DOJ Doubles Down on Contractor Cyber Compliance Scrutiny
DOJ Doubles Down on Contractor Cyber Compliance Scrutiny
Publish Date: 2026-02-23 15:08:00
Source Domain: www.securityinfowatch.com
Going forward, government contractors across industries — not just defense — can expect the DOJ to scrutinize compliance with cybersecurity provisions in government contracts.
Government complaints-in-intervention remain rare — To date, most DOJ settlements stem from private whistleblowers suits, with the DOJ investigating for long periods and intervening solely for the purposes of settlement. So far, the DOJ has only filed a formal complaint-in-intervention in one qui tam case, against Georgia Tech Research Corporation (Georgia Tech), in August 2024, which we discussed at length in last year’s FCA Guide. In the Georgia Tech case, the DOJ alleged that there was “no enforcement” of the cybersecurity requirements in Georgia Tech’s contracts with the Department of Defense (DOD) and articulated its position that cybersecurity requirements were “material” to payment decisions on government contracts. As discussed further below, Georgia Tech settled these allegations in 2025, leaving the government’s theories untested and its litigation strategy unknown. It appears likely, though, that the DOJ will continue to rely on private relators to initiate and pursue cybersecurity FCA cases.
NIST SP 800-171 featured prominently — The DOJ’s enforcement efforts have focused on the specific cybersecurity provisions included in defendants’ government contracts. In particular, several recent settlements have focused on compliance with National Institute of Standards and Technology (NIST) Special Publications (SP), including SP 800-171. NIST SP 800-171 calls for the adoption of safeguards for the handling of sensitive government information. In at least four 2025 settlements (Raytheon/Nightwing, MORSECORP, Aero Turbine/Gallant Capital Partners, and Georgia Tech), the DOJ alleged failure to implement NIST SP 800-171 framework. These follow a 2024 settlement with Pennsylvania State University (Penn State) in which a relator alleged that Penn State…
