U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.


Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

NIST IR 8278 (2nd Public Draft)

National Cybersecurity Online Informative References (OLIR) Program: Program Overview and OLIR Uses

Date Published: August 2020
Comments Due: September 4, 2020 (public comment period is CLOSED)
Email Questions to: olir@nist.gov

Planning Note (08/04/2020):

NIST is seeking public comments on two draft NISTIRs for the National Cybersecurity Online Informative References (OLIR) Program. This Program is a NIST effort to facilitate subject matter experts in defining standardized Online Informative References (OLIRs), which are relationships between elements of their documents and elements of other documents like the NIST Cybersecurity Framework.  The draft reports focus on 1) OLIR program overview and uses (NISTIR 8278), and 2) submission guidance for OLIR developers (NISTIR 8278A).

Draft (2nd) NISTIR 8278 describes the OLIR Program: what OLIRs are, what benefits they provide, how anyone can search and access OLIRs, and how subject matter experts can contribute OLIRs. Based on feedback received from early adopters as well as discussions at the December 2019 OLIR workshop, this second draft includes:

  • The introduction of two new Focal Document Templates:
    • Privacy Framework: A Tool for Improving Privacy through Enterprise Risk Management v1.0, and
    • Special Publication 800-53 Revision 4, Security and Privacy Controls for Federal Information Systems and Organizations
  • New functional enhancements to the OLIR Catalog and Derived Relationships Mapping (DRM) display tool

NOTE: A call for patent claims is included on page iv of this draft. For additional information, see the Information Technology Laboratory (ITL) Patent Policy--Inclusion of Patents in ITL Publications.


Nicole Keller (NIST), Stephen Quinn (NIST), Karen Scarfone (Scarfone Cybersecurity), Matthew Smith (Huntington Ingalls Industries), Vincent Johnson (Electrosoft Services)






catalog; Cybersecurity Framework; informative references; mapping; National Cybersecurity OLIR Program; Online Informative References (OLIRs)
Control Families

None selected