DOJ to Federal Contractors: Abide by Standards or Face Hefty Fines

The DOJ announced a new civil cyber-fraud initiative aimed at fighting cyber threats and holding government contractors accountable to their commitments to protect information.

Request A CMMC Readiness Assessment

On October 6, Deputy Attorney General Lisa O. Monaco announced a new civil cyber-fraud initiative aimed at fighting cyber threats and holding government contractors accountable to their commitments to protect information.

“For too long, companies have chosen silence under the mistaken belief that it is less risky to hide a breach than to bring it forward and to report it. [We] will use our civil enforcement tools to pursue companies, those who are government contractors who receive federal funds, when they fail to follow required cybersecurity standards—because we know that puts all of us at risk. This is a tool that we have to ensure that taxpayer dollars are used appropriately and guard the public fisc and public trust.”

– Deputy Attorney General Lisa Monaco

The new initiative will use the False Claims Act to act on cybersecurity related fraud by contractors failing to meet their obligations. According to the act, it is a “false claim” to make a statement material to a contract claim for payment that is known to be false, or in reckless disregard of the truth, or in deliberate ignorance of the truth.

When applied to the new initiative, these false claims can include:

failing to report cybersecurity incidents
failing to follow required cybersecurity standards
misrepresenting the cybersecurity practices of an organization

The government often uses the False Claims Act to rectify fraudulent claims for federal funds and property involving government programs and operations. The act includes whistleblower protections, which in this specific application would allow private citizens to help identify and pursue fraudulent conduct and violations of the cybersecurity standards set by the Department of Justice.

To enforce this new initiative, firms that fail to abide by the cybersecurity standards set may face hefty penalties. Those penalty fines, combined with the potential loss of government contracts, could create substantial risks to business’ revenue streams. The fines can range from a $11.5K to $22.25K penalty per misstatement, plus three times the amount of damages the government suffers. There also can be criminal risk for knowing and willful failures.

As DOD contractors ourselves, SSE can advise you on how to prepare your business to meet cybersecurity regulations. SSE has managed classified data and controlled unclassified information through evolving regulations for more than 12 years, and we have been certified by the CMMC Accreditation Body as a Registered Provider Organization (RPO).

Adhering to required cybersecurity standards can make or break your business. Contact us today for an initial NIST consultation.

Learn More About CMMC and NIST Compliance

Check out some of our technology and DOD cybersecurity articles.

DOJ to Federal Contractors: Abide by Standards or Face Hefty Fines

Need to Meet CMMC Compliance?

Schedule Your CMMC Readiness Assessment

Learn More About CMMC and NIST Compliance

About SSE

Contact Us

Follow Us On Social Media

Fill out the form below to get our free CMMC Resource.