A seven-year long False Claims Act suit comes to an end after Aerojet Rocketdyne reaches a $9 million settlement agreement for its alleged false certification of compliance with cybersecurity requirements.

TAKEAWAYS

• In the settlement agreement, the contractor expressly denied any violation of the FCA, but agreed to pay the United States a total of $9 million.

• The settlement demonstrates the importance of accurately representing cybersecurity compliance to the government.

On July 5, 2022, the district court in United States ex rel. Brian Markus v. Aerojet RocketDyne Holdings, Inc. et al., No. 2:15-cv-02245 (E.D. Cal.) approved the parties’ settlement agreement. This seven-year long whistleblower suit has finally come to an end. The case involved allegations that the contractor falsely certified to the government its level of compliance with, among other things, the requirements of DFARS 252.204-7012 (Safeguarding Covered Defense Information and Cyber Incident Reporting). As relevant here, DFARS 252.204-7012 requires defense contractors to have a cybersecurity plan that addresses compliance with 110 cybersecurity controls developed by the National Institute of Standards and Technology.

The whistleblower that brought the suit, under the qui tam provisions of the False Claims Act (FCA), was the contractor’s former senior director of cybersecurity compliance. In the complaint, the whistleblower alleged that external auditors were able to compromise the contractor’s...

Read Full Story: https://www.jdsupra.com/legalnews/contractor-settles-cybersecurity-2085113/