The NIST Security Control Overlay Repository (SCOR) provides stakeholders a platform for voluntarily sharing security control overlays. The level of detail included in the overlay is at the discretion of the organization developing the overlay, but is of sufficient breadth and depth to provide an appropriate rationale and justification for the resulting tailored baseline developed, including any risk-based decisions made during the overlay development process. Tailoring is the process of modifying controls (e.g., designating common controls, selecting compensating controls and enhancements) to meet organizational and operational needs.
The overlay repository is organized into categories of overlays based on the submitting organization: government-wide; public (submitted by a .com, .edu, or .org); and NIST-developed.
Security and Privacy: risk management
Laws and Regulations: E-Government Act, Federal Information Security Modernization Act