Comment by ExoticPearTree

The probleme here is that what tends to happen is that the security requirements are relatively vague and once the customer has signed the acceptance, good luck.

And signing up with a big company is good way to cover your behind, because "if they with all their people and knowledge could not do it...". Basically the mantra or "Nobody was ever fired for buying Cisco".