The defense industry has had nearly a decade of warnings, but today (Monday, Nov. 10) marks the day that companies need to start complying with the government's standards around how they protect controlled unclassified information. Of course, they should have been complying with the National Institute of Standards & Technology's SP 800-171 standard for the last eight years. But now the Cybersecurity Maturity Model Certification program begins in earnest.
Investigations into alleged violations of cybersecurity requirements under the federal civil False Claims Act (FCA) and its state analogues are increasingly an area of focus for the U.S. Department of Justice (DOJ), state attorneys general and whistleblowers (known as qui tam plaintiffs or relators under the FCA). We expect a continued uptick in enforcement activity, leading to elevated risk and additional potential financial exposure for companies subject to government cybersecurity requirements.
