Massachusetts-based tech firm MORSE Corp, a U.S. defense contractor, has agreed to a $4.6 million settlement to resolve a lawsuit alleging its nonadherence to military contract cybersecurity requirements and submission of false claims for payment, reports The Register.
Aside from failing to disclose its third-party email provider's compliance with the U.S. Defense Department's incident reporting, forensic access, and malware management rules, MORSE also did not provide a fine print of its systems security plans from 2018 to early 2021 despite being mandated under contract requirements, according to prosecutors. MORSE was also accused of falsifying scores submitted to the Supplier Performance Risk System, having only updated figures regarding its adoption of NIST SP 800-171 security controls months after being subpoenaed for the wrongful claim. Despite agreeing to the fine, MORSE emphasized that the deal was meant to address "historic false claims act allegations." "MORSE is compliant with all cybersecurity requirements, and has a current third-party-validated NIST score of 110," said a company spokesperson.
