16 collected events across every source — vulnerabilities, rulemaking and (soon)
advisories, enforcement & news — newest first. This is the raw stream behind the compliance boards.
Settled $421K — Illinois precision-machining contractor had cybersecurity deficiencies on covered defense information systems.
2024-10-22DOJ FCAhigh
Pennsylvania State University
Settled $1.25M — failed to comply with DFARS 252.204-7012 / NIST 800-171 cybersecurity requirements across 15 DoD and NASA contracts.
2024-10-15DOJ FCAhigh
ASRC Federal Data Solutions LLC
Settled $306K (plus a waiver of at least $877K) — failed to properly protect personal information, resulting in a data breach.
2024-05-01DOJ FCAhigh
Guidehouse Inc. & Nan McKay & Associates
Settled $11.3M — failed to perform required cybersecurity testing before launching the New York Emergency Rental Assistance Program system.
2024-05-01DOJ FCAhigh
Insight Global LLC
Settled $2.7M — deficient cybersecurity measures on a pandemic-related (COVID-19 contact-tracing) government contract, exposing personal information.
2023-09-05DOJ FCAhigh
Verizon Business Network Services
Settled $4.09M — failed to implement required cybersecurity controls in its Managed Trusted IP Service (MTIPS) for federal agencies.
2023-03-14DOJ FCAhigh
Jelly Bean Communications Design LLC
Settled $294K — failed to secure personally identifiable information on a Florida state healthcare-enrollment website.
2022-07-08DOJ FCAhigh
Aerojet Rocketdyne
Settled $9M — misrepresented compliance with cybersecurity requirements in federal government contracts and subcontracts (the first major CCFI settlement).
2022-03-08DOJ FCAhigh
Comprehensive Health Services LLC
Settled $930K — falsely represented compliance with contractual cybersecurity requirements for medical services at U.S. government facilities in Iraq and Afghanistan.