[Msoadm] Annual Reminder of UCR’s Implementation and Responsibilities under Section 889 of the National Defense Authorization Act (NDAA)
Bobbi A McCracken
bobbi.mccracken at ucr.edu
Mon Aug 1 18:24:51 PDT 2022
From: Research <research-bounces at lists.ucr.edu<mailto:research-bounces at lists.ucr.edu>> On Behalf Of Charles -Jr E Greer
Sent: Monday, August 01, 2022 7:59 AM
To: research at lists.ucr.edu<mailto:research at lists.ucr.edu>
Subject: [Research] Annual Reminder of UCR’s Implementation and Responsibilities under Section 889 of the National Defense Authorization Act (NDAA)
To: Researchers, CFAO, FAO’s, Procurement/Purchasing Staff, Sponsored Programs Administration staff (please share this email; broadly).
The US federal government issued rules and guidance that implemented Section 889 of the National Defense Authorization Act (NDAA) for fiscal year 2019 (FY2019). In July 2020, Part B of the requirements directly impacted UCR’s use and procurement of certain devices. Beginning with 2021 and in accordance with UCR’s NDAA 889 Compliance Plan<https://its.ucr.edu/cybersecurity/ndaa/guidance>, a notification will be sent annually of this requirement and UCR’s implementation of the requirements for contracts containing the Federal Acquisition Regulations (FAR) implementing clauses and for federal assistance awards (grants and cooperative agreements).
The Federal Acquisition Regulations (FAR)clauses 52.204-24 and 52.204-25 prohibits the federal government from contracting with an entity that simply uses “covered telecommunications equipment or services” as a substantial or essential component of any system, or “covered telecommunications equipment or services” as “critical technology” as part of any system. This prohibition applies whether or not such equipment or services are used in the performance of a government contract or part of contractual deliverables provided to the government.
UCR as an awardee of extramural federal contracts has accepted FAR Clauses 52.204-24 and 52.204-25; and may not use any equipment made by (1) Huawei Technologies Company Ltd., (2) ZTE Corporation, (3) Hytera Communications Corporation, (4) Dahua Technology Company Ltd., and (5) Hangzhou Hikvision Digital Technology Company Ltd., and their subsidiaries or affiliates in UCR systems or research. This includes the use of personal phones/devices that connect with UC systems, including for multi-factor authentication purposes (e.g., DUO). Researchers should work with the campus ISOs or IT offices to find alternate technologies or devices (e.g., UC provided dongles). UCR includes such a statement on the Campus Award Notice (CAN) for federal contracts containing FAR Clause 52.204-25 as a reminder.
UCR prohibits the procurement of any equipment made by (1) Huawei Technologies Company Ltd., (2) ZTE Corporation, (3) Hytera Communications Corporation, (4) Dahua Technology Company Ltd., and (5) Hangzhou Hikvision Digital Technology Company Ltd., and their subsidiaries or affiliates. This procurement prohibition applies regardless of funding source.
Information Technology Solutions (ITS) will conduct regular reasonable inquiries to identify suspect devices and remove network access, as necessary. Departments will be responsible for the replacement of necessary devices using authorized suppliers.
Federal Assistance Awards
Uniform Guidance 2 CFR 200.216 prohibits using federal funds to enter into, or renew, contracts for equipment, services, or systems that use “covered telecommunications” as a substantial or essential component of any system, or as critical technology as part of any system.
The “covered telecommunications” equipment or services includes equipment produced by Huawei Technologies Company or ZTE Corporation and video surveillance and telecommunications equipment produced by Hytera Communications Corporation, Hangzhou Hikvision Digital Technology Company, or Dahua Technology Company. It also includes equipment or services produced by any subsidiary or affiliate of such entities. The Secretary of Defense may also add entities it reasonably believes to be an entity owned or controlled by, or otherwise connected to, the government of a covered foreign country.
UCR includes the following statement on the Campus Award Notice (CAN) for federal assistance awards:
THIS FEDERAL ASSISTANCE AWARD CONTAINS A RESTRICTION ON THE USE OF THE AWARDED FUNDS TO PURCHASE EQUIPMENT, SERVICES, OR SYSTEMS THAT USE ‘COVERED TELECOMMUNICATIONS’ (AS DEFINED IN THE AWARD) AS A SUBSTANTIAL OR ESSENTIAL COMPONENT OF ANY SYSTEM, OR AS A CRITICAL TECHNOLOGY AS PART OF ANY SYSTEM.
Subcontractor/Vendor Contracts or Subawards
Under both contracts and assistance awards, UC purchasing authorities and campus contracts/grants officers must flow down the requirements of FAR clauses 52.204-24 and 52.204-25, and 2 CFR 200.216, as applicable, in procurement contracts, subcontracts and subawards under federal contracts or federal assistance awards.
Please contact the following offices with questions:
ITS for existing device concerns: infosecoffice at ucr.edu<mailto:infosecoffice at ucr.edu>
Procurement Services for new purchases: purchasing at ucr.edu<mailto:purchasing at ucr.edu>
RED for other inquiries: contact the SPA Contract and Grant Officer for your department or redalert at ucr.edu<mailto:redalert at ucr.edu>
Charles E. Greer, Jr. Bobbi McCracken
AVC Research Administration and Compliance AVC Business & Financial Services
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Msoadm