Recent DOJ Settlements Highlight Risks for Subcontractors Handling Sensitive Government Information
On September 30, the U.S. Department of Justice (DOJ) announced an $875,000 settlement with a university over failures to comply with the data security obligations in certain contracts with the Air Force and the Defense Advanced Research Projects Agency (DARPA) . This announcement, along with several other recent settlement announcements by the DOJ and its Civil-Cyber Fraud Initiative , highlights the contract compliance risks for government contractors and subcontractors who handle sensitive government information and yet fail to comply with the federal government’s cybersecurity requirements. The university’s case and several like it involve compliance with the requirements of DFARS 252.204-7012 (Safeguarding Covered Defense Information and Cyber Incident Reporting). This DFARS clause is a federal regulation that establishes minimum standards for how defense contractors and subcontractors must protect sensitive government information and report cybersecur...