NIST SP 800-171
Consists of 14 Families

3.1: Access Control
Control of who has physical access to company file systems.

3.3: Audit and Accountability
The ability to catch system events and trace the events back to the origin.

3.5: Identification and Authentication
The ability to identify users and authenticate that identification.

3.7: Maintenance
Plans to keep data secure when any maintenance is needed.

3.9: Personnel Security
Policy and procedure to protect organizational users.

3.11: Risk Assessment
Policy and procedure to regularly assess risk within the organization.

3.13: Systems and Communications Protections
Protection of data while it is being sent or received.

3.2: Awareness and Training
Training organizational users on the importance of cyber-security.

3.4: Configuration Management
Managing the base configuration of all organizational systems.

3.6: Incident Response
Details regarding the organizational response should an incident occur.

3.8: Media Protection
Protection of the physical storage point for organizational data

3.10: Physical Protection
Protection measures for the physical environment or organizational facility.

3.12: Security Assessment
Policy and procedure to regularly assess security measures.

3.14: System and Information Integrity
Ensuring all information contains what it should contain.