NDAA and FCC Compliance Statement

Black Rose Technology has long understood the cyberthreat presented by compromised and backdoored IoT devices and digital infrastructure and has only ever offered equipment from what are now classified as NDAA compliant sources. Black Rose Technology does not work with low-end, low-cost camera systems and has historically found that European and North American suppliers have consistently provided the highest quality, best performing CCTV cameras on the market that give customers the best overall value even before considering the investment such vendors consistently make in ensuring devices are secure against against even state-sponsored attacks.

The NDAA Section 889 and recently enacted FCC 22-84 rules are complicated and compliance with them is almost certainly company and funding specific. While we cannot act as a substitute for a compliance officer to ensure current and ongoing NDAA or FCC compliance, it is straightforward to avoid complications by insisting on NDAA/FCC compliant cameras and active network components across any organization’s network. We believe it is both more cost efficient in the long run and more secure to proactively comply with the letter and intent of the NDAA and FCC prohibitions by qualifying only known good vendors of secure, compliant equipment rather than attempting to find short term savings in equipment of dubious provenance.

It is often argued that NDAA compliance concerns and the funding and the federal funding regulations around them are more political than practical; while that may be true to some extent there are legitimate security concerns that underlie the United States federal government and allied countries’ drive to remove active network elements of concern from all critical infrastructure. All organizations should consider the risks of non-compliance both practical, regulatory, and reputational. An area of specific concern is for companies that receive federal funding or do business with the US government that compliance is proactive and complete and anticipates predictable future legislation given evolving recognition of the threat posed by cyber-compromise, especially in an era of renewed great power competition.

Black Rose Technology limits sales to FCC and NDAA compliant hardware as part of our commitment to ensuring the security, stability, and compliance of our customers’ networks. We know that the digital environment has become an active battle space in great power conflict and will increasingly become a critical vulnerability for defense against both state and non-state actors who are actively developing sophisticated attack stratagems as part of rapidly expanding cyberwarfare military focus. While no system can be completely secure and, indeed, all Turing-complete computers are provably insecure, following best practices both maximizes security and minimizes liability for any compromise. Any entity concerned about digital security or the consequences of an unintended compromise is well-served by ensuring compliance with best practices. Black Rose Technology is committed to supporting our customers, maintaining and protecting their digital networks from cyber attacks, and preventing them from being exploited as footholds in large scale digital conflicts.

Compliance statements from our partners:

Mobotix LogoAll Mobotix hardware is 100% NDAA compliant.
InfinitiWe provide only NDAA compliant Infiniti Electro-Optics equipment.
AxisAll Axis hardware is 100% NDAA compliant.

Leave a Reply