overlay

An overlay in industrial and regulated environments commonly refers to an additional layer of requirements, controls, or configuration rules that is applied on top of a standard baseline. It is used to adapt a generic standard, policy, or control set to a particular context, such as a specific facility, system type, or regulatory regime.

General meaning

More broadly, an overlay is any secondary layer that modifies, constrains, or augments an underlying base. In operations and manufacturing systems, this often appears as:

• A set of extra cybersecurity controls that sit on top of a baseline control catalog.
• Site-specific operating procedures layered onto a corporate standard.
• Additional configuration or parameter sets applied over default system settings.

Overlays in cybersecurity and control baselines

In the context of documents like NIST SP 800-53, an overlay commonly refers to a structured set of added or tailored controls that refine a baseline (such as Low, Moderate, or High). For example, an industrial control system (ICS) overlay might add or adjust controls to better reflect OT constraints, safety considerations, or uptime requirements, without redefining the entire baseline.

Operationally, this means that a security team may:

• Select a baseline control set appropriate for the system impact level.
• Apply an overlay that adds, enhances, or clarifies specific controls for the environment.
• Document how the overlay modifies the baseline for governance, implementation, and audit purposes.

Other operational uses

Outside formal security frameworks, overlays also appear as:

• Configuration overlays: Files or profiles that override default settings for a plant, line, or product family.
• Visualization overlays: Additional information layers on HMI/SCADA or MES screens, such as alarm states, quality status, or maintenance indicators drawn on top of a base layout.
• Process overlays: Extra checks, approvals, or documentation steps required for certain product classes or customers, layered over standard work.

What an overlay is not

• It is not the original baseline, standard, or default configuration.
• It is not a complete replacement for the underlying set of rules; it assumes the base remains in force unless explicitly changed.
• It is not inherently a certification or approval; it is a descriptive layer of additional or modified requirements.

Common confusion

• Overlay vs. baseline: A baseline is the starting set of standard controls or requirements; an overlay modifies or extends that baseline for specific circumstances.
• Overlay vs. profile or template: A profile or template may define a complete configuration or policy set. An overlay usually assumes an existing profile or baseline and only specifies differences or additions.

Tie to NIST SP 800-53 context

When discussing the difference between NIST SP 800-53 and 800-53B, overlays are often mentioned as a way to adapt generic control baselines to particular system types or sectors, including industrial and OT environments. In that usage, an overlay is a documented, repeatable way to select, refine, or add controls on top of the baseline while keeping traceability back to the original catalog.