This is a breakdown of each of the NIST 800-53 security control families and how they relate to each step in the NIST 800-37 risk management framework process. It is written by someone in the field in layman's terms with practical use in mind. This book is not a replacement for the NIST 800 special publications, it is a supplemental resource that will give context and meaning to the controls for organizations and cybersecurity professionals tasked with interpreting the security controls.