You have heard it enough to make you aim a fire extinguisher at your firewall:  “compliance does not mean security”. Compliance work can consume up to 70% of security budgets in Federal government agencies, and it is common to spend more money identifying, documenting, and gaining approval for a remediation than the remediation itself costs.

When it comes to enhancing their cybersecurity postures, federal agencies have to wade through an entire alphabet soup of regulatory compliance guidelines. From the RMF (Risk Management Framework) to FISMA (Federal Information Security Management Act) and DISA STIGs (Defense Information Systems Agency Security Technical Implantation Guides), there are a number of requirements that agencies must implement to satisfy the government’s definition of a secure environment.