means encrypting data, implementing multi-factor authentication, and conducting regular risk assessments. Failure to do so could result in severe penalties, so it’s important to take compliance seriously.
Related Link: Cybersecurity in the Workplace: Guide for Employees