I'm looking to see if anyone has taken the NIST 800-171 security controls and indicated which ones require or may require a security tool/software/application for compliance. For example, the below control can't be met through just a policy, process, procedure, and people. It requires software or an application to meet compliance.

3.14.2 Provide protection from malicious code at designated locations within organizational systems.

I tried searching, but couldn't find anything. If not, I guess I'll start going line-by-line.