Standard for threat model and control mapping?

Hey all, I have been doing a lot of work in the cyber risk quantification world, building security strategies and analysing business cyber risk past few years.

I have a bunch of threat models and analyse specific scenarios around data exfiltration, cloud compromise etc, and align threats to protective and detective controls.

Does anyone know of any standards, projects or RFCs around mapping threat models to controls to allow these to be shared and adapted by other organisations? I’m aware …

building building security business cloud compromise control controls cyber cyber risk cyber risk quantification cybersecurity data data exfiltration detective doing etc exfiltration hey lot mapping quantification risk risk quantification security security strategies standard strategies threat threat model threat models threats work world