This is an archive
(replace .gov by .rip)

FISMA Implementation Project FISMA

NIST Security Control Overlay Repository (SCOR)


The NIST Security Control Overlay Repository (SCOR) provides stakeholders a platform for voluntarily sharing security control overlays. The level of detail included in the overlay is at the discretion of the organization developing the overlay, but is of sufficient breadth and depth to provide an appropriate rationale and justification for the resulting tailored baseline developed, including any risk-based decisions made during the overlay development process. Tailoring is the process of modifying controls (e.g., designating common controls, selecting compensating controls and enhancements) to meet organizational and operational needs.

For more information about overlays, see: Overlay Overview 

The overlay repository is organized into categories of overlays based on the submitting organization: government-wide; public (submitted by a .com, .edu, or .org); and NIST-developed.

  • Government-wide category consists of submissions from federal, state, tribal, and local governments.
  • Public category consists of submissions from commercial, educational, or non-profit organizations.
  • NIST-developed category consists of submissions developed by NIST.

Overlay Submissions


Created November 30, 2016, Updated December 03, 2020