The U.S. government recently intervened in a False Claims Act qui tam case against Georgia Tech Research Corporation, Georgia Institute of Technology, and Georgia Tech Research Institute for violations of NIST 800-171 for failing to protect Controlled Unclassified Information (CUI). Long story short, the U.S. intervention means that the government is taking this case seriously, which means that the defendants have to take this case even more seriously.

Defense contractors need to be intimately familiar with NIST 800-171, which applies to them through various regulations and through their contracts. If you have a DoD contract, this will serve as a reminder to review your cybersecurity program to make sure you are fully in compliance with DoD requirements.