For anyone who works in physical security, recent news from the FCC should serve as a wake-up call. 

On November 25, the U.S. Federal Communications Commission announced a ban on importing and selling products made by several companies operating in China, following a directive from the Secure Equipment Act of 2021. This announcement came as the latest in a series of restrictions on technology imports to the U.S. over the past several years, including Section 889 of the 2019 National Defense Authorization Act (NDAA) and the Secure and Trusted Communications Networks Act of 2019. 

The new restrictions may not be the last step in this direction, as the government office’s press release itself stated that the FCC is “seeking comment on future action related to existing authorizations.”

Following these developments, the U.S. government restricts not only devices marketed by specified companies, but also equipment that includes components made by those companies. So, for countless organizations with a presence in the U.S., this entire trend raises a critical question:

How can you tell exactly which devices are compliant, and which are not?

Visibility into your devices is critical – but can you do it scalably?

As the latest news makes clear, it’s not enough to know who manufactured all of your security devices. Some of the companies covered by the recent ban also manufacture parts such as chips that are sold to other manufacturers. So, when your organization buys a security device, there’s a good chance that you won’t know which companies have produced components used in it. 

In fact, in order to verify that your organization’s security devices don’t include components banned by restrictions enacted in recent years, some have recommended taking the time to create a list of your security devices and to follow up with companies involved in the supply chain. 

Of course, for major organizations with large fleets of security devices, that type of manual approach is neither economical nor feasible. And it leaves open the possibility that you could miss something important during your search for noncompliant technologies.

Instead, the most reliable and efficient way to gain visibility into device compliance  is through an automated approach – which is precisely how our customers have responded to the latest news, using SecuriThings Enterprise.

Automation gives you the visibility you need, no matter how many devices you have, or where they are

The FCC’s restrictions present a perfect use case for automation, as there just isn’t a scalable way to manually check for compliance. By contrast, automating the operational management of your security devices provides full visibility into these devices – including real-time reports on the specific compliance status of each individual device, such as NDAA compliance – helping you make sure to comply with both relevant laws and your organization’s own IT policies and standards. 

Of course, this is just one of many use cases of automation for physical security – or IoTOps. An automated solution can help you to maximize the availability of your physical security devices, while also protecting them from cyber threats and saving you both time and money. In addition to offering insight into the specific components within your security devices, automated physical security operations can provide visibility into device operational status, security and health, and automate critical tasks such as password rotations, firmware upgrades, certificate rotations, remote device restarts and more.

Using SecuriThings Enterprise, our customers have been able to react quickly and efficiently to the FCC announcement, and know precisely what devices need addressing – without a need for manual lists and checks.

If you’d like to learn more, schedule a free demo.