Security News > 2023 > September > Former CIO accuses Penn State of faking cybersecurity compliance
Last October, Pennsylvania State University was sued by a former chief information officer for allegedly falsifying government security compliance reports.
Following a meeting in June 2022, he recounts "Penn State had never reached actual DFARS compliance and thus had been falsely attesting to compliance since January 1, 2018.".
According to the first amended complaint, "Although Penn State has provided self-attestations of compliance to as required since December 31, 2017, these were false."
The complaint concludes, "Penn State has no SSPs. Penn State's SPRS entries are falsified. There are dozens of projects where Penn State has attested compliance but never met it. To this day Penn State does not appear to be working toward compliance."
"Penn State is dedicated to compliance and takes its compliance obligations, including its cybersecurity obligations under federal government contracts very seriously," the spokesperson said.
"The university has allocated significant resources to maintain compliance with these and other federal requirements. Penn State has worked and continues to work cooperatively and collaboratively with the government to address any questions. The University typically does not comment on pending litigation and will address these allegations at the appropriate time." .