U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Online Informative References Program OLIR

Informative Reference Catalog

The Online Informative Reference Catalog contains all the Reference Data—Informative References and Derived Relationship Mappings (DRMs)—for the National Online Informative References (OLIR) Program. All Reference Data in the Informative Reference Catalog has been validated against the requirements of NIST Interagency Report (IR) 8278A, National Online Informative References (OLIR) Program: Submission Guidance for OLIR Developers. If interested in participating in the OLIR program, please refer to the Informative Reference submission page.

The OLIR Catalog provides an interface for Developers and Users to view Informative References and analyze Reference Data. The Catalog includes links to draft content that is being evaluated during a 30-day public comment period and final versions that have completed the public comment period.

For more information on the National Online Informative References (OLIR) Program, refer to NISTIR 8278, National Online Informative References (OLIR) Program: Program Overview and OLIR Uses which describes the OLIR Program, focusing on explaining what OLIRs are, how they can be beneficial, and how subject matter experts can contribute OLIRs.

Status

The status field is used to indicate the level of completion an OLIR is currently in. The following is a description of each stage of completion and what each stage represents, for more information, please see the status FAQ:

Status Definition
Work-in-progress The document is currently under development. This draft is not yet complete, and organizations should not attempt to implement it.
Preliminary Draft The content is considered to be stable, but changes are expected to occur. There are gaps in the content and the overall document is still incomplete.
Draft The document represents a complete draft. Early adopters may attempt to implement the guidelines in a test or development environment.
Final The document is final. Relevant content will continue to be linked from or hosted on csrc.nist.gov or nccoe.nist.gov, as appropriate.

Derived Relationship Mapping

Advanced Search

Draft IoTSF-Framework-to-IR8259A (1.0.0) (1.0.0) (More Details) IoTSF IoT Security Compliance Framework v2.1 10/05/21 IoT Device Cybersecurity Capability Core Baseline IoTSF Owner Private Sector
Draft NISTIR_8259A_Eurofins_SCD_Logo_OLIR (1.1.0) (More Details) EIOTS-2011 Secure Connected Devices Logo Requirements 01.001 10/04/21 IoT Device Cybersecurity Capability Core Baseline Eurofins Cyber Security Owner Private Sector
Work-in-Progress Draft SP800-37-Rev-2-to-Framework-v1.1 (1.0.0) (More Details) NIST Special Publication 800-37 Revision 2 09/20/21 Cybersecurity Framework v1.1 National Institute of Standards and Technology Owner Public Sector
Work-in-Progress Draft NISTIR-8374-Ransomware-Profile-to-CSF-v1.1 (1.0.0) (More Details) NISTIR 8374 Cybersecurity Framework Profile for Ransomware Risk Management 09/08/21 Cybersecurity Framework v1.1 National Institute of Standards and Technology Owner Public Sector
Work-in-Progress Draft Framework-v1.1-to-800-53-Rev5 (1.0.0) (More Details) Framework for Improving Critical Infrastructure Cybersecurity Version 1.1 08/24/21 800-53 Rev. 5 National Institute of Standards and Technology Owner Public Sector
Final NIST-8259A-to-SESIP-v1.2 (1.0.0) (1.0.0) (More Details) Security Evaluation Standard for IoT Platform (SESIP), Version 1.0, Ref. GP_FST_070 08/17/21 IoT Device Cybersecurity Capability Core Baseline GlobalPlatform Owner Private Sector
Work-in-Progress Draft SP800-177-Rev-1-to-SP800-53-Rev-4 (1.0.0) (More Details) SP 800-177 Rev. 1 08/17/21 SP 800-53 Rev. 4 National Institute of Standards and Technology Owner Public Sector
Work-in-Progress Draft SP800-161-to-SP800-53-Rev-4 (1.0.0) (More Details) SP 800-161 08/17/21 SP 800-53 Rev. 4 National Institute of Standards and Technology Owner Public Sector
Work-in-Progress Draft SP800-82-Rev-2-to-SP800-53-Rev-4 (1.0.0) (More Details) SP 800-82 Rev. 2 08/17/21 SP 800-53 Rev. 4 National Institute of Standards and Technology Owner Public Sector
Final TUVSUD-17003-to-NISTIR-8259A (1.0.0) (More Details) TÜV SÜD Testing Guidelines for NISTIR 8259 07/29/21 IoT Device Cybersecurity Capability Core Baseline TÜV SÜD Owner Private Sector
Work-in-Progress Draft 800-53-v4-to-Framework-v1.1 (1.0.0) (More Details) Special Publication 800-53 Revision 4: Security and Privacy Controls for Federal Information Systems and Organizations 07/13/21 Cybersecurity Framework v1.1 National Institute of Standards and Technology Owner Public Sector
Work-in-Progress Draft 800-53-v5-to-Framework-v1.1 (1.0.0) (More Details) Special Publication 800-53 Revision 5: Security and Privacy Controls for Information Systems and Organizations 07/13/21 Cybersecurity Framework v1.1 National Institute of Standards and Technology Owner Public Sector
Final NIST-SP-800-181-to-Framework-v1.1 (1.0.0) (More Details) NIST SP 800-181 - National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework 01/21/21 Cybersecurity Framework v1.1 National Institute of Standards and Technology Owner Public Sector
Final CTA-2088-to-NISTIR-8259A (1.0.0) (More Details) CTA-2088 Baseline Cybersecurity Standard for Devices and Device Systems (November 2020) 01/21/21 IoT Device Cybersecurity Capability Core Baseline Consumer Technology Association Owner Private Sector
Work-in-Progress Draft Framework-v1.1-to-800-53-Rev4 (1.0.0) (More Details) Framework for Improving Critical Infrastructure Cybersecurity Version 1.1 12/17/20 SP 800-53 Rev. 4 National Institute of Standards and Technology Owner Public Sector
Final Framework-v1.1-to-Privacy-Framework-v1.0 (1.0.0) (More Details) Framework for Improving Critical Infrastructure Cybersecurity 11/30/20 Privacy Framework v1.0 National Institute of Standards and Technology Owner Public Sector
Final NISTIR-8286-to-CSF-v1-1 (1.0.0) (More Details) Integrating Cybersecurity and Enterprise Risk Management (ERM) 11/30/20 Cybersecurity Framework v1.1 National Institute of Standards and Technology Owner Public Sector
Final COBIT 2019 (1.0.0) (More Details) COBIT 2019 08/26/20 Cybersecurity Framework v1.1 ISACA Owner Private Sector
Final NIST-Privacy-Framework-v1-to-NIST-CSF-v1-1 (1.0.0) (More Details) NIST Privacy Framework: A Tool for Improving Privacy Through Enterprise Risk Management 05/19/20 Cybersecurity Framework v1.1 NIST Owner Public Sector
Final ts mitigation™ -open (1.0.0) (More Details) ts mitigation™ - open v1.1 05/11/20 Cybersecurity Framework v1.1 Threat Sketch, LLC Owner Private Sector
Final HITRUST-CSF-v9-3-1-to-NIST-CSF-v1-1 (1.0.0) (More Details) HITRUST CSF v9.3.1 03/10/20 Cybersecurity Framework v1.1 HITRUST Alliance; Standards Owner Private Sector
Final CIS Critical Security Controls (1.0.0) (More Details) CIS Controls Version 7.1 11/21/19 Cybersecurity Framework v1.1 Center for Internet Security Owner Private Sector
Final Factor Analysis of Information Risk (FAIR) - Risk Analysis Mapping (1.0.0) (More Details) C13G - OpenFAIR Risk Analysis 11/20/19 Cybersecurity Framework v1.1 FAIR Institute/OpenGroup Non-Owner Private Sector
Final Factor Analysis of Information Risk (FAIR) - Risk Taxonomy Mapping (1.0.0) (More Details) C13K - OpenFAIR Risk Taxonomy 11/20/19 Cybersecurity Framework v1.1 FAIR Institute/OpenGroup Non-Owner Private Sector
Final HITRUST-CSF-v9-2-to-NIST-CSF-v1-1 (1.0.0) (More Details) HITRUST CSF v9.2 11/19/19 Cybersecurity Framework v1.1 HITRUST Alliance; Standards Owner Private Sector
Final ISF Standard of Good Practice for Information Security 2018 Online Informative Reference to the NIST Cybersecurity Framework (1.0.0) (More Details) ISF Standard of Good Practice for Information Security 2018 11/14/19 Cybersecurity Framework v1.1 Information Security Forum Owner Private Sector
Final NIST Cybersecurity Framework Informative Reference for 800-171 Rev. 1 (1.0.0) (More Details) Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations 11/13/19 Cybersecurity Framework v1.1 NIST Owner Public Sector

Representations and Warranties

Certain commercial entities, equipment, or materials may be identified in this Web site or linked Web sites in order to support OLIR understanding and use. Such identification is not intended to imply recommendation or endorsement by NIST, nor is it intended to imply that the entities, materials, or equipment are necessarily the best available for the purpose.

Contacts

National Online Informative References Program
olir@nist.gov

Topics

Security and Privacy: testing & validation

Applications: cybersecurity framework

Created September 08, 2020, Updated September 30, 2021