U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.


Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

NIST IR 8278A Rev. 1 (Initial Public Draft)

National Online Informative References (OLIR) Program: Submission Guidance for OLIR Developers

Date Published: December 8, 2022
Comments Due: January 20, 2023 (public comment period is CLOSED)
Email Questions to: olir@nist.gov


Matthew Barrett (NIST), Nicole Keller (NIST), Stephen Quinn (NIST), Matthew Smith (Huntington Ingalls Industries), Karen Scarfone (Scarfone Cybersecurity), Vincent Johnson (Electrosoft Services)


NIST is seeking public comments on two draft NIST Internal Reports (NIST IR) for the National Online Informative References (OLIR) Program. This Program is a NIST effort to facilitate subject matter experts in defining Online Informative References (OLIRs), which are standardized expressions of relationships between concepts in information and communication technology (ICT) documents, like the NIST Cybersecurity Framework. 

The draft reports are revisions of existing publications that provide 1) an overview of the Program and its benefits and use (NIST IR 8278r1), and 2) submission guidance for OLIR developers (NIST IR 8278Ar1).

The public comment period for both drafts is open through January 20, 2023. 


Draft NIST IR 8278r1, National Online Informative References (OLIR) Program: Overview, Benefits, and Use, describes the OLIR Program, including what OLIRs are, what benefits they provide, and how anyone can access and use OLIRs. Based on feedback received from OLIR adopters, this draft has the following changes from the original NIST IR 8278:

  • Editorial and structural changes throughout the report to improve clarity and usability
  • Updated content throughout the report to reflect proposed changes to OLIR, such as eliminating the concept of tiers of OLIR reference data and adding the concept of unilateral and bilateral OLIRs
  • Added content on the NIST Cybersecurity and Privacy Reference Tool (CPRT)

Draft NIST IR 8278Ar1, National Online Informative References (OLIR) Program: Submission Guidance for OLIR Developers, instructs OLIR Developers – the subject matter experts who create OLIRs – on how to complete an OLIR Template when submitting an OLIR to NIST for inclusion in the OLIR Catalog. Based on feedback received from OLIR adopters, proposed changes to OLIR in this revision of the original NIST IR 8278A include:

  • Definitions for “crosswalk OLIR” and “mapping OLIR,” as well as expanded guidance and templates to include them
  • Revisions to the OLIR life cycle steps so that an OLIR does not need to be posted publicly until NIST’s review has been completed
  • Splitting the original template into two – one for defining OLIRs and one for general information
  • Modified explanations and guidance for several template fields, including the Informative Reference Name, Reference Document, Rationale, and Group and Group Identifier
  • Updated examples to reflect the proposed changes to OLIR

NOTE: A call for patent claims is included on page ii of each draft. For additional information, see the Information Technology Laboratory (ITL) Patent Policy--Inclusion of Patents in ITL Publications.



crosswalk; Informative References; mapping; National OLIR Program; Online Informative References (OLIR)
Control Families

None selected


Download URL

Supplemental Material:
OLIR project

Publication Parts:
IR 8278 Rev. 1

Document History:
12/08/22: IR 8278A Rev. 1 (Draft)