If your organization does any federal contracting, NIST 800-53 is the framework you'll be audited against. It serves as a well rounded structure for any mature information security program.
With v3.2.1 expiring at the end of March 2024, if your organization stores, processes, transmits, or otherwise handles credit card data, this applies to you.