This blog is about understanding, auditing, and addressing risk in cloud environments. Systems and architectures are rapidly converging, hiding complexity with additional layers of abstraction. Simplicity is great for operations - as long as risks are understood and addressed.
Very interesting statistics, particularly around the related and cross-referenced controls. These counts are related to the Top Level controls. While certainly not an absolute flag, these counts are an interesting indicator of the importance of each of the controls.
Also, note the count of controls in the baselines, including the incremental jumps from LOW to MOD and MOD to HIGH. Note that these totals include controls and enhancements.