This document gives very detailed guidance and clarification regarding the different controls.
If you scroll down the PDF to page 44 you'll find there are two pages specifically covering ML.3.997.
Rather than simply policies and procedures, this control is really looking for more of a project plan identifying objectives in SMART format (i.e. specific, measurable, attainable, result-focused, time-bound), listing the relevant standards, policies and procedures, the stakeholders, what activities are required to meet the objectives (with what funding, people, tools), any training required for those involved, an organisational commitment to do the above etc. It's not just about one-time objectives to implement controls for the first time, its about on-going activities to maintain and measure the effectiveness of the controls, with periodic reviews to ensuring the people involved have the necessary skills, knowledge and tools to meet the objectives.
In short, I've tended to look at this control as the 'who and when and with what tools/resources', while the policy would be the 'what', and the procedures the 'how'. It plugs the gap with formal documentation. You don't necessarily need a separate plan for each ML.3.997 control, though for complex environments with different teams for each function this might work best. A single document could work very well for smaller organisations with a single team - such as an ICT Strategy or Information Systems and Technology (IS&T) Strategy document that could include these controls under a heading like 'Governance' while also having sections for 'Operations', 'Support', 'Training', 'Systems Development' and other functions. I like to include details of service provider SLA's, key infrastructure upgrade projects, and these documents often tend to work best on a 3 or 5-year timeframe, e.g. IS&T Strategy 2019-2024.
Hope this helps you - I'm also in the process of preparing for CMMC L3.