You don't appear to know how security really operates in federal government software. They hire Booz-Allen-Hamilton for millions of dollars to come in with 200 consultants and produce a massive report declaring their software meets all "certification and accreditation" requirements. This document then goes on a shelf somewhere and government workers continue to email all kinds of PI data around in Word and Excel attachments because the software is so obtuse it's the only way they can actually get anything done.