Control interpretation is something that I get asked a lot. When I was teaching another organization all over the world I would get this question a lot. I was teaching DIACAP which is an older DoD version of Risk Management Framework. And would get that question often because the security controls are sometime hard to understand. Its the way the word them. Its the main job of an ISSO and can be difficult.
We have created a course that interprets the security controls:
Privacy is a big part of the NIST 800-37 and 800-53.
Privacy is huge concern of mine that the US and some other governments around the world are not really taking seriously and it’s just unfortunate. I’ve been actually developing another free course about it to show people how to protect themselves.