{"id":216670,"date":"2026-02-23T15:08:00","date_gmt":"2026-02-23T20:08:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/02\/23\/doj-doubles-down-on-contractor-cyber-compliance-scrutiny\/"},"modified":"2026-02-23T15:40:10","modified_gmt":"2026-02-23T20:40:10","slug":"doj-doubles-down-on-contractor-cyber-compliance-scrutiny","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/02\/23\/doj-doubles-down-on-contractor-cyber-compliance-scrutiny\/","title":{"rendered":"DOJ Doubles Down on Contractor Cyber Compliance Scrutiny"},"content":{"rendered":"<p><a href=\"https:\/\/www.securityinfowatch.com\/cybersecurity\/article\/55359352\/doj-cyber-fraud-initiative-intensifies-enforcement-of-federal-contractor-cybersecurity-obligations\">DOJ Doubles Down on Contractor Cyber Compliance Scrutiny<\/a><\/p>\n<p><a href=\"https:\/\/www.securityinfowatch.com\/cybersecurity\/article\/55359352\/doj-cyber-fraud-initiative-intensifies-enforcement-of-federal-contractor-cybersecurity-obligations\">https:\/\/www.securityinfowatch.com\/cybersecurity\/article\/55359352\/doj-cyber-fraud-initiative-intensifies-enforcement-of-federal-contractor-cybersecurity-obligations<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-02-23 15:08:00<\/a><\/p>\n<p>Source Domain: <a href=\"www.securityinfowatch.com\">www.securityinfowatch.com<\/a><\/p>\n<p>Going forward, government contractors across industries \u2014 not just defense \u2014 can expect the DOJ to scrutinize compliance with cybersecurity provisions in government contracts.<\/p>\n<p><strong>Government complaints-in-intervention remain rare<\/strong> \u2014 To date, most DOJ settlements stem from private whistleblowers suits, with the DOJ investigating for long periods and intervening solely for the purposes of settlement. So far, the DOJ has only filed a formal\u00a0complaint-in-intervention\u00a0in one\u00a0qui tam\u00a0case, against Georgia Tech Research Corporation (Georgia Tech), in August 2024, which we discussed at length in\u00a0last year\u2019s FCA Guide. In the Georgia Tech case, the DOJ alleged that there was \u201cno enforcement\u201d of the cybersecurity requirements in Georgia Tech\u2019s contracts with the Department of Defense (DOD) and articulated its position that cybersecurity requirements were \u201cmaterial\u201d to payment decisions on government contracts. As discussed further below, Georgia Tech settled these allegations in 2025, leaving the government\u2019s theories untested and its litigation strategy unknown. It appears likely, though, that the DOJ will continue to rely on private relators to initiate and pursue cybersecurity FCA cases.\u00a0<\/p>\n<p><strong>NIST SP 800-171 featured prominently<\/strong> \u2014 The DOJ\u2019s enforcement efforts have focused on the specific cybersecurity provisions included in defendants\u2019 government contracts. In particular, several recent settlements have focused on compliance with National Institute of Standards and Technology (NIST) Special Publications (SP), including SP 800-171. NIST SP 800-171 calls for the adoption of safeguards for the handling of sensitive government information. In at least four 2025 settlements (Raytheon\/Nightwing,\u00a0MORSECORP,\u00a0Aero Turbine\/Gallant Capital Partners, and\u00a0Georgia Tech), the DOJ alleged failure to implement NIST SP 800-171 framework. These follow a 2024 settlement with Pennsylvania State University (Penn State) in which a relator alleged that Penn State&#8230;<\/p>\n<p><a href=\"https:\/\/www.securityinfowatch.com\/cybersecurity\/article\/55359352\/doj-cyber-fraud-initiative-intensifies-enforcement-of-federal-contractor-cybersecurity-obligations\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>DOJ Doubles Down on Contractor Cyber Compliance Scrutiny https:\/\/www.securityinfowatch.com\/cybersecurity\/article\/55359352\/doj-cyber-fraud-initiative-intensifies-enforcement-of-federal-contractor-cybersecurity-obligations Publish Date: 2026-02-23 15:08:00 Source Domain:&#8230;<\/p>\n","protected":false},"author":1,"featured_media":216671,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/img.securityinfowatch.com\/files\/base\/cygnus\/siw\/image\/2026\/02\/699cb2f38e33e3eb561afe61-gettyimages2198183985.png?auto=format,compress&fit=fill&fill=blur&w=1200&h=630","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[],"class_list":["post-216670","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity"],"_links":{"self":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/216670"}],"collection":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=216670"}],"version-history":[{"count":1,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/216670\/revisions"}],"predecessor-version":[{"id":216672,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/216670\/revisions\/216672"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/216671"}],"wp:attachment":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=216670"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=216670"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=216670"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}