How do you ensure that a newly provisioned cloud environment complies with strict defense security standards?