How do you select, implement, and assess security and privacy controls under NIST SP 800-53 for DFAS financial systems?