False Claims Act — Civil Liability for Knowingly False Claims
31 U.S.C. § 3729, the False Claims Act, imposes civil liability — including treble damages and per-claim penalties — on anyone who knowingly presents a false or fraudulent claim for payment to the federal government. "Knowingly" includes actual knowledge, deliberate ignorance, and reckless disregard, which is why a knowingly false CMMC senior-official affirmation can trigger FCA exposure.
Who must comply
Anyone who submits claims for payment to the federal government — including DoD contractors making CMMC affirmations.
What it requires
- 01Knowingly false claims for payment, false statements material to a claim, and false records used to get a claim paid all trigger civil liability.
- 02Penalties include three times the government's damages plus a per-claim civil penalty (adjusted annually for inflation).
- 03Liability extends to individuals — including the senior official who knowingly signed a false affirmation — not just the company.
- 04The qui tam provisions allow private "relators" (often current or former employees) to file suit on the government's behalf and share in any recovery.
Key points
- The DOJ Civil Cyber-Fraud Initiative, launched October 6, 2021, explicitly uses the FCA to pursue contractors for cybersecurity misrepresentations.
- Multiple settlements since 2022 (Aerojet Rocketdyne, MORSE Corp, Penn State, others) have arisen from inflated NIST 800-171 or DFARS 7012 representations.
Related clauses
- 32 CFR 170.22Affirmation by a Senior Official
32 CFR 170.22 requires a named Affirming Official — a senior representative of the contractor with authority to bind the organization — to electronically affirm in SPRS at least every 12 months that the contractor continues to meet the CMMC security requirements for its level. A knowingly false affirmation is the explicit target of the Department of Justice Civil Cyber-Fraud Initiative under the False Claims Act.
- DFARS 252.204-7021Cybersecurity Maturity Model Certification Requirements
DFARS 252.204-7021 is the contract clause that makes a current CMMC certification or self-assessment at the level specified in the contract a material condition of award and continued performance. It triggers the annual senior-official affirmation obligation under 32 CFR 170.22 and is the contractual hook that turns CMMC from a DoD policy into an enforceable requirement.