Month after month, security teams spend countless hours manually tagging individual systems to keep track of compliance, despite having a single source of truth for the system boundaries. I found myself asking why, while thinking their system data should tell its own story. While on a customer site, I implemented…