On February 19, 2024, the Department of Justice notified the U.S. District Court for the Northern District of Georgia that it would intervene in a False Claims Act case filed against Georgia Tech Research Corporation and Georgia Institute of Technology for not complying with the requirements of DFARS 252.204-7012 and National Institute of Standards and Technology Special Publication 800-171.
All Department of Defense solicitations and contracts contain DFARS clause 252.204-7012. DFARS 252.204-7012 requires a contractor to assess its compliance with 110 cybersecurity controls set out in the NIST 800-171 if the Company has controlled unclassified information. Specifically, pursuant to DFARS 252.204-7012, contractors must implement all of the NIST 800-171 requirements and upload the results of that assessment to the Department of Defense’s Supplier Performance Risk System, or have a plan of action and milestones in place for any requirement the contractor has not yet implemented.
To read the full post, please visit our Government Contracts Navigator blog.