A source of ISCM assessment elements based on the experience of individuals (practitioners) with experience in designing, implementing, and operating ISCM capabilities, as well as security engineering experience.
Sources:
NIST SP 800-137A