Civil Cyber-Fraud Initiative
Also known as: CCFI, DOJ CCFI
The Civil Cyber-Fraud Initiative (CCFI) is the Department of Justice program, launched October 6, 2021, that uses the False Claims Act to pursue federal contractors who knowingly provide deficient cybersecurity, misrepresent their security practices, or fail to report cyber incidents. It is the enforcement frame that gives CMMC affirmations legal teeth.
Related terms
- False Claims Act
The False Claims Act (31 U.S.C. §§ 3729–3733) is the federal civil statute that imposes treble damages and per-claim penalties on anyone who knowingly submits a false claim for payment to the government. Knowledge includes actual knowledge, deliberate ignorance, and reckless disregard — and applies to contractors who falsely affirm cybersecurity compliance under CMMC.
- Annual Affirmation
The annual affirmation is the electronic statement, posted in SPRS at least every 12 months by an Affirming Official under 32 CFR 170.22, that the contractor continues to meet the security requirements for its CMMC level. Knowingly false affirmations are the explicit enforcement target of the DOJ Civil Cyber-Fraud Initiative.