Post by NR Labs

The Aerojet Rocketdyne settlement was $9 million. A former employee filed a qui tam lawsuit alleging the company misrepresented its cybersecurity compliance on DoD contracts. That settlement is not the last one. The DoJ has an active CMMC enforcement initiative. Here are the five mistakes that cost contractors the most: - Waiting for a contract requirement before starting the program. C3PAO certification takes 12 to 24 months. - Inflating the SPRS score. An inaccurate score is a potential False Claims Act violation. - Treating the SSP as a checkbox document. Aspirational language creates Not Met findings when assessors test the environment. - Putting prohibited controls on the POA&M. Six controls cannot be deferred. Miss one and the assessment terminates. - Choosing the wrong RPO. A gap assessment without technical testing produces findings the C3PAO will find. Every one of these is preventable. Link in the comments. #CMMC #FalseClaimsAct