What is your experience with hardening operating systems and databases in accordance with DISA STIGs?