# The Hanalyx Journal > Field notes from production — compliance automation, STIG hardening, and federal cybersecurity from the team behind OpenWatch, Kensa, and Specter. ## Posts - [The pain of technical compliance isn't the rules. It's the evidence.](https://www.hanalyx.com/resources/the-pain-of-technical-compliance-isnt-the-rules-its-the-evidence): The hard part of technical compliance isn't the controls. It's proving you stayed compliant between scans, with evidence captured at the change. - [OpenWatch: The Open-Source Compliance Operating System for Federal Infrastructure](https://www.hanalyx.com/resources/openwatch-the-open-source-compliance-operating-system-for-federal-infrastructure): Continuous compliance posture, temporal queries, drift detection, governance workflows, and audit-ready evidence. Open source. Deploy in 10 minutes. - [Why I Built Kensa: Open-Source STIG Compliance Automation](https://www.hanalyx.com/resources/why-i-built-kensa-open-source-stig-compliance-automation): After 12 years in federal IT — Army, FBI, DHS, DoD — I built the compliance engine I wished existed. 508 rules, automatic rollback, structured evidence. Open source. - [Understanding STIG Drift: Why Federal Systems Lose Compliance](https://www.hanalyx.com/resources/understanding-stig-drift-why-federal-systems-lose-compliance): STIG drift isn’t random. It’s driven by vendor updates, day-to-day admin operations, and frequent DISA benchmark changes. This guide explains the mechanics behind the 30–45 day drift cycle and how continuous compliance tools can track changes before findings pile up. - [What is SCAP and Why It Matters for Federal Agencies](https://www.hanalyx.com/resources/what-is-scap-and-why-it-matters-for-federal-agencies): Learn what SCAP (Security Content Automation Protocol) is, why it matters for federal agencies, and how automation speeds audits and ATO timelines. - [Security vs. Compliance: Why the Difference Matters for Your Business](https://www.hanalyx.com/resources/security-vs-compliance-why-the-difference-matters-for-your-business): Learn the difference between security and compliance, why both matter, and how businesses avoid costly fines, breaches, and inefficiency.