A control in the ISO context is a single security measure that addresses a specific risk. ISO 27001:2022 Annex A contains 93 such controls, organized into four categories: organizational (A.5), people (A.6), physical (A.7), and technological (A.8).
Each control has a number, a title, and a description. Detailed implementation guidance is found in ISO 27002:2022. In the ISMS process, you select applicable controls based on your risk analysis (Clause 6.1.2) and document them in the Statement of Applicability (SoA, Clause 6.1.3 d). For each selected control, you need: an implementation description, a responsible person, and evidence that the measure is effective.