DoJ Targets Cyber Fraud in New FedRAMP Allegations

A former employee of Accenture has faced criminal charges related to alleged misrepresentations about a cloud platform’s security compliance. Danielle Hillmer has been indicted by the Justice Department (DoJ) for fraud, connected to her role in the General Services Administration’s Federal Risk and Authorization Management Program (FedRAMP).

Key Allegations Against Hillmer

The indictment, secured this week, claims Hillmer concealed the cloud platform’s noncompliance with essential security controls between March 2020 and November 2021. She was in a position as “lead, cloud managed services” for Accenture Federal Services during this time.

Notable Findings from the Indictment

• Hillmer allegedly aimed to elevate the cloud platform’s classification from FedRAMP Moderate to High.
• Warnings from colleagues and external consultants indicated the platform did not meet the necessary security requirements.
• Reportedly, system administrators could access the platform without appropriate multifactor authentication.
• Hillmer is accused of submitting misleading information regarding the platform’s security measures to the FedRAMP authorities.

Accenture and SentinelOne Statement

Accenture publicly addressed the situation, stating that they proactively informed the government about the concerns following an internal review. They pledged full cooperation with the investigation, emphasizing their commitment to ethical practices.

SentinelOne, where Hillmer served as a senior product manager, clarified that the allegations from the DoJ do not pertain to her tenure there. They confirmed she had no involvement in compliance efforts linked to FedRAMP during her time at the company.

Impact on Federal Contracts

The indictment reveals significant implications for various federal agencies. Following the allegations, at least six agencies, including the Army, utilized the cloud platform to support contracts valued at over $250 million.

Legal Consequences and Industry Implications

The wire fraud charge against Hillmer carries a potential sentence of 20 years in prison. This case is particularly noteworthy as it signals the DoJ’s increasing focus on enforcing federal cybersecurity standards through its Civil Cyber-Fraud Initiative. Legal actions have escalated against companies failing to meet contractual security commitments, underscoring a stringent approach to cybersecurity compliance.

With this indictment, the scrutiny on individual accountability within the FedRAMP community is expected to intensify, especially as discussions continue about improving the FedRAMP process and ensuring robust security measures for federal cloud services.