Unfortunately that's not how it plays out in most large organizations, which have separate network, hypervisor, security, etc., teams. Everyone works off a playbook, whose origins are usually lost in time and space.
If you want them to change the playbook, it'll involve some schlub having to run from pillar to post between those organizations, trying to get everyone to agree to a change to this policy, and you can bet he or she is not paid or motivated to do this. If another vendor comes along who will go with the flow, they get the sale.
Every organization I’ve worked for has been able to change policies at will. I’ve written them for half a dozen. I don’t particularly like writing policies but if you do you’ll be able to remove the absurd and broken parts.
You don't get to pencil in your own policy when the organization must conform to standardized compliance rules (such as HITRUST for health related companies) that mandate certain policies, or risk losing customers who look for compliance to these rules. These guidelines can take years to catch up to modern best practice.
If you want them to change the playbook, it'll involve some schlub having to run from pillar to post between those organizations, trying to get everyone to agree to a change to this policy, and you can bet he or she is not paid or motivated to do this. If another vendor comes along who will go with the flow, they get the sale.