Blog
ArticleIf you’re a defense contractor and haven’t fully addressed Section 889 compliance, you’re putting every federal contract at risk. This isn’t hyperbole—it’s the reality of supply chain security requirements that have fundamentally changed how federal contractors must vet and manage their technology.
After 20+ years in federal contracting, including supporting cleared professionals at Booz Allen Hamilton for DoD and other agencies, I’ve seen compliance requirements evolve. Section 889 represents one of the most significant shifts in procurement policy in decades, and many contractors still don’t fully understand what it means for their operations.
Let’s decode this.
What is Section 889?
Section 889 of the John S. McCain National Defense Authorization Act for Fiscal Year 2019 addresses national security threats by prohibiting federal agencies and contractors from using telecommunications equipment and services from certain foreign companies, particularly those with ties to the People’s Republic of China. ThecgpPricereporter
The legislation was enacted because Congress determined there are increased privacy, security, and espionage risks from using telecommunications equipment and services provided by certain companies connected to foreign governments. Contractorsperspective
This isn’t just about what you sell to the government—it’s about what technology you use in your own operations, even if that technology has nothing to do with your federal contract work. U.S. EmbassyPricereporter
The Two Phases: Part A and Part B
Section 889 was implemented in two distinct phases, each with different scopes and effective dates. Pricereporter
Part A: Direct Procurement Prohibition (Effective August 13, 2019)
Part A prohibits agencies from purchasing covered telecommunications equipment, systems, or services. Contractorsperspective This phase prevents the government from directly buying prohibited technology.
For contractors: You cannot provide prohibited equipment or services to the government as part of your contract deliverables.
Part B: Broader Use Prohibition (Effective August 13, 2020)
This is where it gets more complex and affects virtually every federal contractor.
Part B prohibits agencies from entering into, extending, or renewing contracts with entities that use covered telecommunications equipment or services—regardless of whether that use is in performance of work under a federal contract. U.S. EmbassyContractorsperspective
For contractors: If you use prohibited technology anywhere in your business operations—your office network, security cameras, company phones—you cannot hold federal contracts. Period.
What Equipment and Companies Are Covered?
Covered telecommunications equipment and services include telecommunications equipment produced by Huawei Technologies Company or ZTE Corporation (or any subsidiary or affiliate), and video surveillance and telecommunications equipment produced by Hytera Communications Corporation, Hangzhou Hikvision Digital Technology Company, or Dahua Technology Company (or their subsidiaries or affiliates). Thecgp
The prohibition also extends to entities that the Secretary of Defense designates as entities “owned or controlled by, or otherwise connected to, the government of a covered foreign country.” SciENcv The only “covered foreign country” is The People’s Republic of China. Contractorsperspective
What Counts as “Covered” Equipment?
A key feature is whether the equipment can transmit user data or be hacked to access user data. Contractorsperspective If it can route, redirect, or provide visibility into user data, it’s likely covered by the prohibition.
Common examples:
- Smartphones and tablets
- Networking equipment (routers, switches)
- Security cameras and video surveillance systems
- Telecommunications services
- Interconnected office equipment
There are two exceptions: A service that connects to the facilities of a third-party, such as backhaul, roaming, or interconnection arrangements; and telecommunications equipment that cannot route or redirect user data traffic or permit visibility into any user data or packets that such equipment transmits or otherwise handles. Federalschedules
Your Compliance Obligations
1. Conduct a “Reasonable Inquiry”
The interim rule requires contractors to provide a representation, after conducting a “reasonable inquiry,” regarding their use of covered telecommunications equipment or services when submitting an offer. Thecgp
What does “reasonable inquiry” mean? You must:
- Review your technology inventory across all business operations
- Check manufacturer information for all telecommunications and video surveillance equipment
- Examine your supply chain including subcontractors and vendors
- Verify no prohibited equipment in your systems
- Document your inquiry process for audit purposes
This isn’t a one-time check. You must maintain ongoing awareness of your technology infrastructure.
2. Annual Representations in SAM.gov
Federal law requires contractors to obtain and maintain a current 889 representation for transactions, and representations must be updated annually or when systems change. Acquisition.GOV
When registering in SAM.gov or responding to solicitations, you’ll encounter FAR 52.204-26, Covered Telecommunications Equipment or Services- Representation. Acquisition.GOV
You have three options:
- “Does not” – You do not provide or use covered equipment/services
- “Does” – You do provide or use covered equipment/services
- “After conducting a reasonable inquiry” – You cannot determine presence of covered equipment
Pro tip: If you check “does” or “cannot determine,” you’re essentially disqualifying yourself from most federal contracts. Get your house in order before representing.
3. Ongoing Reporting Requirements
Contracts must contain a clause that requires reporting if use of covered telecommunications equipment or services is discovered during performance of the contract. Thecgp
If you discover prohibited equipment after contract award, you must report it immediately. Failure to do so compounds the violation.
Practical Steps for Achieving Compliance
Based on my experience supporting federal contractors, here’s your action plan:
Step 1: Conduct a Comprehensive Technology Audit
Start with inventory:
- All network infrastructure (routers, switches, firewalls)
- Telecommunications equipment (phones, VOIP systems)
- Video surveillance systems (cameras, DVRs, monitoring systems)
- Mobile devices issued to employees
- Internet of Things (IoT) devices
- Cloud services and SaaS platforms
For each item, document:
- Manufacturer and model
- Purchase date and vendor
- Current use and location
- Subsidiaries or affiliates of manufacturer
Step 2: Identify and Replace Prohibited Equipment
Create a remediation plan for any covered equipment:
Prioritize based on risk:
- Equipment used in classified or sensitive areas
- Network infrastructure with access to contract data
- General office equipment
Budget for replacement costs. This isn’t optional—continued use disqualifies you from federal contracts.
Step 3: Establish Vendor Vetting Procedures
Before purchasing any telecommunications or video surveillance equipment:
- Check SAM.gov exclusions and Section 889 lists
- Require vendor 889 representations for all purchases
- Use the GSA 889 Easy Search Tool at https://889.smartpay.gsa.gov/ Acquisition.GOV
- Maintain documentation of your vetting process
Step 4: Train Your Purchasing Team
Everyone authorized to purchase technology must understand:
- What equipment falls under Section 889
- How to verify vendor compliance
- Required documentation for purchases
- Reporting procedures if violations are discovered
Step 5: Review Subcontractor Compliance
While Section 889 Part B only applies to prime contractors Federalschedules, you’re still responsible for ensuring your contract performance doesn’t involve prohibited equipment.
Flow down requirements to subcontractors:
- Include Section 889 compliance clauses in subcontracts
- Require subcontractor representations
- Audit subcontractor compliance periodically
- Document all verification efforts
Step 6: Document Everything
For audit defense, maintain records of:
- Initial technology audit and findings
- Remediation actions taken
- Vendor vetting procedures
- Purchase approval processes
- Training completion
- Annual reviews and updates
The Consequences of Non-Compliance
Let’s be clear about what’s at stake:
Contract Disqualification
Failure to meet Section 889 requirements can result in disqualification from federal contracts, severe penalties, and reputational damage. Pricereporter
If you cannot certify compliance, you cannot win new contracts or renew existing ones.
Termination of Existing Contracts
Agencies can terminate contracts for non-compliance. You could lose revenue mid-performance if violations are discovered.
False Claims Act Liability
Falsely representing compliance could trigger False Claims Act violations, with treble damages and penalties of $11,000+ per false claim.
Suspension and Debarment
Serious violations or intentional misrepresentation can lead to suspension or debarment from federal contracting—ending your federal business entirely.
Special Considerations for Defense Contractors
CMMC and Supply Chain Security
Section 889 compliance is increasingly being examined as part of Cybersecurity Maturity Model Certification (CMMC) assessments. Your technology stack affects your ability to protect Controlled Unclassified Information (CUI).
Security Clearances and Facility Clearances
Contractors handling classified information face additional scrutiny Contractorsperspective. Use of prohibited equipment in cleared facilities could result in facility clearance revocation.
International Operations
The prohibition applies to both domestic and overseas contracting activities. U.S. Embassy If your company operates internationally, ensure global compliance across all locations.
Common Questions
Q: Does Section 889 apply to commercial items? Yes. The interim rule applies to acquisitions of commercial items, including COTS items, and to purchases at or below the simplified acquisition threshold. Thecgp
Q: What about used or refurbished equipment? The prohibition applies regardless of whether equipment is new, used, or refurbished. The manufacturer is what matters, not the source of purchase.
Q: Can we use covered equipment if it’s segregated from federal contract work? No. The prohibition applies to use of covered equipment regardless of whether that use is in performance of work under a federal contract. U.S. EmbassyPricereporter
Q: Does this apply to federal grants? Yes. Section 889(b) extends to grants and provides that grant funding may not be used to “procure or obtain” covered telecommunications equipment or services. Contractorsperspective
Bottom Line
Section 889 compliance isn’t about checking a box on a form. It’s about fundamentally understanding your technology supply chain and ensuring every piece of telecommunications and video surveillance equipment in your business operations comes from approved sources.
Even though the law was implemented several years ago, its requirements remain highly relevant today. Pricereporter Enforcement continues, and agencies are getting better at verification.
If you haven’t conducted a comprehensive Section 889 audit, start now. The cost of remediation is far less than the cost of losing federal contracts—or worse, facing False Claims Act liability.
Need help assessing your Section 889 compliance? CipherHR provides compliance audits and remediation planning for federal contractors. We’ve guided defense contractors through complex FAR/DFARS requirements for over 20 years.
Don’t let prohibited technology end your federal contracting business. Get compliant, stay compliant, and document everything.
Ready to explore becoming a federal contractor?