Choose one of the control families described in FIPS 200, and describe how a security policy would be written to address that control family. Discuss the primary components of the security policy with respect to the security requirements described within the control family.
https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.200.pdf