U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.


Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

NIST Risk Management Framework RMF

Government-wide Overlay Submissions

The government-wide category consists of overlay submissions from federal, state, tribal, and local governments. 

Select from overlays listed below for more information and to access the overlay.

Overlay Title Submitted by Overlay Description/Applicability
Closed Isolated Network

U.S. Army Europe


A Closed Isolated Network is defined as a data communications enclave that operates in a single security domain, implements a security policy administered by a single authority, does not connect to any other network and has a single, common, continuous security perimeter.

Physical Access Control Systems PACS Modernization Working Group  Electronic Physical Access Control Systems (ePACS) use a combination of IT components and physical security elements (e.g., card readers, doors/locks) to enable access to real-world resources such as secured facilities or controlled areas within facilities. This overlay will provide a standardized template for ePACS professionals working to secure Federal facilities in a secure and interoperable fashion. 
Federal PKI Systems Federal PKI Policy Authority The Federal Public Key Infrastructure (FPKI) provides the U.S. Government with a common baseline to administer digital certificates and public-private key pairs used to support trust of some government devices and persons. This overlay was developed to provide additional specifications and protections for PKIs participating in the FPKI.


Return to Control Overlay Repository Overview


Disclaimer Statement
The National Institute of Standards and Technology (NIST) has established the Security Overlay Repository as a public service. Security control overlays are made available by NIST on an “AS IS” basis with NO WARRANTIES   Some submitted overlays may be available for free while others may be made available for a fee.  It is the responsibility of the User to comply with the Terms of Use of any given overlay. Overlay users are solely responsible for determining the appropriateness of using and distributing the security control overlays.  User assumes all risks associated with their use, including but not limited to compliance with applicable laws; damage to or loss of data, programs or equipment; and the unavailability or interruption of operation. NIST MAKES NO WARRANTY OF ANY KIND, EXPRESS, IMPLIED OR STATUTORY, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT AND DATA ACCURACY.

Created November 30, 2016, Updated February 23, 2023