...
- ISO/IEC 27001:2013 Annex A
- CIS Critical Security Controls
There may be also be controls specific for your country. The UK specifies five controls for basic cyber hygiene in the Cyber Essentials standard, and controls/objectives for operators of essential services under the NIS Directive are published by NCSC.
...