"Security and privacy controls described in this publication have a well-defined organization and structure. For ease of use in the security and privacy control selection and specification process, controls are organized into 20 families. Each family contains controls that are related to the specific topic of the family. A two-character identifier uniquely identifies each control family (e.g., PS for Personnel Security). Security and privacy controls may involve aspects of policy, oversight, supervision, manual processes, and automated mechanisms that are implemented by systems or actions by individuals."
Each of the 20 families comes with a two letter code, which comprises the first part of a control number (i.e., the principal identifiers for controls). Here's a quick guide, and some "at-a-glance" stats:
147
Access Control
17
Awareness and Training
69
Audit and Accountability
32
Assessment, Authorization, and Monitoring
66
Configuration Management
56
Contingency Planning
74
Identification and Authentication
42
Incident Response
30
Maintenance
Media Protection
59
Physical and Environmental Protection
Planning
37
Program Management
18
Personnel Security
21
Personally Identifiable Information Processing and Transparency
26
Risk Assessment
System and Services Acquisition
162
System and Communications Protection
119
System and Information Integrity
27
Supply Chain Risk Management