U.S. flag   An unofficial archive of your favorite United States government website
Dot gov

Official websites do not use .rip
We are an unofficial archive, replace .rip by .gov in the URL to access the official website. Access our document index here.

Https

We are building a provable archive!
A lock (Dot gov) or https:// don't prove our archive is authentic, only that you securely accessed it. Note that we are working to fix that :)

Computer Security Resource Center

Computer Security Resource Center

This is an archive
(replace .gov by .rip)
    Glossary
A  |  B  |  C  |  D  |  E  |  F  |  G  |  H  |  I  |  J  |  K  |  L  |  M  |  N  |  O  |  P  |  Q  |  R  |  S  |  T  |  U  |  V  |  W  |  X  |  Y  |  Z

overlay

Abbreviation(s) and Synonym(s):

Definition(s):

  A set of security controls, control enhancements, supplemental guidance, and other supporting information, that is intended to complement (and further refine) security control baselines to provide greater ability to appropriately tailor security requirements for specific technologies or product groups, circumstances and conditions, and/or operational environments. The overlay specification may be more stringent or less stringent than the original security control baseline specification and can be applied to multiple information systems.
Source(s):
NIST SP 800-161 under Overlay from NIST SP 800-53 Rev. 4 - Adapted

  A specification of security or privacy controls, control enhancements, supplemental guidance, and other supporting information employed during the tailoring process, that is intended to complement (and further refine) security control baselines. The overlay specification may be more stringent or less stringent than the original security control baseline specification and can be applied to multiple information systems.
Source(s):
NIST SP 800-37 Rev. 2

  A specification of security or privacy controls, control enhancements, supplemental guidance, and other supporting information employed during the tailoring process, that is intended to complement (and further refine) security control baselines. The overlay specification may be more stringent or less stringent than the original security control baseline specification and can be applied to multiple information systems. See tailoring.
Source(s):
NIST SP 800-53 Rev. 5 from OMB Circular A-130 (2016)
NIST SP 800-53B from OMB Circular A-130 (2016)

  A fully specified set of security controls, control enhancements, and supplemental guidance derived from tailoring a security baseline to fit the user’s specific environment and mission.
Source(s):
NISTIR 8183 under Overlay from NIST SP 800-53
NISTIR 8183 Rev. 1 under Overlay from NIST SP 800-53 Rev. 4

  A specification of security controls, control enhancements, supplemental guidance, and other supporting information employed during the tailoring process, that is intended to complement (and further refine) security control baselines. The overlay specification may be more stringent or less stringent than the original security control baseline specification and can be applied to multiple information systems.
Source(s):
CNSSI 4009-2015 [Superseded] from NIST SP 800-53 Rev. 4
NIST SP 800-53 Rev. 4 [Superseded] under Overlay

  See Overlay.
Source(s):
NIST SP 800-53 Rev. 4 [Superseded] under Security Control Overlay