NDAA Section 889-Compliant VMS for Federal, State & Critical Infrastructure

VMukti provides three artefacts buyers can include in a 889 procurement file: (1) a signed vendor attestation that the VMukti platform contains no software, firmware, or services from prohibited entities (Hikvision, Dahua, Hytera, Huawei, ZTE) or their subsidiaries; (2) a software bill of materials (SBOM) for the cloud control plane and on-premise components; (3) a camera-compatibility matrix flagged for 889 status so the customer can see exactly which OEMs are admissible. Attestation is refreshed at each contract renewal and on material platform changes.

Yes. VMukti deploys into AWS GovCloud (US-East and US-West) and Azure Government for customers whose workloads must run inside FedRAMP / DoD-aligned cloud boundaries. The same software image runs in commercial and government cloud regions; the difference is the cloud provider account, IAM federation, and the operational support model. For DoD IL4 / IL5 use cases the deployment topology is reviewed with the customer's AO.

VMukti is currently sold into US federal and federally-funded projects through certified system-integrator partners with GSA Schedule 70 and SEWP V vehicles. Direct GSA listing is on the FY2026 roadmap; in the interim, government customers procure via integrator partners with appropriate set-aside vehicles. Contact our US team for the current partner list.

No. NDAA Section 889 prohibits not only the procurement of covered equipment but also its use as a substantial or essential component of a federally-funded system. A 889-safe deployment requires removing or replacing prohibited cameras (Hikvision, Dahua, Huawei, Hytera, ZTE, and their OEM rebrands) from the surveillance network — switching VMS alone does not achieve compliance. VMukti supports a phased migration where prohibited cameras are quarantined on an isolated VLAN, recorded for legal-hold purposes, and progressively swapped for vetted brands.

The 889-safe deployment mode restricts onboarding to vetted brands: Axis Communications, Hanwha Vision, Bosch Security, i-PRO, Sony, Pelco, Mobotix, Honeywell, Motorola Avigilon, FLIR / Teledyne, and approved domestic US manufacturers. The VMS rejects onboarding attempts from MAC OUIs and firmware signatures tied to prohibited OEMs, even when the device claims ONVIF compatibility. Customers can request whitelist additions for any non-prohibited OEM not in the default list.

Procurement files typically need: (1) signed FAR 52.204-25 representation from the prime vendor; (2) software bill of materials covering the VMS and bundled components; (3) the camera compatibility matrix with 889 status; (4) a description of network segmentation between the surveillance VLAN and any covered equipment that remains for legitimate non-prohibited purposes; (5) the contract clause flowing the 889 obligation down to integrator and managed-service subcontractors. VMukti supplies (1)-(3) on request and assists integrator partners with (4)-(5).