top of page
Modern Work Space

WHY?

Here are some answers to common questions.

Why?: FAQ

WHAT IS AT STAKE IN A SEC. 889 VIOLATION?

NDAA Sec. 889 requires government contractors to certify the products they sell the government are not supplied by certain Chinese companies. Part B prohibits the federal government from contracting with any entity that uses certain telecommunications equipment or services produced by the entities listed in the statute.

Failure to meet this certification could result in a False Claims Act penalty, which according to the U.S. Department of Justice, "now provides that violators are liable for treble damages plus a penalty that is linked to inflation."

Federal agencies are utilizing the same types of tools that GBA members can access through Fortress Information Security.

Any organization that does business with the US Government, as a supplier (Prime or Sub), contractor, or grantee will have to comply.

WE DON’T CONTRACT WITH THE DEFENSE DEPARTMENT, SO DOES MY COMPANY NEED TO BE CONCERNED ABOUT THE SEC. 889 REGULATIONS AND CYBER EXECUTIVE ORDER?

Yes - Even though Sec. 889 was part of the NDAA, these rules apply to all federal government agencies. Similarly, the new executive order on cybersecurity will impact not only software companies, but vendors who sell products and services that utilize that software to the federal government.

WHAT MAKES THE SERVICES THAT FORTRESS INFORMATION SECURITY PROVIDE UNIQUE?

Traditional security programs consistently operate according to priorities and paradigms from past eras, resulting in antiquated and inadequate security systems.

  • Risk Management Silos – Assets & Vendors

  • Shallow vs. Sophisticated View of Products & Supply Chain

  • Subjective Self-Assessments vs. Objective Standardized Assessments

  • Slow & Costly Manual vs. Automated Digital


The Fortress Platform is a comprehensive Integrated Supply Chain Risk Management Solution that integrates and orchestrates multidimensional risk analysis and remediation of supply chain, manufacturing, IT, InfoSec, corporate governance, and contract risks. 

IS FORTRESS’S PLATFORM INTENDED TO REPLACE THE PROCESS WE ALREADY HAVE ESTABLISHED?

Not necessarily, the Fortress Platform is designed to enhance your company's cyber supply chain security capabilities. It can integrate with your security information and event management tools such as Splunk, as well as your ITSM programs likes ServiceNow and acquisition tools like SAP Ariba.


It is also scalable to ensure your company is in full compliance with these regulations. 

bottom of page