Config management is a perfect fit for compliance: you model desired compliantstate, continually enforce it and have a full audit path of when changes occurand what lead to the drift. But what are the best practises for using configmanagement for compliance, what are the caveats, how do you scan for issuesand how can you keep the auditors happy? If you work with or at a Telco, Financial Institution or a Government entity,you probably already know about compliance and the various acronyms andheadaches it can bring. How can we make this less of a painful process? Well, if you think about it: compliance is a set of rules that someone hasgiven you to enforce and prove that they're being enforced. What isconfiguration management? A series of rules for systems that need to beenforced. So compliance is the perfect use-case for configuration management. We'll be discussing how you can enforce compliance in your estate with configmanagement, what open-source tooling you to perform scans across your estateand how to save time by leveraging existing work such as DevSec. We'll also be talking about how to sell the benefits of config management forcompliance to stakeholders and some real-life examples of how it's worked withcustomers in the past, and the caveats that come with it.