Case Study: New Mexico Department of Game and Fish achieves PCI compliance and eliminates critical vulnerabilities with Rapid7 Nexpose

New Mexico Department of Game and Fish Relies on Rapid7 for Selling Customer Licenses, Maintaining PCI Compliance

The New Mexico Department of Game and Fish, a 300‑employee agency that relies on a custom web application and 140 vendors to sell hunting and fishing licenses (about two‑thirds of its budget), faced an aging IT environment and the need to achieve PCI compliance across state agencies. A small 14‑person IT team had to secure remote VPN users, protect customer payment data, and modernize vulnerability management without huge resources.

The department deployed Rapid7 Nexpose to run automated and on‑demand scans, use built‑in PCI templates, and prioritize fixes with Top Remediations, then added Metasploit to insource penetration testing and InsightIDR for endpoint detection. Within 6–8 weeks Nexpose reduced critical vulnerabilities from roughly 130–200 to 3–4, and the agency has reported no criticals over the past year, faster response to public disclosures, and clearer, more cost‑effective security and compliance processes.

New Mexico Department of Game and Fish

Russ Verbofsky

Chief Information Officer