please help me to write a discussion post in regards to my classmates post using the following

In response to your peers, research any organization as a point of reference or use your own place of work in discussing why regulations are important measures or ways to exert unnecessary control over organizations.

JASON WROTE

I don't treat regulations as "the enemy"I treat them as risks and constraints that must be engineered into the mission across the entire IT estate (switches/routers, servers, endpoints, cloud workloads, and the people and processes that run them). My perspective comes from three places: 20+ years as a United States Marine where roles and disciplined execution are non-negotiable, time on the help desk watching how controls land on real users, and my current work as a DoD network engineer securing a large, distributed environment. Regulations (RMF, NIST SP 800-53, DISA STIGs) give us a common baseline, but they also impose operational risk (cost, complexity, and friction) if we bolt them on rather than design them into the estate. So I map each requirement to assets and attack paths: e.g., 802.1X and VLAN segmentation on access switches, logging at choke points, privileged access controls on admin workstations, and hardened images with drift monitoring. I track "compliance debt" just like patch or vulnerability debt and prioritize it by mission impact and adversary technique.

Does compliance equal security? Nocompliance is a floor at a point in time; security is a continuous property of the estate. I've seen networks "pass the audit" yet keep flat segments, stale local admin creds, or noisy logs no one triagesgaps that attackers happily chain together. Real security comes from continuously verifying control coverage and effectiveness across the estate: asset/inventory fidelity (IPAM/CMDB), configuration baselines (STIGs) with drift detection, threat-informed validation (ATT&CK-mapped tests), and operational readiness (restore tests, tabletops). Regulations strengthen security when we translate them into measurable controls with owners, metrics, and feedback loopsfrom the help desk (where friction shows up) back to engineering (where design changes happen). They become "unnecessary control" only when they're treated as checkboxes detached from how Marines, technicians, and users actually fight, fix, and operate. My bottom line: engineer for mission-fit controls across the estate, prove the baseline with compliance, and keep adapting to live threats.