Overlay

A security overlay is a set of additional or modified security controls that address the unique requirements of a specific community, technology, or environment. Overlays are applied on top of the standard security baseline to customize it for special circumstances.

For example, the DoD has overlays for classified systems, cloud environments, and specific mission areas. Overlays can add controls not in the standard baseline, increase the rigor of existing controls, or provide specific implementation guidance for a particular context.