Virtually all businesses implement some type of video surveillance on their property for security purposes. But in 2018, the John S. McCain National Defense Authorization Act (also called the NDAA) passed which prohibits the use of certain surveillance systems and equipment. This act extended to private institutions and set guidelines for NDAA compliance for business purposes.
This set of laws also authorized the US military’s ability to combat cyberattacks and protect the country’s cyber security. The number of data breaches and exposed private digital records in the US has consistently exceeded 1 billion since 2015; however, there has been a significant drop since the NDAA compliance act was passed in 2019.
Now, you may be wondering: What is NDAA compliance and what does it have to do with your business’s use of video surveillance equipment? Video security systems are designed to protect physical assets, such as equipment and inventory.
Here’s what business owners who have commercial video surveillance systems on-site need to know:
What is NDAA Compliance
The National Defense Authorization Act (NDAA) requires businesses to adhere to Section 889 of the NDAA – which was passed in 2019.
This section prohibits federal agencies, contractors, and grant recipients from purchasing or using certain video surveillance services/equipment from specific brands and their subsidiaries – of which have been deemed a national security risk.
As of this writing, some of the NDAA-prohibited manufacturers include Huawei, ZTE Corporation, and others operating out of China.
NDAA compliance requirements are put in place to make sure that none of the NDAA-prohibited manufacturers are being used in a company’s supply chain or in business operations with U.S. federal agencies.
Failing to meet NDAA compliance requirements can lead to penalties, loss of federal contracts, and reputational damage.
Why was NDAA Compliance Created?
Essentially, the purpose of this act was to provide the US Department of Defense (DOD) with more power and resources for cybersecurity policy. This also prohibited the importation and sale of certain brands of surveillance equipment for federal agencies.
The reasoning behind this compliance and set of laws was due to specific surveillance companies which are known to store and share data with the People’s Republic of China. For instance, the brand Huawei manufactures many video surveillance cameras is legally obligated to turn over any data to the Chinese government if asked.
Now NDAA compliance requirements currently only extend to government use of these brands – meaning that government-owned buildings can only utilize NDAA-compliant cameras and security equipment. This does not apply to private institutions and businesses unless they receive government funding. However, you’ll need to have NDAA-compliant cameras for business use if you have commercial security systems in place.
NDAA Compliance Requirements
NDAA compliance requirements are relatively straightforward. When dealing with U.S. federal agencies, businesses, contractors, and grant recipients are required to:
1. Identify and Remove Equipment/Services from NDAA-prohibited manufacturers:
Businesses need to identify any equipment or services from the barred companies within their technology infrastructure and remove/replace them.
2. Conduct a Supply Chain Review
Businesses will need to perform due diligence within their supply chains to make sure there are no products or services from NDAA-prohibited manufacturers used by their suppliers.
3. Provide Clear Compliance Representation
Contractors must clearly represent whether they use any equipment or services from NDAA-prohibited manufacturers.
4. Create a Reliable Compliance Plan
Companies are strongly recommended to develop a plan (including regular audits, training, and updates) to ensure they meet NDAA compliance requirements.
Failure to meet NDAA compliance requirements can lead to severe repercussions. If you’re not sure exactly how to manage this process, it’s recommended to seek legal advice to ensure you’re in full compliance.
Can the Government Enforce NDAA Compliance for Business Use?
As of the time of this writing, there are currently no laws that have been passed to extend to private companies. However, business owners should be aware of the benefits that NDAA compliance offers to them.
The cybersecurity of your surveillance devices should be of utmost concern. Say for instance that you use video verification in your security systems for access control. These recordings may use facial recognition technology and keep recorded images stored. If this data were to be hacked or shared, it could be used for nefarious purposes.
This has happened in the past to companies who were using software from tech companies based out of China. For example, the FBI detected potential malware from a tax software program utilized by the Chinese government. Some American companies may use this program if they conduct business in China, therefore leaving them vulnerable to a cyber-attack.
NDAA compliance has placed a ban on several video surveillance manufacturers, specifically Dahua, Hikvision, and Huawei.
Should You Purchase NDAA-Compliant Security Systems for Your Business?
Although NDAA compliance is only required for federal government entities, it is something that business owners should keep in mind. NDAA-compliant systems offer benefits for businesses in terms of added security and privacy.
Unfortunately, not all video surveillance systems are completely secure. In March of 2021, hackers were able to breach over 150,000 cameras in Tesla manufacturing plants. If this were to happen to your business, it could not only exploit private information but also damage your company’s reputation.
Purchasing secure video surveillance systems is imperative for any company. Although NDAA compliance does not guarantee that a system is completely immune from cyberattacks, it does ensure that it meets US government standards.
You can check if your video surveillance system is an NDAA complaint by researching the original equipment manufacturer (OEM) and checking if they are banned under the NDAA. Your video surveillance provider should also be able to disclose if their system’s manufacturer is NDAA compliant.
What Are Some NDAA-Compliant Cameras?
When looking for NDAA-compliant cameras, you have many options. Some of the most common compliant manufacturers include:
- Axis Communications
- BCD International
- Bosch Security Systems
- Hanwha Techwin
- FLIR Systems
- Seek Thermal
- 360 Vision Technology
This list is not exhaustive.
Most manufacturers will state if their security cameras are NDAA compliant. This is typically spelled out in the product specifications. If this information is not available, we recommend you contact the manufacturer directly.
It also never hurts to contact a legal expert or a professional in the field to provide assurance of NDAA compliance.
Looking for NDAA-Compliant Security Tools?
Protecting your physical and digital assets is more important than ever before. Ultimately, you should only be purchasing video security equipment from a provider and manufacturer that is trustworthy – such as one that meets NDAA compliance standards.
2Krew is proud to offer top-of-the-line video surveillance and security equipment from brands that meet NDAA compliance, such as Avigilon and Axis Communications. We also place data security at the forefront by ensuring that all systems are encrypted and secure so your data is only accessible by authorized personnel.
If you have any questions, please contact 2Krew to learn more.