How do you adjust your security strategy based on regulatory shifts such as NIST or ITAR requirements?