In 2021, the Department of Justice announced an initiative led by its Civil Fraud section to bring forward False Claims Act (FCA) enforcement actions against government contractors who commit fraud related to cybersecurity. The plan is to hold companies to pre-existing cybersecurity standards and severely punish companies that delay disclosing cybersecurity events to the department. Through this new initiative, cybersecurity related FCA lawsuits are expected to dramatically increase.

On July 8, 2022, the DOJ announced that they settled a lawsuit with a government contractor resulting in a $9 million fine. The lawsuit resulted from claims the company filed false statements related to compliance with DoD Federal Acquisition Regulation Supplement (DFARS) clause 252.204-7012 and National Aeronautics and Space Administration Federal Acquisition Regulation Supplement (NFARS) clause 1852.204-76. In this instance, “the basis for liability is not necessarily failing to comply fully with the cybersecurity rules, but, rather, making false or reckless assertions about the state of a company’s compliance efforts, i.e., telling the contracting agency that the company is compliant when, in reality, it is not, or agreeing to incorporate certain requirements into a contract (e.g., DFARS 252.204-7012) when the company is neither meeting those requirements nor taking proactive actions to do so.” Situations like this shows that it is important for contractors to review and understand specific requirements carefully to make sure that compliance is being followed. This will help with any legal actions later down the road. New rules applicable to the False Claims Act allow for potential penalties to Treble, that is triple the normal fee applied.

FedHIVE implements over 425 Security Controls for safeguarding CUI, PII, and PHI as currently defined in NIST SP 800-53 standards and guidelines for security, privacy and control, and compliance requirements. By choosing FedHIVE, we will assure your data security compliance requirements are met. Visit our FedHIVE Solutions page for more information.

Sources: DOJ and Aerojet Settle for $9 Million in Qui Tam Cybersecurity False Claims Act Case