Contractor accused not providing system plans, falsifying scores and failing to disclose its third-party email provider's compliance level.
MORSE Corp, a U.S. defense contractor, has agreed to a $4.6 million settlement to resolve a lawsuit alleging its nonadherence to military contract cybersecurity requirements and submission of false claims for payment.
According to The Register, MORSE did not provide a fine print of its systems security plans from 2018 to early 2021, despite being mandated under contract requirements, according to prosecutors. This was on top of failing to disclose its third-party email provider's compliance with the U.S. Defense Department's incident reporting, forensic access, and malware management rules.
MORSE was also accused of falsifying scores submitted to the Supplier Performance Risk System, having only updated figures regarding its adoption of NIST SP 800-171 security controls months after being subpoenaed for the wrongful claim.
Despite agreeing to the fine, MORSE emphasised that the deal was meant to address "historic false claims act allegations."
"MORSE is compliant with all cybersecurity requirements, and has a current third-party-validated NIST score of 110," said a company spokesperson.
Written by
Dan Raywood is a B2B journalist with 25 years of experience, including covering cybersecurity for the past 17 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.
He has spoken at events including 44CON, Infosecurity Europe, RANT Forum, BSides Scotland, Steelcon and the National Cyber Security Show, and served as editor of SC Media UK, Infosecurity Magazine and IT Security Guru. He was also an analyst with 451 Research and a product marketing lead at Tenable.
