I'm hoping someone can advise if I'm approaching this with the correct mindset. I've done a number of gap assessments of ISO and sp800-53 in the past and before I start the process again with a new client I'm wondering if I can approach things in a different way.

My view is to take existing standards and populate 800-53B control objectives in an excel sheet (UK business) from the controls defined.

This will flag gaps and shortfalls against objectives, for discussion with the client and where they want to improve we then update the relevant standards..

Going one step further I plan to align the control to the intended audience by role (control operator) and then make this available alongside standards to enable users to drill down into what is required of them based on their role.

I'm sure this isn't ground braking but I just want to make sure I'm approaching this correctly, in previous exercises I've been asked to just eye ball sp800 vs the standards and make recommendations but this was via a few diffferent consultancies and it always felt like half a job.

The objective is to make the documents more NIST aligned.