Most of the discussion around the massive SolarWinds data breach scandal has, appropriately, been focused on supply chain security.  Failure to provide adequate security can seriously jeopardize a host of potentially critical missions, something we’re still learning about here.  Selling the government security compromised solutions, however, is also a contract compliance issue.  False Claims Act cases are sure to follow.  These cases can cost companies millions in fines, legal fees, and lost productivity.  They typically take years to unravel.  Remember that the Act allows the government to collect treble damages and that it also has a criminal component should an investigation determine that a company’s action, or lack thereof, rises to that level.  The “extra point” in this specific case is that it can also land you and your company, sometimes separately, in front of a suspension or debarment official. Debarment typically has the effect of banning a company from all types of public sector business, not just federal, for three years.  You can personally be on either the suspended or debarred list.  The exposure isn’t limited to prime contractors and their personnel, either.  The Department of Justice has consistently pursued suppliers in FCA cases, some of which have had to pay 8-figure fines and sever ties with key people.  The bottom line for contractors and suppliers:  Make sure that the security solutions you’re offering are legitimate, secure, and double-checked for problems before they get to an agency customer.  Also consult with your legal team on indemnification language when even your best processes aren’t enough.  Remember, though, that even the best defenses may mean little if a problem is large enough and public enough.  Make sure your solutions are secure.