There is no need to have a policy per control. E.g Threat intelligence could be part of your Vulnerability Management policy, Physical security monitoring, part of your Access Control or Physical Security Police and Secure coding part of your SDLC.
I would risk assess each area and then amend, update, create your policies from there.
