Thanks for the detailed reference list. That helps quite a bit, and confirms that SP 800-160 is key in two domains.
I recommend that the list be updated to specify only SP 800-160 Volume 1 as the reference. Recent publication of Volume 2 forced the name change of the original release.
Also, quite fascinating that the PMBOK is listed as a key reference given that many enterprises consider the PMP a useful correlate certification to the CISSP, supplementing, not competing with, the CISSP. However, I STRONGLY recommend amending the list and filtering the exam question pool so that ONLY the current edition of the PMBOK is needed for study, and any questions derived from earlier editions but not found in the current one are removed from the question pool.
Generally speaking, the most recent (final) version of a standard is used and that does include any material consumed through PMI, of which the PMBOK is only one example to help build a foundation in the technical management domain.
Also, I would strike the IATF reference, it was replaced it with NIST SP 800-160 v1 and the ISO/IEC/IEEE 15288 standard that it references. Although the list looks good, I strongly caution you in saying that the certification is not about memorizing and recalling standards. You must be able to apply knowledge consistently. It is true that the certification had its start with the DoD, but today it has become more international and less NIST standard and DoD policy issuance centric. Systems Security Engineering is a discipline and NOT just a part of the certification title. It is an engineering mindset. That is what I live and breathe every day.