NIST works with the Framework community to create and maintain a catalog of Informative References (References). References are citations of detailed cybersecurity documents to any combination of Functions, Categories, and Subcategories within the Framework. References show how to use a given cybersecurity document in coordination with the Framework for the purposes of cybersecurity risk management.
Historically, References have only appeared in the Framework document. To maintain the readability of the document, only a small number of Reference Documents were listed. With release of Version 1.1 of the Framework document, References appear both in the Framework document and in an online format. The online format provides the entire Framework community an opportunity to create a more comprehensive catalog of cybersecurity methodologies, unified through the structure of the Framework.
The online References catalog uses a federated model, where submitting parties develop and host their respective References. NIST analyzes the submitted References for correctness, works with submitters regarding any necessary corrections, and hosts links to the public draft and final versions of the References. The catalog of References includes links to draft content (while it is being evaluated for public comment) and final versions. Draft content is not retained once a document is declared final.
Disclaimer: References are linked to by NIST for information purposes only and do not constitute an endorsement by NIST of the submitted content.
How to Submit
Do you want to submit a Reference for consideration? Please follow these instructions.