Compliance

NDAA

Invixium | National Defense Authorization Act (NDAA) Compliance

The United States NDAA of 2019 imposes limitations on the security industry that concern manufacturers, distributors, resellers and system integrators. As cybersecurity is a key issue in modern society, Invixium is committed to assuring our customers and partners that our solutions meet the regulatory demands of today’s market.

What is the NDAA?

The NDAA—National Defense Authorization Act—is one of a series of United States federal laws that specify and regulate the budget of the United States Department of Defense.

Section 889 of the NDAA for Fiscal Year 2019, signed into law in August 2018, prohibits “certain telecommunications and video surveillance services or equipment”. This prohibition limits the US federal government, government contractors and grant and loan recipients from purchasing or using “covered telecommunication equipment or services” from Huawei, ZTE, Hytera, Hikvision, and Dahua and their subsidiaries as a “substantial or essential component of any system, or as critical technology as part of any system.”

The 2019 NDAA has two phases:

  • 1. Beginning August 13, 2019: the US federal government may not “procure or obtain or extend or renew a contract to procure or obtain any equipment, system, or service that uses covered telecommunication equipment or services as a substantial or essential component of any system, or as critical technology as part of any system.”
  • 2. Beginning August 13, 2020: the US federal government may not enter a contract with a manufacturer, reseller, or integrator that “uses any equipment, system, or service that uses covered telecommunication equipment or services as a substantial or essential component of any system, or as critical technology as part of any system.”

Invixium Solutions Are All NDAA Compliant

Invixium affirms that all of our products are NDAA compliant, as no Invixium solutions sold anywhere in the world utilize components made by any of the previously listed prohibited manufacturers.

As always, Invixium strives to be your preferred biometric manufacturer by offering the finest technology on the market with knowledgeable guidance. If you have any further questions about NDAA compliance or Invixium’s biometric solutions, or you require a letter of compliance for a proposal, please contact our expert sales team for assistance.

Contact us:
sales@invixium.com

Log4j Security Breach

Invixium | Apache Log4j Security Breach

Invixium is aware of the recently disclosed vulnerability relating to the open-source Apache “log4j2” utility (CVE-2021-44228).

No Invixium products were directly affected by the log4j™ vulnerability because Invixium uses log4net™, a port of the Apache log4j framework to the Microsoft® .NET runtime instead of Java. This security breach affects only Java environments.

What is Log4j?

Log4j is an open-source Java-based logging tool used to help programmers output log statements to a variety of output targets for purposes of application debugging and auditing. This log4j vulnerability allows an attacker to inject data that can be used for remote code execution from a logged message in the Java environment. Any versions prior to log4j 2.16 are affected by the vulnerability.

For more information about the log4j vulnerability, click here: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44228

As always, Invixium strives to be your preferred biometric manufacturer by offering the finest technology on the market with knowledgeable guidance. If you have any further questions about the log4j security breach, log4net, or Invixium’s biometric solutions, please contact our expert sales team for assistance.

Contact us:
sales@invixium.com

×
How Can We Help?