NDAA compliance

Axis Product Portfolio Compliant with NDAA Section 889

Axis Communications is pleased to affirm that our entire product portfolio, which includes solutions marketed to the US government, Department of Defense (DoD) and associated contractors and affiliates, is fully compliant with Section 889 of the John S. McCain National Defense Authorization Act (NDAA) for Fiscal Year 2019.

NDAA Section 889 prohibits federal agencies, their contractors and grant or loan recipients from procuring or using ‘telecommunications and video surveillance services or equipment’ including certain components or critical technology from several outlined Chinese manufacturers. 

Axis Communications does not employ any SoC (System on Chip), or other components capable of processing software, from the banned Chinese companies. All Axis products use NDAA-compliant chipsets, most products use the in-house developed ARTPEC® chips which are only available to Axis.

NDAA Section 5949

This provision from the 2023 National Defense Authorization Act establishes that an executive agency may not "procure or obtain or extend or renew a contract to procure or obtain, any electronic parts, products, or services that include covered semiconductor products or services." Further, Section 5949 elaborates on covered semiconductor products manufactured by certain Chinese technology companies that will be barred from U.S. defense procurement. 

Section 5949 is still awaiting clarification by the Department of Commerce and this provision of the 2023 NDAA will not go into effect for five years. Axis will continue to monitor the situation with NDAA 5949. 

Get in touch with an Axis expert

Get in touch with an Axis representative 

To get in touch with an Axis representative regarding our NDAA statement or to request official NDAA compliance letter, click the link below to fill out the short form and someone from our Government team will be in touch shortly.

Supply chain compliance

The Trade Agreements Act (TAA) permits government program management offices to limit their acquisition of goods and services to those originating from the United States or a Country of Origin (COO) designated under the TAA, where the products are either manufactured or completely transformed. Unless clearly stated otherwise, TAA compliance is applicable to all General Services Administration (GSA) Schedules. Axis currently has multiple products on the GSA Schedule with TAA compliance. 

Axis is 100% focused on minimizing security risks and support customers and partners within supply chain security by:

  • Designing and manufacturing secure products with built-in protection
  • Sharing knowledge and tools for putting safeguards in place
  • Provide speedy response and free upgrades in case of newly discovered vulnerabilities

To learn more, read about supply chain security at Axis. 

For questions or to learn which Axis products are TAA compliant, reach out to the Government Team. 

Innovation and cybersecurity

Cybersecurity

Technology optimized for surveillance solutions and cybersecurity

Axis’ long-term strategy is to maintain a competitive chip portfolio that encourages solutions for network video surveillance applications. This strategy enables Axis to design processing chips that are optimized specifically for the surveillance market, thereby allowing us to retain control over the technology we develop including enhanced analytic features as well as other unique attributes which strengthen cybersecurity.

Fips 140

FIPS Compliance (Federal Information Processing Standards)

The National Institute of Standards and Technology (NIST) issues Federal Information Processing Standards (FIPS) to ensure the security of computer systems and software used by federal agencies. These standards outline mandatory requirements that agencies must meet to be compliant. FIPS 140 specifically addresses cryptographic modules, including both hardware and software components, detailing security requirements for their operation. 

Axis is introducing new FIPS-compliant cryptographic hardware and software modules for its devices. With this expansion, Axis will have a number of products available with:

  • FIPS 140-2 Level 1 certified software module
  • FIPS 140-2 Level 2 certified software module
  • FIPS 140-3 Level 3 certified hardware module

To see which products comply, visit the Product selector and filter by Secure Element or TPM in the filters section under cybersecurity.

A framework for managing risk

When looking at managing risk, a good starting point is to evaluate potential cybersecurity risks to your business or organization in terms of their probability, and their potential impact. To support this evaluation, you can use a risk management framework. An example is the NIST Cybersecurity framework, or other similar frameworks. Axis has tools, hardening guides, and other cybersecurity resources can be utilized in the 5 functions NIST CSF. 

ATO (Authority to Operate) and RMF (Risk Management Framework)

Have a project that needs an ATO (Authority to Operate) or utilizing RMF (Risk Management Framework)? Our products are used in projects that have ATO’s or under RMF. As each project’s requirements, and documentation need is unique, Axis can offer help with our cybersecurity resources. For help using our products in these projects, please reach out to the Government Team.

Software Bill of Materials (SBOM)

Compliance starts with having secure software development. As Axis believes in being open and building trust through transparency, we will provide a Software Bill of Materials (SBOM) for all AXIS OS releases on active track starting with release 11.2.

Having an SBOM available is important to help identify and address security risks and ensure software compliance. The SBOM is located together with the AXIS OS version it is based on. AXIS OS can be found in the product support or at the download page.

ISO 27001 Compliance

Axis Communications has achieved recertification for ISO 27001 for its Information Security Management System (ISMS). The audit for compliance with ISO 27001 was completed by an accredited third-party certification body and includes an extended scope from the original certification of Axis ISMS in 2019.

The ISO 27001 is an internationally recognized standard that outlines and provides the specifications for an ISMS, providing guidance on how to protect and manage an organization’s information through effective risk management.

Compliance with ISO 27001 demonstrates that Axis uses internationally recognized processes and best practices to manage its internal information infrastructure and systems that support and deliver its services to customers and partners. 

The scope of the Axis ISO 27001 certificate is extended and covers the development and operations of internal IT infrastructure and service.

To learn more about regulatory compliance, visit our compliance page

Questions on cybersecurity?

Export compliance

export compliance

Axis Communications compliance with export laws and regulations

Axis is committed to compliance with all applicable export control laws and regulations pertaining to its operations, including but not limited to the U.S. Export Administration Regulations (15 C.F.R. § 730 et seq.) and the European Union Dual Use regulation (EU) 2021/821. This commitment extends to promoting strict compliance on an on-going basis with the terms and conditions of such export controls.

To see the Axis compliance statement, please visit our Export Compliance page.

Axis identification codes

CAGE (Commercial And Government Entity) Code: 3DJU8
DUNS  (Data Universal Numbering System) Code: 361452535
NAICS (North American Industry Classification System) Code : 334290

For more information, including a declaration of NDAA compliance letter required for proposal, procurement, or contract assurances, please contact government@axis.com or complete the form.