National Defense Authorization Act: Easing the 889 and 5000.90 Monitoring and Compliance Burden

ON-DEMAND | 30 minutes



Section 889 of the 2019 National Defense Authorization Act prohibits the federal government, government contractors, and grant and loan recipients from procuring or using “covered equipment or services” that are produced by Huawei, ZTE, Hytera, Hikvision, and Dahua. In addition to the expected due diligence around third-party suppliers, buyers are required to rapidly report any covered equipment or services discovered during contract performance.

DoDI 5000.90 builds on this requirement and requires PMs monitor and ensure supply chain security in their existing and upcoming procurements. Non-Compliance will result in replacement, and the burden of exhibiting compliance falls to the OEM. These improvements to the United States’ Supply Chain Security are crucial to ensuring a safe path forward in this evolving global supply chain.
This effects all OEMs, contractors, providers, and payers that contract from the US government, directly or indirectly. Asset Owners are scrutinizing their OEMs in the critical infrastructure industry, in order to avoid massive fees for noncompliance. Join us for this informative session where we will clarify the requirements for OEMs, and outline methods to illuminate your supply chain comprehensively, and without headache.

Takeaway Lessons:
– What do I need to do as an OEM to keep my contracts
– Methods for monitoring and continuous illumination of my cyber supply chain
– Build trust and assurance with your contract holders that you know how to remain in compliance


John Cofrancesco, Fortress InfoSecJohn Cofrancesco, VP of Business Development, Fortress Information Security





sponsored by


Fortress Information Security