Well, it finally happened.
A Department of Defense contractor is being prosecuted under the False Claims Act for non-compliance with DFARS 252.204-7012. Aerojet Rocketdyne Inc. is currently facing legal action in the US District Court Eastern District of California under allegations that it knowingly misrepresented the extent to which it was compliant with DFARS and corresponding required protection on Controlled Unclassified Information (CUI).
For some time now OCD Tech has been cautioning organizations subject to DFARS 7012 to take the clause seriously, take immediate action, and be transparent with the DoD on areas of noncompliance. DFARS compliance, until recently, has been a self-assessment exercise where the DoD contractor is responsible for implementing the appropriate security controls, System Security Plans, and Plans of Action and Milestones, and reporting such information back to DoD where required. Invoicing on a contract subject to DFARS carries with it the representation that the contractor is fully compliant. We have published guidance on possible prosecution under the False Claims Act. It is well known that the court system moves slowly and that is also true here. The allegations in question concern activities taking place in 2014 and 2015. Now we are starting to see the enforcement activities catch up.
Don’t assume all is well with your DoD contracts. The time has come to be proactive with your DFARS compliance efforts, rather than reactive. If you are subject to DFARS 7012 and are not fully compliant with the 110 security requirements in NIST Special Publication 800-171, contact the experts at OCD Tech today to review your options. With both audits and prosecutions underway, stay out of the government’s crosshairs. OCD Tech will assess where you stand today, build a roadmap to compliance for you, and guide you along the way.
Contact us today or for more information including the top 5 things you can do within your organization to achieve DFARS compliance, Click Here!
