{"id":189971,"date":"2026-02-23T15:08:00","date_gmt":"2026-02-23T20:08:00","guid":{"rendered":"https:\/\/testing.news-you-need.com\/index.php\/2026\/02\/23\/doj-cyber-fraud-initiative-intensifies-enforcement-of-federal-contractor-cybersecurity-obligations\/"},"modified":"2026-02-23T15:15:09","modified_gmt":"2026-02-23T20:15:09","slug":"doj-cyber-fraud-initiative-intensifies-enforcement-of-federal-contractor-cybersecurity-obligations","status":"publish","type":"post","link":"https:\/\/testing.news-you-need.com\/index.php\/2026\/02\/23\/doj-cyber-fraud-initiative-intensifies-enforcement-of-federal-contractor-cybersecurity-obligations\/","title":{"rendered":"DOJ Cyber Fraud Initiative Intensifies Enforcement of Federal Contractor Cybersecurity Obligations"},"content":{"rendered":"<p><a href=\"https:\/\/www.securityinfowatch.com\/cybersecurity\/article\/55359352\/doj-cyber-fraud-initiative-intensifies-enforcement-of-federal-contractor-cybersecurity-obligations\">DOJ Cyber Fraud Initiative Intensifies Enforcement of Federal Contractor Cybersecurity Obligations<\/a><\/p>\n<p><a href=\"https:\/\/www.securityinfowatch.com\/cybersecurity\/article\/55359352\/doj-cyber-fraud-initiative-intensifies-enforcement-of-federal-contractor-cybersecurity-obligations\">https:\/\/www.securityinfowatch.com\/cybersecurity\/article\/55359352\/doj-cyber-fraud-initiative-intensifies-enforcement-of-federal-contractor-cybersecurity-obligations<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-02-23 15:08:00<\/a><\/p>\n<p>Source Domain: <a href=\"www.securityinfowatch.com\">www.securityinfowatch.com<\/a><\/p>\n<p>Author: <a href=\"\"><\/a><\/p>\n<p> Using an unordered list, summarize the following article with between 4 and 8 key points. Going forward, government contractors across industries \u2014 not just defense \u2014 can expect the DOJ to scrutinize compliance with cybersecurity provisions in government contracts.<br \/>\nGovernment complaints-in-intervention remain rare \u2014 To date, most DOJ settlements stem from private whistleblowers suits, with the DOJ investigating for long periods and intervening solely for the purposes of settlement. So far, the DOJ has only filed a formal\u00a0complaint-in-intervention\u00a0in one\u00a0qui tam\u00a0case, against Georgia Tech Research Corporation (Georgia Tech), in August 2024, which we discussed at length in\u00a0last year\u2019s FCA Guide. In the Georgia Tech case, the DOJ alleged that there was \u201cno enforcement\u201d of the cybersecurity requirements in Georgia Tech\u2019s contracts with the Department of Defense (DOD) and articulated its position that cybersecurity requirements were \u201cmaterial\u201d to payment decisions on government contracts. As discussed further below, Georgia Tech settled these allegations in 2025, leaving the government\u2019s theories untested and its litigation strategy unknown. It appears likely, though, that the DOJ will continue to rely on private relators to initiate and pursue cybersecurity FCA cases.\u00a0<br \/>\nNIST SP 800-171 featured prominently \u2014 The DOJ\u2019s enforcement efforts have focused on the specific cybersecurity provisions included in defendants\u2019 government contracts. In particular, several recent settlements have focused on compliance with National Institute of Standards and Technology (NIST) Special Publications (SP), including SP 800-171. NIST SP 800-171 calls for the adoption of safeguards for the handling of sensitive government information. In at least four 2025 settlements (Raytheon\/Nightwing,\u00a0MORSECORP,\u00a0Aero Turbine\/Gallant Capital Partners, and\u00a0Georgia Tech), the DOJ alleged failure to implement NIST SP 800-171 framework. These follow a 2024 settlement with Pennsylvania State University (Penn State) in which a relator alleged that Penn State was required \u2013 but failed \u2013 to comply with NIST SP 800-171.\u00a0<br \/>\nIn the coming years, we may see even more cases involving NIST SP 800-171. In November 2025, the DOD began a three-year phased roll out of its\u00a0final rule implementing the contractual requirements of the Cybersecurity Maturity Model Certification (CMMC) program. The CMMC program creates three compliance levels, based on the sensitivity of information that contractors handle. Under the CMMC, contractors who handle Controlled Unclassified Information (CUI) must implement the security requirements outlined in NIST SP 800-171 and must periodically assess (or obtain a third-party assessment of) their compliance with these requirements. Although the requirement to comply with NIST SP 800-171 is not new, the CMMC program will require additional assessments, affirmations, and certifications \u2014 including attestations of subcontractor compliance \u2014 that aim to increase defense contractors\u2019 accountability.<br \/>\nThese additional certifications \u2014 if false \u2014 could open a clearer pathway to liability under the FCA in cybersecurity cases involving defense contractors.\u00a0<br \/>\nNo cyberattack or data breach required for enforcement \u2014 The DOJ maintains that liability can arise even absent an actual cybersecurity incident. Specifically, in its July 2025\u00a0settlement agreement with Illumina, the DOJ asserted that the company\u2019s \u201cclaims to the Agencies were false, regardless of whether any actual cybersecurity breaches occurred,\u201d indicating its view that a false certification or undisclosed vulnerability is sufficient to establish FCA liability, even if no government information is improperly accessed.\u00a0<br \/>\nThe DOJ\u2019s damages theory remains unsettled and untested \u2014 Settlement amounts in cyber FCA matters have varied widely \u2013 to date, ranging from\u00a0$294,000\u00a0to\u00a0nearly $15 million\u00a0\u2013 and often represent a small fraction of the contract values. For example, Raytheon\u00a0settled\u00a0with the government for $8.4 million, even though the relator alleged that Raytheon was paid over $30\u00a0billion\u00a0in contracts with the government for \u201ccyber offensive capabilities.\u201d Similarly, the relator in the MORSECORP case alleged that the defendant had received over $100 million from the government as a contractor and subcontractor, yet the DOJ\u00a0settled with MORSECORP for just $4.6 million.<br \/><\/p>\n","protected":false},"excerpt":{"rendered":"<p>DOJ Cyber Fraud Initiative Intensifies Enforcement of Federal Contractor Cybersecurity Obligations https:\/\/www.securityinfowatch.com\/cybersecurity\/article\/55359352\/doj-cyber-fraud-initiative-intensifies-enforcement-of-federal-contractor-cybersecurity-obligations Publish Date: 2026-02-23&#8230;<\/p>\n","protected":false},"author":1,"featured_media":189972,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/img.securityinfowatch.com\/files\/base\/cygnus\/siw\/image\/2026\/02\/699cb2f38e33e3eb561afe61-gettyimages2198183985.png?auto=format,compress&fit=fill&fill=blur&w=1200&h=630","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[30,24,27],"class_list":["post-189971","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-breach","tag-cybersecurity","tag-vulnerability"],"_links":{"self":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/189971"}],"collection":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=189971"}],"version-history":[{"count":1,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/189971\/revisions"}],"predecessor-version":[{"id":189973,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/189971\/revisions\/189973"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/189972"}],"wp:attachment":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=189971"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=189971"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=189971"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}