Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Informative References

The National Cybersecurity Online Informative References Program is a NIST effort to facilitate subject matter experts (SMEs) in defining standardized online informative references (OLIRs) between elements of their cybersecurity, privacy, and workforce documents and elements of other cybersecurity, privacy, and workforce documents like the Cybersecurity Framework. At this stage of the OLIR Program evolution, the initial focus is on relationships to cybersecurity and privacy documents. NIST Interagency or Internal Report (IR) 8278, National Cybersecurity Online Informative References (OLIR) Program: Program Overview and OLIR Uses describes the OLIR Program, focusing on explaining what OLIRs are, how they can be beneficial, and how subject matter experts can contribute OLIRs.

The OLIRs are in a simple standard format defined by NIST Interagency or Internal Report (IR) 8278A, National Cybersecurity Online Informative References (OLIR) Program: Submission Guidance for OLIR Developers and are displayed within the OLIR Catalog. NISTIR 8278A provides guidance to Informative Reference developers for completing and submitting OLIRs. NIST analyzes the submitted OLIRs for correctness, works with submitters regarding any corrections, and hosts links to the public draft and final versions of the OLIRs. By following this approach, cybersecurity document owners can use the OLIR Program as a mechanism for communicating with owners and users of other cybersecurity documents

The OLIR Program integrates ongoing NIST projects that respond to administrative and legislative requirements, including those for the Cybersecurity Framework. The OLIR Program also addresses many Office of Management and Budget (OMB) memoranda that address specific cybersecurity issues and comprise large sets of regulations with which organizations must comply. The OLIR Program can represent relationships to any authoritative documents, products, or services. These resources can be generated from national and international standards, guidelines, frameworks, and regulations to policies for individual organizations, sectors, or jurisdictions

Have a question? Please go to the Informative References FAQs page to see if it has already been answered. 

Disclaimer: Informative References are linked to by NIST for informational purposes only and do not constitute an endorsement by NIST of the submitted content.

How to Submit 

Do you want to submit an Informative Reference for consideration? Please follow these instructions

Created November 27, 2017, Updated August 5, 2020