NIST 800-171 is Self-Assessed – But is there a Risk?
On February 28, 2022 the U.S. Department of Justice (DOJ) agreed to a $930,000 settlement with Comprehensive Health Services (CHS) to resolve False Claims Act allegations. The resolution represents the department's first settlement under the False Claims Act since instituting its Civil Cyber Fraud Initiative in October 2021.
DoD’s plan to implement self-assessment through the attestation of a senior company official heightens the risk of allegations that the contractor’s self-attestation constituted a “false claim”.
The Department of Justice (DOJ) recently announced a new “Cyber-Fraud Initiative”…
“… (The initiative) will use the False Claims Act (FCA) as a tool to combat “cybersecurity related fraud” among federal contractors…
The initiative will hold accountable entities or individuals that put U.S. information or systems at risk by knowingly providing deficient cybersecurity products or services, knowingly misrepresenting their cybersecurity practices or protocols, or knowingly violating obligations to monitor and report cybersecurity incidents and breaches.
The act includes a unique whistleblower provision, which allows private parties to assist the government in identifying and pursing fraudulent conduct and to share in any recovery and protects whistleblowers who bring these violations and failures from retaliation."
Public Affairs Press Release Number: 21-971
How can working with an (RPO) prevent this scenario?
RPOs provide advice, consulting and recommendations to their clients. They are implementers and consultants but do not conduct CMMC Assessments. They prepare you to submit an Honest, Accurate Self Attestation that will stand up to government inspections
Be Government Contract Ready
Learn more about the role of an RPO and if they are right for your organization
CMMC Spreads to Civilian Contracts
Polaris contractors are encouraged to monitor, prepare, and participate in acquiring a CMMC certification once CMMC 2.0 becomes official. Contractors are also encouraged to be aware of any CMMC 2.0 developments and implement the appropriate NIST SP-800 requirements which are expected to be a foundation of CMMC 2.0. While there is no set level of requirements at the moment, GSA mentions they reserve the right to require CMMC 2.0 certification up to level 2 to be considered for Polaris.
May 26, 2022 – 12:00 PM EDT
This event is presented by GMS Registrar
GMS Registrar is an IT Security Consulting, 3rd Party Auditing Company affiliated with CMMC AB as an accredited RPO and C3PAO company. GMS Registrar assists Government Contractors and DoD Industrial Base in all FedRamp and CMMC Certification matters. They provide IT Services delivered through multiple standards such as ISO, CMMI, FedRAMP, CMMC (per NEW DOD Rules). GMS Registrar also offers certification in Financial Services SOC2, Soc for Cyber Security and SOC for Supply Chain, such as Earned Value Management, Cost Estimation, DCAA Compliant Accounting Systems, Services and Certifications and IPMDAR.