What is the NDAA? Why are many projects required?

NGÀY ĐĂNG 17/09/2025

Admin

As cybersecurity becomes increasingly complex and digital threats are ever-present, ensuring the safety of data and information systems has become a top priority. Amidst a myriad of standards and regulations, the name NDAA is emerging as a mandatory requirement for many projects, especially those related to government or critical infrastructure. So what is the NDAA and why is it so important, even vital, to the success and legality of so many projects? Let's learn more about this law and its far-reaching impact in the article below.

What is the NDAA? What is the NDAA?

NDAA stands for National Defense Authorization Act. It is a United States federal law passed by Congress and signed by the President each year that sets the budget and spending for the United States Department of Defense.

However, when referring to the "NDAA" in the context of technology, security, and supply chain projects, people often refer specifically to provisions related to national security, especially Section 889.

Here are the key points to understand the "NDAA standard":

Origin and Purpose:

• Origin: The NDAA is an annual law, meaning that a new version is passed each year (e.g., NDAA FY2019, NDAA FY2020, etc.). The specific equipment ban provisions were included in the FY 2019 NDAA.

• Primary Purpose (regarding security): The goal of these provisions is to protect the U.S. government and its partners' supply chains from national security risks, particularly from threats of espionage, information theft, or sabotage from technology companies that closely affiliated with a foreign government or military (especially China).

Section 889 - The Heart of the "NDAA":

• Prohibition on Procurement and Use: Section 889 of the NDAA (FY2019 and subsequent versions) prohibits U.S. federal agencies (and their contractors) from procuring, acquiring, or using telecommunications equipment and specific video surveillance manufactured or supplied by the listed companies.

• List of banned companies:The most prominent companies on the banned list include:

  • Huawei Technologies Company (Huawei)

  • ZTE Corporation (ZTE)

  • Hikvision Digital Technology Co. (Hikvision)

  • Dahua Technology Co. (Dahua)

  • Hytera Communications Corporation (Hytera)

  • As well as their subsidiaries or affiliated companies.

• Prohibited Classification:

  • Part A: Prohibits the purchase or renewal of contracts for telecommunications equipment from prohibited companies.

  • Part B: Prohibits the use by federal agencies (and contractors) of Any telecommunications/video equipment or service from prohibited companies is considered an “essential component” or “critical component” of any system, regardless of its intended use. This means that even if the equipment is not purchased directly for a government contract, its presence in the contractor’s overall system is may violate the regulations.

Widely applicable:

1. • Although the NDA A is a US law, but its impact is not limited to the US. Companies around the world that want to contract with the US government or work with US government contractors (particularly in the defense, security, and critical infrastructure sectors) must ensure that their supply chains do not contain devices prohibited under the NDAA.

   • This has been creating an informal but mandatory "standard" for many international projects, especially those with security or financial implications from the United States.

Why do many projects require the NDAA standard?

Although it is a US law, the NDAA standard is increasingly becoming a standard required in many projects in Vietnam and other countries - especially projects related to security, defense, critical infrastructure or international factors. Here are the main reasons:

 1. Ensure network security and data

Non-NDAA compliant devices – especially from banned brands such as Hikvision, Dahua, Huawei... – are suspected of having the risk of causing data leaks, containing spyware or backdoors. Therefore, the use of these devices in sensitive projects (such as military facilities, power infrastructure, government networks, etc.) can can lead to the risk of confidential information leakage, intellectual property theft or cyber espionage. The NDAA was created to minimize this risk.

 2. Requests from investors or international partners

Many projects involve the participation of foreign organizations, especially US or global companies often require compliance with the NDAA to meet internal regulations or partnership standards. Failure to do so may result in the product or contractor being disqualified from the process.

 3. Applied in sensitive areas

Projects related to:

• Government, national defense, public security, military

• Airports, seaports, centers smart city operations center

• Banking, energy, big data (data center)
  ... often have to ensure a level of absolute safety, so choosing NDAA-compliant equipment is Top priority.

 4. Avoid legal risks and project exclusion

Using non-NDAA-compliant equipment in projects with a US element may result in:

• Loss of bid opportunities

• Being removed from the list of suppliers

• Or even termination of the contract if there is a violation after implementation

 5. Global Trends in Supply Chain Security:

• The NDAA is a prime example of o The trend of increasing control over the technology supply chain globally. Many other countries and organizations are also considering or have adopted similar regulations to protect their national security and critical infrastructure.

• Complying with the NDAA not only helps projects meet US requirements but also and help them prepare for more stringent supply chain security standards in the future internationally.

The NDAA's Impact on Projects and Businesses

The NDAA, especially Section 889, has had far-reaching and multifaceted impacts on projects and businesses across a wide range of sectors, from defense and security to civil and commercial infrastructure. These impacts include both challenges and opportunities.

A. Challenges

Changes and restructuring of the supply chain:

• Forced to seek alternative suppliers: This is the most direct and obvious impact. Businesses and projects are forced to stop using and seek alternatives to equipment from banned manufacturers (such as Huawei, ZTE, Hikvision, Dahua). This requires a costly and time-consuming testing, evaluation, and conversion process.

• Complex testing and verification: Businesses must establish rigorous supply chain testing processes to ensure that no components, parts, or services from suppliers are manufacturing is prohibited from creeping into the system, even at deeper levels of the supply chain.

• Supply disruptions: The removal of large suppliers can cause short-term supply disruptions, especially for companies with large market shares in certain areas (e.g., surveillance cameras, telecommunications equipment).

Increased costs:

• Switching costs and Upgrades: Replacing existing equipment with NDAA-compliant products can be costly, especially for large systems that are already deployed.

• Research and development (R&D) costs for replacements: Manufacturers must invest in R&D to develop new compliant products or seek out other technology partners.

• Costs Auditing and Compliance: The cost of setting up internal audit processes, hiring consultants, or using supply chain audit tools can also be a financial burden.

Product Shortages and Limited Choice:

• In some market segments (such as low-cost security cameras or certain telecommunications equipment), banned manufacturers have a large market share. A sudden ban could may result in a temporary shortage of competitively priced substitute products.

• Supplier and product model choices may be limited, affecting the ability to optimize project costs and performance.

Complexity in managing contracts and partnerships:

• NDAA provisions require transparency and commitment from all project participants, from suppliers prime contractors to subcontractors. This requires contracts to be revised and partnerships to be scrutinized more closely.

• Difficulty in communicating and ensuring that all parties in a complex supply chain understand and comply with the NDAA.

B. Opportunities

Developing reputable suppliers and Reliable:

• The NDAA creates a new playing field for manufacturers and suppliers whose headquarters or supply chains are not involved in national security risks. This promotes the growth and competition of companies from the United States, Europe, Japan, South Korea, or other countries that are considered trustworthy partners.

• Businesses can build stronger relationships with suppliers NDAA compliance, reducing long-term risk.

Raising the overall industry security bar:

• The NDAA forces businesses to rethink their entire security processes and supply chains. This leads to increased cybersecurity awareness and investment in more robust security solutions.

• As a result, products and solutions on the market have trend toward safer, more transparent origins and ingredients.

Creating new markets for NDAA-compliant products and solutions:

• The high demand for NDAA-compliant products and alternatives has opened up a huge market for manufacturers that can meet these standards.

• Companies that can specialize in providing consulting, auditing, and integrated solutions to help other businesses achieve compliance.

Enhancing the competitiveness of compliant businesses:

• Businesses that proactively comply with the NDAA will have significant competitive advantage when participating in government projects or working with partners that require compliance.

• This is especially important in sensitive sectors such as defense, security, and infrastructure, where compliance is vital to winning contracts.

Foster innovation and technological diversification:

• Prohibiting certain Large suppliers drive innovation in the industry, encouraging companies to seek out and develop new technologies, diversify their supply sources, and reduce their dependence on a few large suppliers.

C. Advice for businesses

To cope with the impact of the NDAA and take advantage of opportunities, businesses need to:

• Conduct an assessment Current Supply Chain Audit: Identify all equipment and components being used in the project or system that are sourced from prohibited manufacturers.

• Research and understand the NDAA provisions: Particularly Section 889, to know exactly what is prohibited and the scope of application.

• Work closely with suppliers Supply: Require written commitment to NDAA compliance from all suppliers, and require them to provide proof of product origin.

• Invest in compliance solutions and partners: Seek out reputable suppliers with a proven track record and a strong commitment to NDAA compliance.

• Develop a testing and Internal monitoring: Ensure that procurement and project implementation processes are consistently audited to prevent the inadvertent use of non-compliant equipment.

• Consider expert advice: If the supply chain is too complex, it may be worth seeking advice from legal experts or supply chain consultants with experience with the NDAA. is very necessary.

How to check if a device meets NDAA standards

Checking whether a device meets NDAA standards is an important process and needs to be implementation, especially for projects involving the U.S. government or organizations requiring compliance. Here are the steps and factors to consider:

1. Understand NDAA Section 889 and the Prohibited Companies List:

• NDAA Section 889: This is the core provision that prohibits the use of telecommunications equipment and Monitor video from specific companies.

• List of banned companies: Knowing the list of banned companies is the first and most important step. These companies include, but are not limited to:

  • Huawei Technologies Company

  • ZTE Corporation

  • Hikvision Digital Technology Co.

  • Dahua Technology Co.

  • Hytera Communications Corporation

  • And their subsidiaries or affiliates.

  • Note: This list may be updated over time, so consult authoritative U.S. government sources (e.g., GSA, DOD) for the most current information.

2. Identify the Supplier original equipment manufacturer (OEM):

• Check the brand name: First, see what brand the device you are using or planning to buy belongs to.

• Determine the actual OEM: Some brands may sell products under their own name but use an OEM that is one of the banned companies. Therefore, it is necessary to dig deep to find out who the original equipment manufacturer of the device is, not just distributor brand.

• Look for information on the packaging, product literature, or manufacturer's website.

3. Check the Supply Chain and Internal Components (Chipsets, Components):

• This is a more complicated step. Even if the OEM is not blacklisted, the device may still be may not comply with the NDAA if essential components (such as chipsets, motherboards, critical embedded software) inside are manufactured by prohibited companies.

• Contact the manufacturer directly: This is the best way to get the most accurate information. Ask the manufacturer manufacturers provide a written commitment to NDAA compliance, including not using prohibited components in their products.

• Ask about chipset origin: For security cameras or telecommunications equipment, the chipset is the "brain" of the device. Ask the manufacturer or distributor about the manufacturer of the chipset used.

• Request transparency documentation: Some manufacturers manufacturers provide “Bill of Materials” (BOM) or supply chain reports to demonstrate compliance.

4. Look for NDAA statements/certifications from the manufacturer:

• On the manufacturer’s website: Many major manufacturers have publicly stated NDAA compliance statements on their websites, often in the "About Us," "Compliance," or "Resources" sections.

• Request a written certification or statement: Contact the manufacturer or authorized distributor to request official documentation confirming their product's compliance with the NDAA. Although there is no official "NDAA certification" from a single government agency, manufacturers may responsible for self-certifying and providing evidence of their compliance.

• Check the product label: Some products may have an "NDAA Compliant" label, but this information should be verified with the official manufacturer.

5. References ý Expert Advice:

• For large, complex projects or where there is uncertainty, it is highly recommended to hire a legal or supply chain consultant with experience with the NDAA. They can help assess risks, review documentation, and ensure full compliance.

6. Stay Informed:

• Regulations and the list of prohibited companies under the NDAA are subject to change. Therefore, regularly monitor announcements from U.S. government agencies (e.g., DoD, GSA, FAR) and trusted industry organizations for the latest information.

Cameras with NDAA Compliant

i-PRO (formerly Panasonic Security) is one of the leading manufacturers that has publicly committed to NDAA compliance and has incorporated security measures such as FIPS 140-2 Level 3 Secure Element chips into many of their products to ensure supply chain security. As a result, most of the products on your list are likely to be NDAA Compliant.

1. WV-U Series (U-Series Network Cameras)

The WV-U Series is i-PRO's entry-level network camera line, focusing on reliable performance and ease of use. These products are typically designed to meet basic security requirements and comply with applicable regulations.

• The model 

  • WV-U85402-V2L

  • WV-U65301-Z1

  • WV-U31301-F2L

  • WV-U2142LA

  • WV-U2140LA

  • WV-U2130LA

  • WV-U1542LA

  • WV-U1532LA

• NDAA Compliance capabilities: Very high. Information from i-PRO and distributors shows that the new U-Series camera models are all NDAA compliant. For example, the WV-U2142LA, WV-U2130LA, WV-U1542LA, WV-U1532LA models are all listed as NDAA Compliant.

2. WV-S Series (S-Series Network Cameras)

The WV-S Series is higher-end camera line, integrating many smart technologies (AI), the ability to operate in harsh conditions and enhanced security.

• Models :

  • WV-S8564L

  • WV-S85402-V2L

  • WV-S66600-Z3LN

  • WV-S66600-Z3L

  • WV-S65501-Z1G

  • WV-S4576LA

  • WV-S25500-V3L

  • WV-S2536LNA

  • WV-S2536LA

  • WV-S2136LA

  • WV-S15700-V2L

  • WV-S15501-Z3L

  • WV-S15501-Z1L

  • WV-S15500-V3LN

  • WV-S15500-V3LK

  • WV-S15500-V3L

  • WV-S1536LA

• Possible NDAA Compliance: Very high, almost certain. The S-Series is known for its strong security features, including NDAA compliance and often incorporates a FIPS 140-2 Level 3 security chip. Models like the WV-S66600-Z3LN and WV-S1536LA are both certified as NDAA Compliant.