NDAA compliance
Axis Product Portfolio Compliant with NDAA Section 889
Axis Communications is pleased to affirm that our entire product portfolio, which includes solutions marketed to the US government, Department of Defense (DoD) and associated contractors and affiliates, is fully compliant with Section 889 of the John S. McCain National Defense Authorization Act (NDAA) for Fiscal Year 2019.
NDAA Section 889 prohibits federal agencies, their contractors and grant or loan recipients from procuring or using ‘telecommunications and video surveillance services or equipment’ including certain components or critical technology from several outlined Chinese manufacturers.
Axis Communications does not employ any SoC (System on Chip), or other components capable of processing software, from the banned Chinese companies. All Axis products use NDAA-compliant chipsets, most products use the in-house developed ARTPEC® chips which are only available to Axis.
NDAA Section 5949
We are currently gathering information from our supply chain to assess what actions we may need to take relating to the new section 5949. Our ambition is that all our products will also be compliant with section 5949, and we expect that the large majority of our products, if not all, will be fully compliant well before the extended NDAA enters into force in December 2027.
Supply chain compliance
The Trade Agreements Act (TAA) permits government program management offices to limit their acquisition of goods and services to those originating from the United States or a Country of Origin (COO) designated under the TAA, where the products are either manufactured or completely transformed. Unless clearly stated otherwise, TAA compliance is applicable to all General Services Administration (GSA) Schedules. Axis currently has multiple products on the GSA Schedule with TAA compliance.
Axis is 100% focused on minimizing security risks and support customers and partners within supply chain security by:
- Designing and manufacturing secure products with built-in protection
- Sharing knowledge and tools for putting safeguards in place
- Provide speedy response and free upgrades in case of newly discovered vulnerabilities
To learn more, read about supply chain security at Axis.
For questions or to learn which Axis products are TAA compliant, reach out to the Government Team.
Innovation and cybersecurity
Technology optimized for surveillance solutions and cybersecurity
Axis’ long-term strategy is to maintain a competitive chip portfolio that encourages solutions for network video surveillance applications. This strategy enables Axis to design processing chips that are optimized specifically for the surveillance market, thereby allowing us to retain control over the technology we develop including enhanced analytic features as well as other unique attributes which strengthen cybersecurity.
FIPS Compliance (Federal Information Processing Standards)
The National Institute of Standards and Technology (NIST) issues Federal Information Processing Standards (FIPS) to ensure the security of computer systems and software used by federal agencies. These standards outline mandatory requirements that agencies must meet to be compliant. FIPS 140 specifically addresses cryptographic modules, including both hardware and software components, detailing security requirements for their operation.
Axis is introducing new FIPS-compliant cryptographic hardware and software modules for its devices. With this expansion, Axis will have a number of products available with:
- FIPS 140-2 Level 1 certified software module
- FIPS 140-2 Level 2 certified software module
- FIPS 140-3 Level 3 certified hardware module
To see which products comply, visit the Product selector and filter by Secure Element or TPM in the filters section under cybersecurity.
A framework for managing risk
When looking at managing risk, a good starting point is to evaluate potential cybersecurity risks to your business or organization in terms of their probability, and their potential impact. To support this evaluation, you can use a risk management framework. An example is the NIST Cybersecurity framework, or other similar frameworks. Axis has tools, hardening guides, and other cybersecurity resources can be utilized in the 5 functions NIST CSF.
ATO (Authority to Operate) and RMF (Risk Management Framework)
Have a project that needs an ATO (Authority to Operate) or utilizing RMF (Risk Management Framework)? Our products are used in projects that have ATO’s or under RMF. As each project’s requirements, and documentation need is unique, Axis can offer help with our cybersecurity resources. For help using our products in these projects, please reach out to the Government Team.
Software Bill of Materials (SBOM)
Compliance starts with having secure software development. As Axis believes in being open and building trust through transparency, we will provide a Software Bill of Materials (SBOM) for all AXIS OS releases on active track starting with release 11.2.
Having an SBOM available is important to help identify and address security risks and ensure software compliance. The SBOM is located together with the AXIS OS version it is based on. AXIS OS can be found in the product support or at the download page.
ISO 27001 Compliance
Axis Communications has achieved recertification for ISO 27001 for its Information Security Management System (ISMS). The audit for compliance with ISO 27001 was completed by an accredited third-party certification body and includes an extended scope from the original certification of Axis ISMS in 2019.
The ISO 27001 is an internationally recognized standard that outlines and provides the specifications for an ISMS, providing guidance on how to protect and manage an organization’s information through effective risk management.
Compliance with ISO 27001 demonstrates that Axis uses internationally recognized processes and best practices to manage its internal information infrastructure and systems that support and deliver its services to customers and partners.
The scope of the Axis ISO 27001 certificate is extended and covers the development and operations of internal IT infrastructure and service.
To learn more about regulatory compliance, visit our compliance page.
Questions on cybersecurity?
At Axis, we prioritize cybersecurity and strive to provide our customers and partners with secure products and solutions. For questions on cybersecurity, please reach out and our experts will get in touch.
Export compliance
Axis Communications compliance with export laws and regulations
Axis is committed to compliance with all applicable export control laws and regulations pertaining to its operations, including but not limited to the U.S. Export Administration Regulations (15 C.F.R. § 730 et seq.) and the European Union Dual Use regulation (EU) 2021/821. This commitment extends to promoting strict compliance on an on-going basis with the terms and conditions of such export controls.
To see the Axis compliance statement, please visit our Export Compliance page.
Axis identification codes
CAGE (Commercial And Government Entity) Code: 3DJU8
DUNS (Data Universal Numbering System) Code: 361452535
NAICS (North American Industry Classification System) Code : 334290
For more information, including a declaration of NDAA compliance letter required for proposal, procurement, or contract assurances, please contact government@axis.com or complete the form.