Skip to Main Content

Keeping you informed

DOJ Cybersecurity Settlement Highlights Continued FCA Enforcement Risk for Government Contractors

    Client Alerts
  • July 14, 2026

A recent U.S. Department of Justice (DOJ) settlement underscores the government’s continued use of the False Claims Act (FCA) to enforce cybersecurity requirements applicable to federal contractors. As discussed in our prior alerts on DOJ cybersecurity settlements and criminal enforcement involving alleged cybersecurity misrepresentations, the DOJ’s June 2026 settlement with an Alabama-based defense contractor underscores an ongoing enforcement focus on contractor compliance with federal cybersecurity standards and representations made in connection with those standards.

On June 18, 2026, the DOJ announced that LOGZONE Inc. agreed to pay $507,144 to resolve allegations that it knowingly failed to comply with cybersecurity requirements in contracts with the U.S. Navy. The settlement resolves allegations that the contractor submitted claims for payment while failing to implement required cybersecurity controls incorporated into its contracts.

The government alleged that, from May 2021 through March 2025, the contractor did not implement certain controls required under National Institute of Standards and Technology (NIST) Special Publication 800-171, which addresses the protection of controlled unclassified information in nonfederal systems and which was incorporated into the relevant contracts through DFARS cybersecurity clauses. These deficiencies were identified through a medium assessment conducted by the Defense Contract Management Agency’s Defense Industrial Base Cybersecurity Assessment Center (DCMA DIBCAC).

Key Issues: Cybersecurity Compliance and Representations

In this case, the DOJ alleged a significant discrepancy between the contractor’s reported cybersecurity posture and the results of a subsequent government assessment: LOGZONE submitted a perfect self-assessment score of 110, while a later DCMA DIBCAC medium assessment resulted in a score of -170.

The settlement is consistent with the DOJ’s broader emphasis on cybersecurity enforcement in the government contracting space. DOJ officials reiterated that contractors handling sensitive government information must adhere to required cybersecurity standards and that the department will continue investigating potential violations.

The DOJ continues to treat noncompliance with contractual cybersecurity requirements, such as failure to implement mandated security controls, as a potential basis for FCA liability when contractors seek payment under affected contracts. The government is closely scrutinizing contractor representations regarding cybersecurity posture, including self-assessment scores and certifications submitted to the government.

Key Takeaways for Contractors

This settlement highlights several considerations for federal contractors and subcontractors:

  • Costly noncompliance: Federal contractors and subcontractors cannot afford to ignore cybersecurity requirements; failure to comply can lead to significant and costly consequences.
     
  • Validate cybersecurity compliance: Contractors and subcontractors should confirm that required controls, particularly those under NIST SP 800‑171 and incorporated DFARS clauses, are fully implemented and maintained.
     
  • Substantiate representations: Self-assessment scores, certifications, and other representations submitted to the government should be accurate, current, and supported by documented compliance.
     
  • Prepare for audit scrutiny: Contractors and subcontractors should expect increased DCMA and agency review of cybersecurity posture, including comparisons between reported and independently verified compliance.
     
  • Strengthen internal controls: Compliance programs should include regular internal audits, gap assessments, and documentation practices to support representations made in connection with contract performance.

Final Takeaway

The LOGZONE settlement reinforces the DOJ’s position that cybersecurity compliance is not only a contractual obligation but also a potential source of FCA liability and other government remedies. Government contractors should continue to take cybersecurity and other federal contract requirements seriously and confirm that all express or implied representations to the government are accurate and adequately supported, particularly in light of DOJ’s ongoing enforcement emphasis.

For more information, please contact us or your regular Parker Poe contact. Click here to subscribe to our latest alerts and insights.