As stated in the article, if a government contractor knowingly does not disclose any gaps in their cybersecurity program, it could lead to liability under the False Claims Act (FCA). This case comes at an interesting time when just 3 months ago, CMMC 2.0 was announced and the CMMC-AB stated that they will be leveraging the FCA for the self attestation of an organization's cybersecurity program. While the rule making for CMMC 2.0 is slated to take 9- 24 months, cases like this might have an impact on how the rule making is shaped. Or if leveraging the FCA across all government agencies for cyber compliance of all government contractors is the way forward.
...a contractor’s knowing failure to disclose gaps in its cybersecurity compliance could lead to liability under the False Claims Act.