NIST works with the Framework community to create and maintain an Informative Reference Catalog. Informative References are citations of detailed cybersecurity documents to any combination of Functions, Categories, and Subcategories within the Framework. Informative References demonstrate how a given cybersecurity document can be used in coordination with the Framework for the purposes of cybersecurity risk management.
Historically, Informative References only appeared in the Framework document. To maintain the readability of the document, only a small number of Reference Documents were listed. With the release of Version 1.1 of the Framework document, Informative References appear both in the Framework document and in an online format. The online format provides the entire Framework community an opportunity to create a more comprehensive catalog of cybersecurity methodologies, unified through the structure of the Framework.
The Online Informative Reference catalog uses a federated model, where submitting parties develop and host their respective Informative References. NIST released NISTIR 8204, Cybersecurity Framework Online Informative References (OLIR) which provides guidance to Informative Reference developers for completing and submitting Informative References. NIST analyzes the submitted Informative References for correctness, works with submitters regarding any necessary corrections, and hosts links to the public draft and final versions of the Informative References. The catalog of Informative References includes links to draft content (while it is being evaluated for public comment) and final versions. Draft content is not retained once a document is declared final.
Have a question? Please go to the Informative References FAQs page to see if it has already been answered.
Disclaimer: Informative References are linked to by NIST for information purposes only and do not constitute an endorsement by NIST of the submitted content.
How to Submit
Do you want to submit an Informative Reference for consideration? Please follow these instructions.