A collection of assorted security policies each pertaining to a different NIST Control family
A quite large and lengthy document which uses the OCTAVE Risk Assessment Framework to evalutate a mock organzation