U.S. flag

An official website of the United States government

Dot gov

The .gov means it’s official.
Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a federal government site.

Https

The site is secure.
The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.

Cybersecurity Framework

Informative References

Share

The National Cybersecurity Online Informative References (OLIR) Program is a NIST effort to facilitate subject matter experts defining online informative references (OLIRs) between cybersecurity elements of their documents and cybersecurity elements of other documents like the NIST Cybersecurity Framework. The OLIR Program provides a standardized format for expressing OLIRs and a centralized location for accessing and comparing them. NISTIR 8278, National Cybersecurity OLIR Program: Guidelines for OLIR Users and Developers describes the OLIR Program, focusing on explaining what OLIRs are, how they can be beneficial, and how subject matter experts can contribute OLIRs.

The Informative Reference catalog implements a federated model, where submitting parties develop and host their respective Informative References. NIST released NISTIR 8204, Cybersecurity Framework OLIR Submissions: Specification for Completing the OLIR Template which provides guidance to Informative Reference developers for completing and submitting OLIRs. NIST analyzes the submitted OLIRs for correctness, works with submitters regarding any corrections, and hosts links to the public draft and final versions of the OLIRs.

The OLIR Program integrates ongoing NIST projects that respond to administrative and legislative requirements, including those for the Cybersecurity Framework. The OLIR Program can incorporate any authoritative documents, from national and international standards, guidelines, frameworks, and regulations to policies for individual organizations, sectors, or jurisdictions. By following this approach, cybersecurity document owners can use the OLIR Program as a mechanism for communicating with owners and users of other cybersecurity documents.

Have a question? Please go to the Informative References FAQs page to see if it has already been answered. 

Disclaimer: Informative References are linked to by NIST for informational purposes only and do not constitute an endorsement by NIST of the submitted content.

How to Submit 

Do you want to submit an Informative Reference for consideration? Please follow these instructions

Information technology, Cybersecurity and Cybersecurity education and workforce development
Created November 27, 2017, Updated February 19, 2020