The United States Department of Defense (DOD) buys over $270 billion worth of products and services from commercial organizations in support of its mission. DOD mandated that all organizations doing business with DOD must implement IT security best practices for their corporate systems. The requirement to enforce adherence to NIST SP 800-171 was codified in the procurement rules and regulations called Defense Federal Acquisition Regulation Supplement (DFARS) The specific requirements for enhanced cybersecurity controls within the DOD supplier base is specified in DFARS Clause 252.204-7012, Safeguarding Covered Defense Information.”]