What is an NDAA Section 889 compliant VMS?

What Section 889 prohibits

Section 889 of the John S. McCain National Defense Authorization Act for FY 2019 prohibits US federal agencies from procuring, obtaining, extending, or renewing any contract that uses covered video-surveillance or telecommunications equipment as a substantial or essential component, or as critical technology. Covered entities include Hikvision, Dahua, Huawei, Hytera, ZTE, plus their affiliates, OEM rebrands, and subsidiaries. The ban extends to grantees and loan recipients.

What an 889-safe VMS deployment requires

• Software supply chain: VMS server and client binaries built without prohibited libraries, with an SBOM the buyer can audit.
• Camera layer: only non-prohibited cameras connected; the VMS should refuse onboarding of prohibited MAC OUIs / firmware signatures.
• Network paths: no covered hardware in the management plane, switches, or NVRs.
• Attestation: a written representation from the vendor stating compliance, refreshed at contract renewal.

How VMukti enables 889-safe deployments

VMukti Cloud VMS is camera-agnostic via ONVIF and integrates with 1,000+ camera models. For US federal and federally funded deployments we ship an 889-safe configuration that restricts onboarding to vetted brands (Axis, Hanwha, Bosch, Pelco, i-PRO, Sony, Mobotix, Honeywell, Avigilon, FLIR, and approved domestic manufacturers), provides an SBOM on request, and supplies vendor attestation for procurement files.

Verifying compliance before contract

Request the following from any VMS bidder: (1) signed 889 vendor attestation, (2) software bill of materials, (3) camera compatibility matrix flagged for 889 status, (4) reference deployments inside the US federal civilian or defence space, and (5) the process for revoking onboarding of a prohibited camera if it appears in inventory.