Federal Court Rules Noncompliance is Triable Under False Claims Act

By Carl Herberger • February 8, 2022

Consequences for not complying with cybersecurity requirements could have further repercussions than just losing a government contract.


A federal court in California recently ruled that there was a triable issue of fact whether a government contractor violated the False Claims Act (FCA) by committing promissory fraud.


In October, the Department of Justice (DOJ) announced the Civil Cyber-Fraud Initiative, designed to “hold accountable entities or individuals that put U.S. information or systems at risk by knowingly providing deficient cybersecurity products or services, knowingly misrepresenting their cybersecurity practices or protocols, or knowingly violating obligations to monitor and report cybersecurity incidents and breaches.”


The DOJ’s strategy is to use the FCA to pursue companies that don’t comply with cybersecurity requirements, and the first ruling on the matter offers support. In the case United States ex rel. Markus v. Aerojet Rocketdyne Holdings, Inc., the court ruled on Feb. 1, 2022 that cybersecurity regulations were relevant to materiality under the FCA.


Brian Markus was laid off as the chief information security officer (CISO) at Aerojet in September 2015, two months after refusing to sign a document that claimed the company had met compliance and instead writing an internal memo that showed concerns with the company’s practices. Markus filed suit in a qui tam, which means he can sue on behalf of the federal government.


Markus spoke about his case at CMMC Con 2021, and the effect that the FCA now has on the Defense Industrial Base (DIB) since the advent of the Civil Cyber-Fraud Initiative. His case is due to be heard before a jury March 15.


The DOJ’s initiative highlights the importance for federal government contractors to meet required cybersecurity mandates. Noncompliance could have a much more detrimental effect on contractors than merely losing a contract. As we follow the Markus case, contractors could be subject to investigation, whistleblower lawsuits, and the newfound efforts of the Civil Cyber-Fraud Initiative to punish companies that don’t take their compliance responsibilities seriously enough.


CyberSheath has helped more than 500 clients discover their compliance starting point and roadmap. Federal Enclave simplifies adherence to the difficult cybersecurity business requirements and puts CyberSheath in your corner to ensure compliance. Register for CyberSheath’s webinar to launch Federal Enclave at 12 p.m. EST on Feb. 23.

Federal Enclave Webinar

CyberSheath Blog

CyberSheath Opens Registration For CMMC CON 2022

RESTON, Va. — June 8, 2022 — Federal contractors have been searching for direction after seeing a flood of messaging about the future of Cybersecurity Maturity Model Certification (CMMC). The nation’s largest CMMC conference has returned to help contractors navigate their course through the evolving compliance landscape.   Hosted by…

5 Reasons to Partner with CyberSheath

The threat landscape is only becoming more complex. Offload the responsibility of navigating cybersecurity issues for your customers by taking advantage of CyberSheath’s new Partner Program.   As a pioneer and industry leader in the managed security service provider space, our new offering helps you achieve rapid results and deliver…

CMMC Compliance Training: How to Earn Your Black Belt

Contractors in the Defense Industrial Base (DIB) are looking for direction as Cybersecurity Maturity Model Certification (CMMC) 2.0 nears. Compliance with CMMC and Defense Federal Acquisition Regulation Supplement (DFARS) is your key to doing business with the Department of Defense (DoD) and we can help you navigate those requirements and…

Our Trusted Partners

Tenable Microsoft Siemplify KnowBe4 ConnectWise DUO

CMMC CON 2022 is here! Save your spot to hear the latest on CMMC from our expert speakers across the government and Defense Industrial Base.