The U.S. government recently intervened in a False Claims Act qui tam case against Georgia Tech Research Corporation, Georgia Institute of Technology, and Georgia Tech Research Institute for violations of NIST 800-171 for failing to protect Controlled Unclassified Information (CUI). Long story short, the U.S. intervention means that the government is taking this case seriously, which means that the defendants have to take this case even more seriously.

Defense contractors need to be intimately familiar with NIST 800-171, which applies to them through various regulations and through their contracts. If you have a DoD contract, this will serve as a reminder to review your cybersecurity program to make sure you are fully in compliance with DoD requirements.

Photo of Sean Griffin Sean Griffin

Sean Griffin is one of the world’s first Artificial Intelligence Governance Professionals certified by the International Association of Privacy Professionals. As a Certified Industry Privacy Professional, Sean helps clients establish and maintain data security, respond to data breaches, and litigate privacy cases. Sean…

Sean Griffin is one of the world’s first Artificial Intelligence Governance Professionals certified by the International Association of Privacy Professionals. As a Certified Industry Privacy Professional, Sean helps clients establish and maintain data security, respond to data breaches, and litigate privacy cases. Sean graduated from Harvard College with honors in 1990 and from Columbia Law School in 1993. Sean is resident in the Washington, DC office of Robinson+Cole, and he litigates cases in DC, Maryland, Virginia, and around the country. Read his full rc.com bio here.