> Much of the compliance efforts may look good on paper, but have > no impact on actual usage or may be trivially circumvented
or even worse, will likely end up compromising security in case somebody aiming for "hardening" manipulates the system without fully understanding the consequences.
