National Institute of Standards and Technology
The US federal agency that publishes many of the standards and guidelines the security industry runs on, including the SP 800 series, FIPS standards, and the Cybersecurity Framework. Its guidance is mandatory for federal agencies and widely adopted voluntarily by private companies. If a security control has a number attached to it, there is a good chance NIST wrote it down first.