I'd also check out some of the posts here on the thwack Product Blog about different compliance initiatives - it might help to understand why certain things are in the recommendations so you can deduce some of the overlap.
Once you've checked off the MUSTs for your organization (like PCI), then my advice would be to prioritize the information you can act on next. Know that you have a problem, know that you have the right information to deal with the problem, and know what you'll do about it. It's easy to feel like logging everything is the best idea because it COULD give you the best information should something happen, but the reality for, well, almost everyone, is that you end up filtering everything out except what you want to know.
I think the previous comment is a good clue too - the rules in LEM and other SW products ARE indicators of best practices, and the categories of rules that were added help you narrow down the out of the box content that can help get you there. The product tries to get you close, but only you know your organization and what you can deal with, let alone afford (literally) to store and sift through.