I’m sys admin with very limited experience in information security/documentation. I was tasked to self-assess my company controls and document my findings. Is there an online resource that provide guidance to do this?

I found the official assessment guide 800-53A and was thinking of creating an interview template to review specific controls with the system admin/owner. Once I have the info and evidence, update the 800-53A with my findings. Is this the correct approach?

TIA