A specification of security controls, control enhancements, supplemental guidance,
and other supporting information employed during the tailoring process, that is intended
to complement (and further refine) security control baselines. The overlay specification
may be more stringent or less stringent than the original security control baseline
specification and can be applied to multiple information systems.
Source: CNSSI-4009 (Overlay)