First: I'd advise discretion when posting details of such a matter. Specific text searches in Google may result in a hit, with corroborating details indicating that the returned page is indeed the one you are discussing. As an initial step, I'd remove the text in question from this page, immediately, possibly prior to consulting with the individual in question. The information is now effectively public.
\r\n\r\nIf you haven't already, I'd present the information to the CSU "degree recipient" in question, and the individual's supervisor or board, along with your initial notice from your external investigator, and suggest review (and the above immediate remediation). After this point, the matter is outside of your hands, unless you have a management role in the organization (information I've seen suggests you don't).
\r\n\r\nYou can't stop people such as your Javert from doing malicious, destructive things. You can take the opportunity to educate those who've presented questionable credentials (deliberately or otherwise) that the practice is likely to backfire significantly. One would hope that this is sufficient for them to correct the breach. I'd share your view that if this is what it took to get a foot in the door, it may have been an expedient lie, but that the individual now has other credentials to present. Certainly, continuing to rely on those of a mill in this Google-bound era is highly risky, QED.