To comply with standards and regulations, you have to know which ones apply to you. Identify the standards and requirements that apply to your business and sector – national, international, by industry: NIST, CIS, SOX, HIPAA, PCI-DSS, NERC, GDPR, etc.
The regulations are there to provide you with guidelines for best practice based on what business you are in, and where in the world you operate.
Failure to comply can not only result in heavy fines, but also in making you vulnerable to data breaches. So, while they may be a bit of a pain, they are also there for your own good…
Based on the standards you need to comply with, perform a risk analysis to identify business critical requirements, and assess your current state of compliance.