realstupidshit.com

America's dumbest corner of the internet

Search | Submit a tip
Cybersecurity Report Card Bonfire

A Navy contractor paid $507,144 after allegedly flunking cyber requirements with a minus-170 score, because apparently national security got graded on a cliff

DOJ says Alabama defense contractor LOGZONE agreed to resolve False Claims Act allegations after allegedly billing on Navy contracts while missing required cybersecurity controls and scoring -170 on a NIST assessment scale.

June 20, 2026 • Real Stupid Shit Desk

What Happened

The Justice Department announced Thursday that LOGZONE Inc., a defense contractor based in Huntsville, Alabama, agreed to pay $507,144 to resolve False Claims Act liability tied to cybersecurity requirements in Department of the Navy contracts.

DOJ said the settlement resolves allegations that LOGZONE knowingly submitted false or fraudulent claims for payment on two Navy contracts while not complying with required cybersecurity controls.

From May 2021 to March 2025, DOJ alleged, LOGZONE failed to implement certain controls from NIST Special Publication 800-171. Those controls are intended to protect sensitive defense information from exploitation or exfiltration. The Defense Contract Management Agency assessed LOGZONE's implementation and gave it a score of -170, near the low end of a possible range from -203 to 110.

Why This Matters

Cybersecurity requirements in defense contracts are not decorative stickers. They exist because sensitive defense information tends to attract hostile actors, spies, criminals, contractors with sloppy habits, and occasionally all four in the same trench coat.

The government's allegation is simple: if you promise the Navy you are following the cyber rules, then bill the Navy as if you are following the cyber rules, you should probably be following the cyber rules.

The Dumb Part

The dumb part is the score. Negative 170 is not a grade. It is a submarine depth reading. When a cybersecurity assessment scale runs down to -203 and you are sitting at -170, that is less "needs improvement" and more "the homework caught fire before the dog could eat it."

DOJ emphasized that the claims resolved by the settlement are allegations only and there has been no determination of liability. Fair enough. But even as an allegation, this is still a brutal little snapshot of government contracting: sensitive defense data, required safeguards, years of alleged noncompliance, and a cyber score that looks like February in Antarctica.

The Bottom Line

Defense contractors do not get to treat cybersecurity like optional cup holders. If the contract says protect the data, protect the data. Otherwise the taxpayers wind up funding a very expensive trust exercise with a password taped under the keyboard.

Sources

Department of Justice: Alabama Defense Contractor Agrees to Pay $507,144 to Resolve False Claims Act Liability Relating to Cybersecurity Violations

← Back to Government Nonsense