The Cybersecurity Score That Cost a Defense Contractor in Alabama $507K

LOGZONE Inc. scored a -170 on a federal cybersecurity audit, nearly as low as possible, while billing the Navy for contracts requiring strict data protections.

Cases like this are exactly why we do what we do. At CSS, our job is to make sure our clients are never caught off guard by an audit, a score, or a federal investigation. We stay ahead of the requirements, so they don’t have to.”

HUNTSVILLE, Ala. – A defense contractor based in Huntsville has agreed to pay more than half a million dollars to the federal government after allegedly billing the U.S. Navy under contracts it never actually complied with contracts that required the company to safeguard sensitive defense information from cyberattacks.

LOGZONE Inc. will pay $507,144 to settle allegations under the False Claims Act that it knowingly submitted fraudulent payment claims on two Navy contracts while failing to meet required cybersecurity standards, the U.S. Department of Justice announced.

The case shines a light on a growing area of federal enforcement: whether defense contractors are actually implementing the cybersecurity controls they’re contractually and legally obligated to maintain.

A Score That Tells the Story

The allegations paint a troubling picture of neglect spanning nearly four years. According to the Justice Department, from May 2021 to March 2025, LOGZONE failed to implement certain security controls outlined in NIST Special Publication 800-171, a federal standard that governs how contractors must protect Controlled Unclassified Information the kind of sensitive data that passes through defense supply chains every day.

The gaps weren’t minor. When the Defense Contract Management Agency (DCMA) assessed LOGZONE’s implementation of those security controls, the company received a score of -170 out of a possible range of -203 to 110. That puts the company near the very bottom of the scale.

What the Officials Said

The settlement drew pointed statements from senior officials across multiple agencies a signal of how seriously the government is treating contractor cybersecurity failures.

“Government contractors that obtain sensitive defense information in administering their contracts must follow required cybersecurity standards,” said Assistant Attorney General Brett A. Shumate of the Justice Department’s Civil Division. “The Justice Department will continue to investigate potential violations of these cybersecurity requirements in order to protect this critical information from external threats.”

U.S. Attorney Phillip W. Williams Jr. for the Northern District of Alabama was equally direct: “Adherence to the cybersecurity provisions of contracts with the federal government must be a priority for all contractors, and this enforcement action should serve as a reminder of that.”

Navy Vice Admiral Stephen Tedford, Director of the DCMA, added that the agency would continue holding contractors accountable: “DCMA will continue to ensure that contractors are fulfilling these obligations.”

How It Was Caught

The case was a coordinated effort involving the DOJ’s Civil Division, the U.S. Attorney’s Office for the Northern District of Alabama, the Department of the Navy’s Office of General

Counsel, NCIS, the Army Criminal Investigation Division, and DCMA’s Defense Industrial Base Cybersecurity Assessment Center.

The False Claims Act as a Cybersecurity Tool

The Biden-era DOJ launched a “Cyber Fraud Initiative” in 2021 to pursue exactly these cases, and enforcement has continued under the current administration, which has stood up both a Task Force to Eliminate Fraud and a new National Fraud Enforcement Division to pursue fraud, waste, and abuse in federal programs.

For defense contractors, particularly those in the CMMC compliance pipeline, the LOGZONE case is a warning: federal auditors are checking, scores are on record and billing the government while knowingly out of compliance can result in federal fraud liability not just a contract dispute.

The claims resolved by the settlement are allegations only. No determination of liability has been made.

Enough Talks, Let’s find the solutions

Recent Posts:

(Sign up)

Ready to
close your gaps?

From your first scan to full remediation, we guide you through every step before the CMMC clock runs out.