A new rule by the U.S. Department of Defense (DOD) aimed at beefing up cybersecurity at contractors doing business with the agency could spawn more whistleblowers in the military-industrial complex.
The rule, set to take effect Nov. 10, governs the agency’s Cybersecurity Maturity Model Certification (CMMC) Program, which verifies that defense contractors are compliant with existing protections for federal contract information (FCI) and controlled unclassified information (CUI) and are protecting that information at a level commensurate with the risk from cybersecurity threats, including advanced persistent threats.
It is largely a response to a series of reports by the DOD’s Inspector General from 2018 to 2023, which consistently found that the department’s contract officials failed to establish processes to verify that contractors complied with selected federal cybersecurity requirements for controlled unclassified information as required by the National Institute of Standards and Technology (NIST).
With the new rule, the CMMC program introduces an annual affirmation requirement, a key element for monitoring and enforcing accountability of a company’s cybersecurity status.
“At a very basic level, the new CMMC Clause Rule increases the risks that a defense contractor will make a false claim to the government, which is the foundation of False Claims Act liability, by falsely certifying compliance with the rule’s increased requirements,” explained Mary Inman, a partner with...
Trump falsely claims 274 FBI agents were placed in the January 6 crowd. DOJ report found no evidence FBI agents orchestrated the Capitol riot. 1,400 arrests made and 1,000 convictions tied to the...