Protect your data, ensure compliance, and strengthen your security posture...
The loss of sensitive data can cost a business millions of dollars and severely ...
Many organizations do not want to pay for a full-time CISO or do not know if they are ready...
The Cybersecurity Risk & Maturity Assessment (CSMA) is a gap analysis and risk assessment...
A vulnerability assessment systematically reviews security weaknesses in IT ecosystems...
A penetration test, or pen test, actively identifies, tests, and highlights your organization’s...
With the growing threat of cyberattacks and data breaches—and the potential costs...
At any time, your organization might be running hundreds of security controls...
With rapidly changing regulations, maintaining compliance isn’t just a box to check—it’s essential...
Move beyond one-time assessments. Our coaching program provides continuous...
Is your manufacturing business prepared for CMMC compliance? Learn what CMMC compliance is...
At Right Hand, we understand what it takes for companies doing work within a defense industry ...
The National Institute of Standards and Technology (NIST), a division of the U.S. Department...
SOC is a suite of reports from the American Institute of Certified Public Accountants (AICPA)...
PCI DSS designs a set of security standards to ensure that all companies accepting...
ISO 27001 is a set of standards and requirements for an information security management...
Is your IT team stretched to the breaking point supporting your business? Have you had...
Is your in-house IT staff overworked and overburdened managing routine tasks? Do you have...
Cloud computing is transforming the way organizations buy and consume software...
Is your current IT strategy prepared for the threats that your organization faces every day? From human...
Protect your data, ensure compliance, and strengthen your security posture...
Manufacturing operations face intense competitive pressures, increasingly complex supply chains, and strict compliance requirements like CMMC and ITAR...
Healthcare providers face mounting pressures from ever-evolving technology...
Accounting firms handle sensitive financial data—from tax filings to audit...
Law firms operate under strict confidentiality obligations and face evolving...
Auto dealerships handle a wealth of customer information, from financing details...
In Oil & Gas, uptime, safety, and data integrity are paramount. Whether you’re managing offshore rigs,...
Financial institutions bear a heavy responsibility: they hold sensitive client information and manage...
In the insurance sector, safeguarding sensitive policyholder information is essential—not just to meet...
Auto dealerships handle a wealth of customer information, from financing details...
Small and medium-sized businesses are the backbone of our economy, but they often face...
Protect your data, ensure compliance, and strengthen your security posture...
The loss of sensitive data can cost a business millions of dollars and severely ...
Many organizations do not want to pay for a full-time CISO or do not know if they are ready...
The Cybersecurity Risk & Maturity Assessment (CSMA) is a gap analysis and risk assessment...
A vulnerability assessment systematically reviews security weaknesses in IT ecosystems...
A penetration test, or pen test, actively identifies, tests, and highlights your organization’s...
With the growing threat of cyberattacks and data breaches—and the potential costs...
At any time, your organization might be running hundreds of security controls...
With rapidly changing regulations, maintaining compliance isn’t just a box to check—it’s essential...
Move beyond one-time assessments. Our coaching program provides continuous...
Is your manufacturing business prepared for CMMC compliance? Learn what CMMC compliance is...
At Right Hand, we understand what it takes for companies doing work within a defense industry ...
The National Institute of Standards and Technology (NIST), a division of the U.S. Department...
SOC is a suite of reports from the American Institute of Certified Public Accountants (AICPA)...
PCI DSS designs a set of security standards to ensure that all companies accepting...
ISO 27001 is a set of standards and requirements for an information security management...
Is your IT team stretched to the breaking point supporting your business? Have you had...
Is your in-house IT staff overworked and overburdened managing routine tasks? Do you have...
Cloud computing is transforming the way organizations buy and consume software...
Is your current IT strategy prepared for the threats that your organization faces every day? From human...
Protect your data, ensure compliance, and strengthen your security posture...
Manufacturing operations face intense competitive pressures, increasingly complex supply chains, and strict compliance requirements like CMMC and ITAR...
Healthcare providers face mounting pressures from ever-evolving technology...
Accounting firms handle sensitive financial data—from tax filings to audit...
Law firms operate under strict confidentiality obligations and face evolving...
Auto dealerships handle a wealth of customer information, from financing details...
In Oil & Gas, uptime, safety, and data integrity are paramount. Whether you’re managing offshore rigs,...
Financial institutions bear a heavy responsibility: they hold sensitive client information and manage...
In the insurance sector, safeguarding sensitive policyholder information is essential—not just to meet...
Auto dealerships handle a wealth of customer information, from financing details...
Small and medium-sized businesses are the backbone of our economy, but they often face...
In a groundbreaking move, the Department of Justice (DOJ) has intervened in a cybersecurity-related False Claims Act case, marking a significant milestone in the enforcement of CMMC (Cybersecurity Maturity Model Certification) and other cybersecurity standards among government contractors. This intervention, part of the DOJ’s Civil Cyber-Fraud Initiative, underscores the government’s commitment to holding contractors accountable for cybersecurity violations and protecting sensitive information.
As Jason Vanzin, CISSP, CEO of Right Hand Technology Group, notes, “The DOJ’s intervention in this case sends a clear message to all government contractors: CMMC and cybersecurity compliance is not optional, it’s mandatory. This action will likely have far-reaching implications for the entire industry.”
In October 2021, Deputy Attorney General Lisa Monaco announced the launch of the Civil Cyber-Fraud Initiative. This program aims to combat new and emerging cyber threats by holding government contractors and grant recipients accountable for their CMMC and cybersecurity practices.
The initiative focuses on three key areas:
The importance of enforcing CMMC and cybersecurity standards among government contractors cannot be overstated. As the frequency and sophistication of cyber attacks continue to increase, the need for robust cybersecurity measures has become critical. Government contractors often handle sensitive information and operate critical infrastructure, making them prime targets for malicious actors.
Non-compliance with CMMC and cybersecurity requirements can have severe implications, including:
In July 2022, whistleblowers filed a qui tam lawsuit against Georgia Tech Research Corporation (GTRC) and Georgia Tech. The case, known as United States ex rel. Craig v. Georgia Tech Research Corporation, alleges that the defendants failed to comply with crucial cybersecurity standards required by their government contracts.
The primary allegations focus on non-compliance with NIST security standards, specifically NIST SP 800-171, which is a core component of CMMC. This standard provides guidelines for protecting Controlled Unclassified Information (CUI) in non-federal systems and organizations.
Jason Vanzin emphasizes, “CMMC and NIST SP 800-171 compliance is not just a checkbox exercise. It’s a comprehensive framework designed to protect sensitive information. Failing to implement these standards can leave critical data vulnerable to breaches and cyber attacks.”
The implications of failing to adhere to CMMC and NIST SP 800-171 standards are significant:
The whistleblowers’ complaints detail Georgia Tech’s alleged failure to implement NIST SP 800-171 standards as required by their Department of Defense (DoD) contracts. Specific allegations include:
The importance of protecting CUI cannot be overstated. This information, while not classified, is still sensitive and requires safeguarding. Examples of CUI include:
By allegedly submitting false certifications to the DoD, Georgia Tech may have misrepresented their cybersecurity posture, potentially putting sensitive information at risk and violating the terms of their contracts.
The DOJ’s decision to join the cybersecurity lawsuit via intervention marks a significant milestone in the Civil Cyber-Fraud Initiative. This action demonstrates the government’s commitment to enforcing CMMC and cybersecurity standards and holding contractors accountable for their cybersecurity practices.
The focus on CMMC and cybersecurity fraud under the Civil Cyber-Fraud Initiative highlights several key points:
Jason Vanzin comments, “The DOJ’s intervention should serve as a wake-up call for all government contractors. It’s clear that the government is taking CMMC and cybersecurity compliance seriously and is willing to use legal means to enforce standards.”
This case represents the DOJ’s continued efforts in CMMC and cybersecurity enforcement and sets a precedent for future actions against non-compliant contractors.
As the case progresses, the DOJ faces a deadline to file its complaint in intervention. This complaint will likely provide more detailed allegations and set the stage for further legal proceedings.
The United States ex rel. Craig v. Georgia Tech Research Corporation case serves as a warning to all government contractors about the importance of adhering to cybersecurity standards and compliance procedures. Key takeaways include:
Government contractors should take immediate steps to ensure their cybersecurity practices align with required CMMC standards, including:
The DOJ’s intervention in United States ex rel. Craig v. Georgia Tech Research Corporation marks a significant turning point in the enforcement of CMMC and cybersecurity standards for government contractors. This case underscores the critical importance of maintaining robust cybersecurity practices and the potential consequences of non-compliance.
As cyber threats continue to evolve and increase in sophistication, the need for transparency and adherence to cybersecurity protocols becomes ever more crucial. Government contractors must prioritize compliance with CMMC, NIST standards, and other cybersecurity requirements to protect sensitive information and maintain the trust of their government partners.
To ensure your organization stays compliant and protected, take action today:
Don’t wait for a legal intervention to address your cybersecurity posture. Act now to protect your organization, your clients, and the sensitive information entrusted to your care.
To learn more about how you can improve your cybersecurity compliance and protect your organization, download our free guide: “CMMC Made Simple: A Straightforward Compliance Roadmap” This valuable resource will help you assess your current compliance status and identify areas for improvement.
Discover strategies to defend your SMB against Black Basta ransomware, including employee education, multi-factor…
Navigate CMMC compliance complexity with our master guide. Explore key documents like SSP and…
Explore Shadow IT risks and benefits, and learn how consistent MSP support can help…
The Certified Information Systems Security Professional is an information security certification with extremely high standards. Less than 132,000 people worldwide had this certification at the end of 2018.
It has also been formally approved by the DOD and is globally recognized in the field of IT security.
It covers the following topics:
Security and Risk Management
Asset Security
Security Architecture and Engineering
Communication and Network Security
Identity and Access Management (IAM)
Security Assessment and Testing
Security Operations
Software Development Security
This a system engineer certification and tests the user’s knowledge on the following topics:
Windows
SQL Server
Exchange Server
SharePoint
System Center (SCCM)
Lync
The A+ Certification demonstrates that the computer technician has the skill set needed to customize, install, maintain, and operate PCs.
In addition to these certifications, Right Hand also has strategic partnerships with some of the biggest names in the industry like Microsoft, Dell, Citrix, and Fortinet.
What could be more assuring than having these industry giants on your side?
As the name suggests, this certification is for Network Engineers. Everything from the installation and maintenance to troubleshooting of networks including the understanding of all related technologies is a part of the course.
This certification shows that the technician who has passed the Microsoft exam is capable of managing, migrating, deploying, planning, and assessing the technology, security, and compliance needs associated with Microsoft Office 365.
The CompTIA Security Plus SY0-501 course provides certifications in the following topics:
Threats
Vulnerabilities
Attacks
System Security
Network Infrastructure
Access Control
Cryptography
Risk Management
Organizational Security