Computer Security Resource Center

Computer Security Resource Center

Computer Security
Resource Center

Risk Management

NIST Security Control Overlay Repository (SCOR)

Overview

The NIST Security Control Overlay Repository (SCOR) provides stakeholders a platform for voluntarily sharing security control overlays. The level of detail included in the overlay is at the discretion of the organization developing the overlay, but is of sufficient breadth and depth to provide an appropriate rationale and justification for the resulting tailored baseline developed, including any risk-based decisions made during the overlay development process. Tailoring is the process of modifying controls (e.g., designating common controls, selecting compensating controls and enhancements) to meet organizational and operational needs.

For more information about overlays, see: Overlay Overview 


The overlay repository is organized into categories of overlays based on the submitting organization: government-wide; public (submitted by a .com, .edu, or .org); and NIST-developed.

  • Government-wide category consists of submissions from federal, state, tribal, and local governments.
  • Public category consists of submissions from commercial, educational, or non-profit organizations.
  • NIST-developed category consists of submissions developed by NIST.
     

Overlay Submissions

Government-wide
Public
NIST-developed

Created November 30, 2016, Updated September 25, 2019