root-level view for control reference that opens up into the 156 control references and then opens up into the requirement statements listed under each control reference..

*Looking something like this: *
+ Control References
--- 00.a Information Security Management Program
--+ 01.a Access Control Policy
------- An access control policy shall be established documented and reviewed based on business and security requirements for access.
------- There shall be a formal documented and implemented user registration and de-registration procedure for granting and revoking access.

If I understand correctly the problem with going through the category view is that control references may be spread across categories (meaning there’s no way to get one consolidated listing of all requirements in a single control reference).