without much additional technical context, applying compliance standards and their technical controls significantly decreases the paths threat actors have to attack systems