The General Services Administration (GSA) updated the GSA Multiple Award Schedule (MAS) Solicitation on August 13, 2020. Companies, as a result, received a mass modification (mod) to integrate update changes into their contracts — the most vital being the implementation of Section 889, Part B. An important change to Federal procurement, this rule impacts every contractor doing business with the government. Only when compliant with Section 889 B can continue receiving orders and bids through the GSA contract. Here is what Section 889 includes and why it holds immense significance.
What is Section 889 B?
Section 889, Part B of the John S. McCain National Defense Authorization Act for the fiscal year 2019 (NDAA) essentially states that a contractor cannot use ‘Covered Telecommunications Equipment or Services’. Video surveillance equipment, services or telecommunications either produced or offered by these five companies are said to be ‘Covered Telecommunications Equipment or Services’ — Huawei Technologies Company, Dahua Technology Company, Hangzhou Hikvision Digital Technology Company, ZTE Corporation and Hytera Communications Corporation.
The rule states if a company possesses or intends to pursue any federal contracts, they cannot utilize covered/prohibited telecommunications even if the use is strictly limited to the commercial business of the company. In other words, the government cannot enter, extend or renew a contract with a company that utilizes covered technology on any of its systems, equipment or services. The rule applies to both federal and commercial business, extending to all sectors including banking, information technology, healthcare, travel and transportation, higher education and professional services among others.
Part A to Section 889 came into effect on August 13, 2019. It states that a contractor cannot sell or offer prohibited telecommunications (telecom) to federal agencies. The rule applies only to what a contractor offers to the government under a contract.
Why was Section 889 implemented?
Section 889 came into effect as Congress determined there are growing security, privacy and espionage risks from using telecommunications equipment and services offered by certain companies. This refers to companies connected to, controlled by or owned by the Chinese government. Part A and Part B aim to mitigate or at least, limit the US’ reliance on foreign-owned/controlled equipment services by preventing the purchase and use of this equipment. Section 889 was also implemented due to China’s growing presence to collect intellectual proprietary property in the intelligence community.
Covered Telecommunications Equipment or Services cannot be utilized as a ‘substantial or essential component’ of any system, or as ‘critical technology’ as part of any system. You can read about what defines substantial or essential components or critical technology in FAR 52.204-25(a)(6).
Are there exceptions to the rule?
There are two exceptions to Section 889 Part A and Part B.
1.There is no prohibition on companies that offer a service that connects to the facilities of a third party. This includes roaming, backhaul, or interconnection arrangements.
- Roaming: Refers to cellular communication services received from a visited network when unable to connect to the usual network.
- Backhaul: Part of a satellite network that acts as an intermediate between the core network and the small networks utilized for distribution to other smaller channels (for instance, connecting cell phone towers/towers to the main telephone network).
- Interconnection arrangements: Arrangements controlling the physical connection of two or more networks to permit the use of another’s network to hand off traffic where it is ultimately delivered (for instance, the connection of a customer of telephone provider A to a customer of telephone company B) or sharing data and other information sources.
2. The other exception is telecommunications equipment that cannot redirect or route user data traffic or offer visibility into any user data or packets that this equipment transmits or handles.
How to know if your company is 889 B compliant?
Being compliant with Section 889 B can be challenging for companies so it is vital to take the time to review the information released by GSA carefully to avoid confusion. Here are a few essential steps to follow during the compliance review process.
- Know the regulations: Understand the rules and actions involved with Section 889 carefully.
- Conduct an inquiry: Carry out a sensible inquiry to find out whether your company uses covered telecommunications equipment or services. Remember, while the inquiry does not require you to conduct a third-party or internal audit, conducting a review of information that is in your possession is essential. This gives you a reasonable idea if your company uses covered telecom.
- Assess the cost of discontinuing services: If you get to know that your company uses prohibited services or equipment, assess the cost of discontinuing services or removing these items.
- Keep employees informed: Inform your employees (including procurement, purchasing and material management staff) about Section 889. Educate them on your company’s compliance plan and the need to report in case prohibited telecom is recognized.
- Represent whether your company uses covered telecom: As of August 13, 2020, whenever you respond to orders under your GSA MAS contract, you need to represent whether your company makes use of covered telecom solutions or not. The System for Award Management Representation (SAM) is required by Section 889 B to represent whether your company uses covered telecom. This makes it easy for companies to represent whether they make use of covered telecom within SAM. Those that do not utilize covered telecom will only be required to represent annually.
When asking permission for a waiver, it is vital to implement a phase-out plan which involves not using prohibited telecom services in current and future production. Only the Director of National Intelligence (DNI) can issue a true waiver in line with security interests. Even though the head of an executive agency can grant a one-time waiver, it usually occurs on a case-by-case basis and only delays implementation. The process to obtain a waiver is long while your company also needs to adhere to high standards. Having said that, if an agency waiver is granted to a contractor for Part A or Part B, they can delay adhering to Section 889 Part A through August 13, 2021. Similarly, a contractor can delay complying with Section 889 Part B through August 13, 2022.
On the whole, waivers are limited and granted only in exceptional circumstances so focusing on reducing the possibilities of non-compliance makes more sense. For a more realistic approach to ensure compliance, think more holistically about your supply chain and accordingly implement a robust, supply chain risk management (SCRM) plan for the long term. A strong SCRM plan should focus on two things — adhering to federal regulations and addressing continuity, business and uncertainties.
For a more comprehensive security risk posture, implement software solutions to do the job without the need to allocate additional resources. IntegrityShield by SureShield seamlessly integrates with other third-party applications used by your enterprise and helps you manage third-party compliance effectively. It not only works to limit risks but also helps you gain a deep understanding of your supply chain and its data systems. It also offers a complete audit trail that demonstrates proof of compliance (POC), verification and validation.