This is a two-part paper is on a BIA for a health care company. Part 1 You must

This is a two-part paper is on a BIA for a health care company.
Part 1 You must write about the importance of the BIA, define the purpose, scope and boundaries, identify 3 critical business functions, identify 3 critical resources, define Maximum Acceptable Outage (MAO) and impact, and identify 3 recovery objectives. The paper should be no less than 3 pages long, doubled space.
In the attached spreadsheet identify the correct family, control description, and proper implementation of the security controls to help mitigate the risks identified. You can find the NIST security control that would help to mitigate this risk using the following link:
hXXps://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#!/search?version=5.1
Step 1: Identify Risk (already done).
For example, in the “Risk” section, “The NAS server and ISP hardware are located in an unlocked room.”
Step 2: Use the attached NIST pdf to find the control that would help to mitigate the risk.
For example, in the “Control Description” section, “The organization controls physical access to…”
Step 3: Recommend an implementation process.
For example, in the “Implementation” section, “The HNet controls physical access to the network and server equipment by installing it in a locked room or a locked rack”
Step 4: Identify Family. There are 18 families, what family do you believe this control would fall under? The example is in the PE (Physical and Environmental) family.
For example, in the “Family” section, “PE-4 ACCESS CONTROL FOR TRANSMISSION MEDIUM”