During the planning phase of a penetration test for a federal agency, you are assessing which document should guide the identification and implementation of security controls to ensure compliance. Which publication should you refer to for a comprehensive list of security and privacy controls for all federal information systems, apart from those related to national security?
SP 800-53
CIS Controls
SP 800-34
SP 800-66