Projects Risk Management NIST Security Control Overlay Repository
NIST Security Control Overlay Repository (SCOR)
The NIST Security Control Overlay Repository (SCOR) provides stakeholders a platform for voluntarily sharing security control overlays. The level of detail included in the overlay is at the discretion of the organization developing the overlay, but is of sufficient breadth and depth to provide an appropriate rationale and justification for the resulting tailored baseline developed, including any risk-based decisions made during the overlay development process. Tailoring is the process of modifying controls (e.g., designating common controls, selecting compensating controls and enhancements) to meet organizational and operational needs.
The overlay repository is organized into categories of overlays based on the submitting organization: government-wide; public (submitted by a .com, .edu, or .org); and NIST-developed.
- Government-wide category consists of submissions from federal, state, tribal, and local governments.
- Public category consists of submissions from commercial, educational, or non-profit organizations.
- NIST-developed category consists of submissions developed by NIST.
Created November 30, 2016, Updated August 20, 2019