Raytheon — DOD Cybersecurity Compliance Violations
Raytheon Pays $8.4 Million for Cybersecurity False Claims
Source: U.S. Department of Justice
TL;DR: Raytheon Pays $8.4 Million for Cybersecurity False Claims This case resulted in a $8.4 Million resolution and demonstrates the impact of whistleblower protections in recovering funds from fraud.
Summary
Raytheon Company and related companies agreed to pay $8.4 million to resolve False Claims Act allegations that they submitted claims that falsely certified compliance with cybersecurity requirements in contracts and subcontracts with the Department of Defense. DOJ alleged that Raytheon failed to implement the required controls on an internal development system used to perform unclassified work on certain DOD contracts.
Our Take
Defense contractor cybersecurity cases typically involve DFARS 252.204-7012 requirements and the gap between what's certified and what's actually implemented. Insiders often have access to system security plans, POA&Ms (Plans of Action and Milestones) that never get completed, compliance assessment results, and communications about the business decision to certify despite known gaps. If you've seen NIST SP 800-171 compliance treated as a checkbox exercise rather than actual implementation, document what controls were missing and who knew.
Read the full article from the original source:
View Original ArticleOpens in a new tab. Content from U.S. Department of Justice.
Notice
The summaries above are based on publicly available information released by the U.S. Department of Justice and are provided for informational purposes only. They do not constitute legal advice, investigative findings, or allegations by Disclosure Strategy. Our commentary reflects general, experience-based observations about how False Claims Act matters commonly arise and is not a statement about any party's liability.