Section 889 of the NDAA (Huawei/ZTE Equipment Ban)
The NDAA provision that prohibits federal agencies and contractors from procuring or using telecommunications equipment from designated Chinese manufacturers.
Section 889 of the John S. McCain National Defense Authorization Act for Fiscal Year 2019 (Public Law 115-232) contains two distinct prohibitions. Section 889(a)(1)(A) (effective August 13, 2019) prohibits agencies from procuring or obtaining equipment, systems, or services that use "covered telecommunications equipment or services" as a substantial or essential component of any system, or as a critical technology of any system. Section 889(a)(1)(B) (effective August 13, 2020) prohibits agencies from contracting with entities that use covered telecommunications equipment or services — even if not in contract performance. Covered entities include Huawei Technologies, ZTE Corporation, Hytera Communications, Hangzhou Hikvision Digital Technology, Dahua Technology, and any subsidiaries or affiliates determined by the Secretary of Defense. Implementing FAR clauses are 52.204-24 through 52.204-26.
The engineering compliance challenge is the breadth of "covered telecommunications equipment." The definition encompasses not just branded Huawei or ZTE network equipment but also any component that is a "substantial or essential component" of a covered system. This includes: routers, switches, and wireless access points manufactured by or incorporating chipsets from covered entities; video surveillance systems including IP cameras, DVRs, and NVRs from Hikvision or Dahua; two-way radios from Hytera; and private branch exchange (PBX) equipment. Contractors must audit their entire enterprise technology stack — including remote office equipment, building management systems, and smart building IoT devices — not just their primary network infrastructure. OEM relationships are particularly challenging: equipment sold under reputable brand names may incorporate covered entity components or chipsets.
Section 889 compliance requires three operational capabilities: a comprehensive IT and OT asset inventory that captures manufacturer, model, and component provenance for all telecommunications equipment; a supply chain due diligence process for new procurement that includes covered entity screening of OEM supply chains; and a representation and certification workflow for FAR 52.204-26 annual contractor representations to contracting officers. The FCC's parallel Covered List (under the Secure and Trusted Communications Networks Act of 2019) and the FCC's rip-and-replace program (Section 4 of the Secure and Trusted Communications Networks Reimbursement Program) address ISP removal of covered equipment with federal reimbursement — but this program is available only to eligible telecommunications carriers, not to general federal contractors.
We conduct Section 889 compliance audits using automated asset discovery and inventory tools that identify telecommunications equipment across enterprise and OT environments, then cross-reference manufacturer and component data against the current Section 889 covered entity list. We build procurement screening workflows that include covered entity checks for OEM supply chains, and we maintain the FAR 52.204-26 representation documentation required at each contract award.
Compliance-Native Architecture Guide
Design principles and a structured checklist for building software that is compliant by default — not compliant by retrofit. Covers data architecture, access controls, audit trails, and vendor due diligence.