When companies work with federal agencies, their cyberdefense becomes a matter of national security. This is especially true for companies that process federal contract information (FCI), protected by Federal Acquisition Regulation (FAR) Clause 52.203-21, or controlled unclassified information, protected by Defense Federal Acquisition Regulation Supplement (DFARS) Clause 252.204-7012. For these firms, DoD cybersecurity awareness training may be necessary.