Final answer:
Organizing security controls into common and system-specific categories can result in significant cost savings and a more consistent application of controls across an agency.
Step-by-step explanation:
Organizing security controls into common security controls and system-specific security controls can result in significant savings to the agency in control development and implementation costs. It can also result in a more consistent application of the security controls across the agency at large.
By classifying security controls into common and system-specific categories, agencies can identify the controls that can be reused across different systems or applications, reducing the need for duplicative efforts in control development. This leads to decreased implementation costs as the agency can apply common controls to multiple systems, thus achieving economies of scale. Additionally, having standardized security controls across the agency ensures that all systems are following best practices and maintaining a consistent level of security.