NIST is seeking public comments on Draft NISTIR 8204, Cybersecurity Framework Online Informative References (OLIR) Submissions: Specification for Completing the OLIR Template.

The Framework for Improving Critical Infrastructure Cybersecurity (Cybersecurity Framework) lists several related cybersecurity documents as Informative References (References). References show relationships between the Cybersecurity Framework’s functions, categories, and subcategories and specific sections of standards, guidelines, and best practices. References are often more detailed than the functions, categories, and subcategories and illustrate ways to achieve those outcomes. References suggest how to use a given cybersecurity document in coordination with the Framework for the purposes of cybersecurity risk management.

Historically, References have only appeared in the Cybersecurity Framework document. Online Informative References (OLIR) scale to accommodate a greater number of References and provide a more agile support model to account for the differing update cycles of Reference documents. The draft specification provides a more robust method of defining relationships between Reference elements and Cybersecurity Framework Core elements. Reference developers can use Draft NISTIR 8204 to help prepare their Informative Reference submissions for NIST’s consideration and subsequent public feedback.  The envisioned development and public feedback process can be reviewed at https://www.nist.gov/cyberframework/reference-submission-page.

The public comment period is open until July 16, 2018.