Last month, the Office of Management and Budget’s (OMB’s) memorandum requiring the removal of TikTok from government devices impacted the American public for the first time. The Federal Acquisition Regulation (FAR) 52.204-27 interim rule, which officially implements the memorandum, went into effect on June 2, 2023.
The new rule prohibits the use not only of TikTok, but of any successor application provided by ByteDance Limited or by any entity owned by ByteDance Limited. These applications are now explicitly prohibited on many electronic devices involved in federal contracts.
In this memo, we explore 5 key points of interest, offer compliance tips for federal contractors under the new rule, and provide comprehensive checklists designed to support your FAR 52.204-27 compliance process.
As always, if you have any questions about the ban’s impact on your organization or your eligibility for government contracts, reach out to us at info@cybersecgru.com.
Key Points
1. Scope
The TikTok ban applies to all contracts below the micro-purchase threshold, commercial products and services, and COTS items. Far-reaching in scope, it also includes devices used by federal contractors and their subcontractors.
2. Exceptions
Exceptions to the ban include devices incidental to a federal contract, law enforcement activities, national security interests, security research, and activities authorized with written notification from the Contracting Officer. 3. Employee-Owned vs. Personal Devices
The ban covers employee-owned devices used in the performance of the federal contract, but it does not extend to personal devices unrelated to work.
4. Projected Significance of Impact
Many businesses have already implemented internal controls to regulate access to certain applications, and the interim rule's effects on the industry are not expected to be significant. 5. Enforcement Details
Enforcement of the ban remains unspecified in the regulations, and contractors are not required to monitor their supply chains for compliance. Federal contractors must ensure they adhere to the new TikTok ban under the FAR rule by modifying their existing policies and monitoring their systems for compliance. By understanding the key points of this regulation and implementing the necessary changes in technology policies, you'll be better prepared to navigate the evolving landscape of federal contracting. To this end, take a look at the comprehensive checklists we designed to support your 52.204-27 compliance process below. Checklist for Windows OS Devices A. Verify that all Windows OS devices used in support of government contracts are free of the TikTok application or any successor applications. First Method
Press the Windows key on your keyboard.
This will open the Start Menu.
Start typing the name of the application you're looking for in the Start Menu.
For instance, type "Douyin", "Toutiao", "TikTok", "Xigua Video", "Helo", "Lark", "BytePlus". As you type, Windows will start to suggest applications that match your input.
Look at the search results that appear.
If the application is installed on your computer, it will appear in the list. You can click on the app in the search results to open it.
If the application doesn't appear in the search results, it means it's not installed on your computer.
Second Method
Press the Windows key + I to open the Settings app.
Click on 'Apps'.
On the 'Apps & features' page, you'll find a list of all installed programs on your computer. Look for mentions of "Douyin", "Toutiao", "TikTok", "Xigua Video", "Helo", "Lark", "BytePlus".
B. Ensure that all hardware, software, and peripherals used in support of government contracts are compliant with the 40 U.S.C. 11101(6) definition of information technology. C. Regularly perform security scans to ensure no unauthorized installations of TikTok or other ByteDance applications are present. D. Implement Group Policy Objects (GPOs) on Windows devices to block the installation of TikTok and related ByteDance applications. E. Educate employees on the prohibition of using TikTok and other covered applications on Government systems. F. Include this prohibition clause and related information in all subcontractor agreements.
Checklist for Android Devices A. Verify that all Android devices used in support of government contracts are free of covered applications.
Open your Android device and go to the "Apps" section. This can usually be done by swiping up from the bottom of your home screen or pressing the 'Apps' icon, typically located at the bottom center or bottom right of your screen.
Once you're in the "Apps" section, you'll see all the apps currently installed on your device. They're typically listed alphabetically. You can manually scroll through this list to find the app in question. If your device has a search feature in the apps section, you can use it to quickly locate the app.
There's usually a search bar at the top of the screen. Tap on it, and then type in the name of the app you're looking for (e.g., "Douyin", "Toutiao", "TikTok", "Xigua Video", "Helo", "Lark", "BytePlus"). If the app appears in the search results or in your list of apps, it's installed on your device. If the app does not appear in your search results or the list of apps, it's not currently installed on your device.
NOTE: These instructions may need to be modified slightly depending on the version of Android OS. B. Ensure that all hardware, software, and peripherals are compliant with the 40 U.S.C. 11101(6) definition of information technology. C. Regularly perform security scans to ensure no unauthorized installations of TikTok or other ByteDance applications are present. D. Use Mobile Device Management (MDM) software to enforce application installation restrictions on Android devices. E. Educate employees on the prohibition of using TikTok and other covered applications on Government systems. F. Include this prohibition clause and related information in all subcontractor agreements. Checklist for iPhone Devices A. Verify that all iPhone devices used in support of government contracts are free of covered applications.
From your iPhone's home screen, swipe down in the middle of the screen. This action will open the "Search" bar.
In the "Search" bar, start typing the name of the application you want to find. For instance, type "Douyin", "Toutiao", "TikTok", "Xigua Video", "Helo", "Lark", "BytePlus". As you type, iPhone will suggest applications that match your input.
Look at the search results that appear under the "Applications" section. If the application is installed on your iPhone, it will appear in the list. You can tap on the app in the search results to open it If the application doesn't appear in the search results, it means it's not installed on your iPhone.
NOTE: These instructions may need to be modified slightly depending on the version of iOS. B. Ensure that all hardware, software, and peripherals are compliant with the 40 U.S.C. 11101(6) definition of information technology. C. Regularly perform security scans to ensure no unauthorized installations of TikTok or other ByteDance applications are present. D. Use Mobile Device Management (MDM) software to enforce application installation restrictions on iPhone devices. E. Educate employees on the prohibition of using TikTok and other covered applications on Government systems. F. Include this prohibition clause and related information in all subcontractor agreements. Checklist for Other IT Systems
Verify that no covered applications are present on any other information technology devices owned, managed, or used by the Government or contractor.
Ensure that all hardware, software, and peripherals are compliant with the 40 U.S.C. 11101(6) definition of information technology.
Regularly perform security scans and audits to ensure no unauthorized installations of TikTok or other ByteDance applications are present.
Implement access controls and application restrictions on all applicable IT systems.
Educate employees on the prohibition of using TikTok and other covered applications on Government systems.
Include this prohibition clause and related information in all subcontractor agreements.
Network Security Use AISINT and AI ISR to generate a list of all ByteDance Domains and open-source the list. Covered Applications TikTok The global leader in short-form mobile video, with a mission to inspire creativity and bring joy. TikTok has offices across the globe. Douyin China's leading destination for short-form mobile videos. Provides easy-to-use video creation tools, enabling everyone to capture and share moments that matter in everyday life. Toutiao One of the most popular content discovery platforms in China. Offers users a unique, personalized content experience, covering a wide range of topics. Xigua Video One of China's most popular video applications that enable users to discover, enjoy and share a wide range of video stories, both short-form and long-form. Helo A leading regional social media platform that provides a safe online environment for netizens to express themselves in their preferred language and connect with a wider online community. Lark The next-generation digital collaboration suite, featuring chat, email, video conferencing, and cloud storage. Enables teams to work together effectively in a single integrated app. BytePlus Provides intelligent platform services powered by research in emerging technologies. Offers tools ranging from data analytics to computer vision software, helping businesses reach their potential.