Description should include

U.S. Department of Commerce’s National Institute of Standards and Technology (NIST) Cybersecurity Framework (https://www.nist.gov/cyberframework)
Guide for Applying the Risk Management Framework to Federal Information Systems: A Security Life Cycle Approach (NIST Special Publication [SP] 800-37) (https://csrc.nist.gov/publications/detail/sp/800-37/rev-1/final)
Security and Privacy Controls for Federal Information Systems and Organizations (NIST SP 800-53) (https://csrc.nist.gov/publications/detail/sp/800-53/rev-4/final)
Guide to Industrial Control Systems (ICS) Security (NIST SP 800-82) (https://csrc.nist.gov/publications/detail/sp/800-82/rev-2/final)
Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations (NIST 800-171) (https://csrc.nist.gov/publications/detail/sp/800-171/rev-1/final)
International Society of Automation (ISA)/IEC 62443 Cybersecurity Certificate Programs (https://www.isa.org/training-and-certifications/isa-certification/isa99iec-62443/isa99iec-62443-cybersecurity-certificate-programs/)
Enterprise-control System Integration, International Standards Organization (ISO)/IEC 62264 (Purdue Enterprise Reference Architecture) (https://www.iso.org/standard/57308.html).

Teacher Resource: Building Security to Achieve Engineering and Business Requirements, General Electric and Dragos (https://dragos.com/wp-content/uploads/SecIndSys_Purdue_GEDragos.pdf)

Process/Skill Questions:

What is the significance of the Purdue model?
Why did NIST have to publish rules specific to control systems (e.g., SP 800-82)?
Why are standards important?
What is the difference between a standard and a law?