If you’re looking for the ideal machine image template, get ready to do a little customization. A custom configuration policy is needed whenever your organizational security policies differ from those in a prescribed standard. There are a lot of different best practices and security standards available. Some are vendor- or regulatory-driven. Others are community-driven. And it’s likely that within a single organization’s network, different machines need to meet different policies; for example, a local hospital may need several machines to meet HIPAA guidelines for healthcare security purposes while machines that process financial data would also need to be PCI compliant.