A specification of security controls, control enhancements, supplemental guidance, and other supporting information employed during the tailoring process, that is intended to complement (and further refine) security control baselines. The overlay specification may be more stringent or less stringent than the original security control baseline specification and can be applied to multiple information systems.
Sources:
CNSSI 4009-2015
A specification of security or privacy controls, control enhancements, supplemental guidance, and other supporting information employed during the tailoring process, that is intended to complement (and further refine) security control baselines. The overlay specification may be more stringent or less stringent than the original security control baseline specification and can be applied to multiple information systems.
Sources:
NIST SP 800-161r1-upd1
[11/1/2024 errata update]
from
NIST SP 800-53 Rev. 5
NIST SP 800-171r3
from
OMB Circular A-130 (2016)
NIST SP 800-37 Rev. 2
from
OMB Circular A-130 (2016)
A specification of security or privacy controls, control enhancements, supplemental guidance, and other supporting information employed during the tailoring process, that is intended to complement (and further refine) security control baselines. The overlay specification may be more stringent or less stringent than the original security control baseline specification and can be applied to multiple information systems. See tailoring.
Sources:
NIST SP 800-53 Rev. 5
from
OMB Circular A-130 (2016)
NIST SP 800-53B
from
OMB Circular A-130 (2016)
A fully specified set of security controls, control enhancements, and supplemental guidance derived from tailoring a security baseline to fit the user’s specific environment and mission.
Sources:
NISTIR 8183
under Overlay
NISTIR 8183 Rev. 1
under Overlay