Axis Product Portfolio Compliant with NDAA Section 889

Axis Communications is pleased to affirm that our entire product portfolio, which includes solutions marketed to the US government, Department of Defense (DoD) and associated contractors and affiliates, is fully compliant with Section 889 of the John S. McCain National Defense Authorization Act (NDAA) for Fiscal Year 2019.

NDAA Section 889 prohibits federal agencies, their contractors and grant or loan recipients from procuring or using ‘telecommunications and video surveillance services or equipment’ including certain components or critical technology from several outlined Chinese manufacturers. 

Axis Communications does not employ any SoC (System on Chip), or other components capable of processing software, from the banned Chinese companies. All Axis products use NDAA-compliant chipsets, most products use the in-house developed ARTPEC® chips which are only available to Axis.

To get in touch with an Axis representative regarding our NDAA statement or to request official NDAA compliance letter, click the link below to fill out a short form and someone from our Government team will be in touch shortly.

General Services Administration (GSA) Schedule

Axis currently has multiple products on the GSA Schedule. To find out which products are compliant and available, please email government@axis.com.

Trade Agreements Act (TAA) Compliance

Products on the GSA Schedule must be Trade Agreements Act (TAA) compliant. To learn more about the TAA compliant products from Axis, please email government@axis.com.

Country of Origin (COO) Compliance

Products on the GSA Schedule must be Trade Agreements Act (TAA) compliant. To learn more about the COO compliant products from Axis, please email government@axis.com.

Technology optimized for surveillance solutions and cybersecurity

Axis’ long-term strategy is to maintain a competitive chip portfolio that encourages solutions for network video surveillance applications. This strategy enables Axis to design processing chips that are optimized specifically for the surveillance market, thereby allowing us to retain control over the technology we develop including enhanced analytic features as well as other unique attributes which strengthen cybersecurity.

A framework for managing risk

When looking at managing risk, a good starting point is to evaluate potential cybersecurity risks to your business or organization in terms of their probability, and their potential impact.

To support this evaluation, you can use a risk management framework. An example is the NIST Cybersecurity framework, or other similar frameworks. To learn more about how Axis tools, hardening guides, and resources can be utilized in the 5 functions NIST CSF, visit the Axis cybersecurity page.

FIPS Compliance (Federal Information Processing Standards)

Axis has cameras and NVR’s that can comply with FIPS. Our products support FIPS 140-2 Level 2 with certified Trusted Platform Modules. TPM’s are offered on our cameras and NVR solutions to offer end to end FIPS support. To see which products comply, visit the Product selector and filter by TPM in the filters section under cybersecurity. 

Have projects that need an ATO (Authority to Operate) or utilizing RMF (Risk Management Framework)?

Our products are used in projects that have ATO’s or under RMF. As each project’s requirements, and documentation need is unique, Axis can offer help with our cybersecurity resources. For help using our products in these projects please reach out to government@axis.com.

Axis identification codes

CAGE (Commercial And Government Entity) Code: 3DJU8
DUNS  (Data Universal Numbering System) Code: 361452535
NAICS (North American Industry Classification System) Code : 334290

For more information, including a declaration of NDAA compliance letter required for proposal, procurement, or contract assurances, please contact government@axis.com or complete the form.

ISO 27001 Compliance

Axis Communications has achieved recertification for ISO 27001 for its Information Security Management System (ISMS). The audit for compliance with ISO 27001 was completed by an accredited third-party certification body and includes an extended scope from the original certification of Axis ISMS in 2019.

The ISO 27001 is an internationally recognized standard that outlines and provides the specifications for an ISMS, providing guidance on how to protect and manage an organization’s information through effective risk management.

Compliance with ISO 27001 demonstrates that Axis uses internationally recognized processes and best practices to manage its internal information infrastructure and systems that support and deliver its services to customers and partners. 

The scope of the Axis ISO 27001 certificate is extended and covers the development and operations of internal IT infrastructure and service.
 

Learn more about cybersecurity

For more cybersecurity resources, check out the cybersecurity page.
For questions on cybersecurity at Axis, please email na-cybersecurity@axis.com.

Axis Communications Export Compliance

Axis is committed to compliance with all applicable export control laws and regulations pertaining to its operations, including but not limited to the U.S. Export Administration Regulations (15 C.F.R. § 730 et seq.) and the European Union Dual Use regulation (EU) 2021/821. This commitment extends to promoting strict compliance on an on-going basis with the terms and conditions of such export controls.

To see the Axis compliance statement, please visit our Export Compliance page.

For questions on technical and procurement compliance at Axis, please email government@axis.com.