Compliance means meeting requirements. It is also used to refer to industry-wide or government rules and regulations that mention how data should be managed, and the need for organizations to be compliant with those regulations.
Consider a rule for password complexity, such as the length of the password not being fewer than 12 characters. Now, you need to check whether this is true for all the machines in your infrastructure. Let's assume you have a few thousand machines to check and, if they aren't in compliance, reconfigure.
You can understand how much time it would take to go through each machine, check the setting, and correct it if it's to be found noncompliant. Now, multiply those efforts for a few hundred rules–how do you document all the statuses to show the auditor? This becomes more complex when you want to be compliant for various government and industry standards such as ISO, HIPPA, and Suburban Oxley. They have a few hundred rules per standard and changes per operating...