The National Defense Authorization Act is an annual US law. Its much-cited Section 889 prohibits the use of certain telecommunications and surveillance technology from sources deemed to pose a risk in government contracts.
The aim of the regulation is to minimise potential security risks in critical infrastructure and government IT systems. This stems from concerns within the US government regarding potential risks of espionage, surveillance or manipulation posed by certain manufacturers and their technologies.
Whilst the Trade Agreements Act asks where a product comes from, the NDAA asks what is built into it. This primarily affects named manufacturers in the network and camera technology sectors. A device may therefore be fully TAA-compliant yet still fail to meet the NDAA requirements. Conversely, an NDAA-compliant product is not automatically TAA-compliant. Particularly in projects for US government agencies, military facilities or public sector contractors, both sets of requirements must therefore be assessed separately.
