DOD's Cybersecurity Overhaul Creates New FCA Risk

Share on facebook
Share on twitter
Share on linkedin
Share on reddit
Share on email

By Daniel Wilson (November 5, 2021, 11:03 PM EDT) — The U.S. Department of Defense’s proposed overhaul to its contractor cybersecurity requirements should be simpler to comply with than the previous version, but a purportedly beneficial allowance for self-assessment comes with an increased risk of False Claims Act liability.

Cybersecurity Maturity Model Certification 2.0, introduced Thursday after a monthslong departmental review, is intended to streamline the CMMC program and reduce compliance burdens on defense contractors and subcontractors, the DOD said, including by heavily limiting the previous requirement that all contractors get third-party certification for their cybersecurity programs.

But allowing contractors that don’t handle particularly sensitive national security information to self-assess and self-attest their…

Read the article