Defense contractor LOGZONE Inc. of Huntsville, Alabama has agreed to pay $507,144 to resolve its liability under the False Claims Act for knowingly failing to comply with cybersecurity requirements in contracts with the Department of the Navy.
“Government contractors that obtain sensitive defense information in administering their contracts must follow required cybersecurity standards,” said Assistant Attorney General Brett A. Shumate of the Justice Department’s Civil Division. “The Justice Department will continue to investigate potential violations of these cybersecurity requirements in order to protect this critical information from external threats.”
“The protection of sensitive defense information by government contractors is critical to national security,” said U.S. Attorney Phillip W. Williams Jr. for the Northern District of Alabama. “Adherence to the cybersecurity provisions of contracts with the federal government must be a priority for all contractors, and this enforcement action should serve as a reminder of that.”
“The cybersecurity provisions of federal contracts are critical to protecting sensitive information that may be transmitted in carrying out the mission of the contracts,” said Navy Vice Admiral Stephen Tedford, Director of the Defense Contract Management Agency. “DCMA will continue to ensure that contractors are fulfilling these obligations.”
The settlement resolves allegations under the False Claims Act that LOGZONE knowingly submitted false or fraudulent claims for payment on two Navy contracts for which LOGZONE had not complied with the contracts’ cybersecurity requirements. From May 2021 to March 2025, LOGZONE allegedly failed to implement certain cybersecurity controls in National Institute of Standards and Technology (NIST) Special Publication (SP) 800-171 that, if not implemented, could lead to significant exploitation of the system or exfiltration of sensitive defense information. These issues were identified when the Defense Contract Management Agency assessed LOGZONE’s implementation of NIST SP 800-171 security controls, which resulted in LOGZONE receiving a score of -170, at the low end of the possible score range of -203 to 110.
The resolution obtained in this matter was the result of a coordinated effort between the Justice Department’s Civil Division, Commercial Litigation Branch, Fraud Section and the U.S. Attorney’s Office for the Northern District of Alabama with assistance from the Department of the Navy Office of the General Counsel, NCIS, the Department of the Army Criminal Investigation Division, and the Defense Contract Management Agency’s Defense Industrial Base Cybersecurity Assessment Center.
The original announcement can be found here.
