Since the contracting community has grown substantially, it also has led to a series of high profile breaches. These breaches involved the exfiltration of government data from contractors who were victims of hacks or insider threats. Incident response and forensics usually find the contractor was not updating systems regularly as well as not providing annual cyber hygiene and insider threat training. Therefore, as of December 31, 2017, contractors that did work on behalf of the United States Federal Government and its multitude of agencies had to comply with NIST SP 800-171. In addition to NIST SP 800-171, and if in their contracts, contractors should have already been complying to FAR (Federal Acquisition Regulation) 52.204-21. Lastly, contractors who work for the United States’ Department of Defense (DoD) are also required to be compliant with DFARS (Defense Federal Acquisition Regulation System) 252.204-7012. These compliance clauses and regulations will be referred as NIST 171, FAR 21, and DFARS 7012, respectively, for the remainder of the article.