The Department of Justice announced a new Civil Cyber-Fraud Initiative on October 6 – the latest move in a series of federal efforts to address the recent uptick in major cyberattacks. DOJ’s Initiative aims to hold contractors and recipients to a higher standard by promising to aggressively enforce cybersecurity compliance—particularly reporting requirements—in federal contracts and grants by way of the False Claims Act’s civil fraud and whistleblower provisions. 1

Cybersecurity obligations for federal contractors stem from FAR 52.204-21, which applies to contracts where Federal contract information may reside in or transition through the contractor’s or any tiered subcontractor’s information systems. FAR 52.204-21 requires contractors to have in place certain minimum security controls to safeguard covered contractor information systems, including, but not limited to, limiting system access; exercising prudence in using external connections; verifying identities of users and devices; sanitizing media containing federal contract information; timely identifying, reporting, and correcting […]