U.S. flag   An unofficial archive of your favorite United States government website
Dot gov

Official websites do not use .rip
We are an unofficial archive, replace .rip by .gov in the URL to access the official website. Access our document index here.

Https

We are building a provable archive!
A lock (Dot gov) or https:// don't prove our archive is authentic, only that you securely accessed it. Note that we are working to fix that :)

Computer Security Resource Center

Computer Security Resource Center

This is an archive
(replace .gov by .rip)
    Updates 2020

National Cybersecurity Online Informative References (OLIR) Program: Two Draft NISTIRs Available for Comment
August 04, 2020

Summary:

NIST is seeking public comments on two draft NISTIRs for the National Cybersecurity Online Informative References (OLIR) Program. This Program is a NIST effort to facilitate subject matter experts in defining standardized Online Informative References (OLIRs), which are relationships between elements of their documents and elements of other documents like the NIST Cybersecurity Framework.  The draft reports focus on 1) OLIR program overview and uses (NISTIR 8278), and 2) submission guidance for OLIR developers (NISTIR 8278A).

The public comment period for both drafts is open through September 4th, 2020. See the publication details for a copy of the documents and instructions on submitting comments.

Details:

Draft (2nd) NISTIR 8278, National Cybersecurity Online Informative References (OLIR) Program: Program Overview and OLIR Uses. This report describes the OLIR Program: what OLIRs are, what benefits they provide, how anyone can search and access OLIRs, and how subject matter experts can contribute OLIRs. Based on feedback received from early adopters as well as discussions at the December 2019 OLIR workshop, this second draft includes:

  • The introduction of two new Focal Document Templates:
    • Privacy Framework: A Tool for Improving Privacy through Enterprise Risk Management v1.0, and
    • Special Publication 800-53 Revision 4, Security and Privacy Controls for Federal Information Systems and Organizations
  • New functional enhancements to the OLIR Catalog and Derived Relationships Mapping (DRM) display tool

 

Draft NISTIR 8278A, National Cybersecurity Online Informative References (OLIR) Program: Submission Guidance for OLIR Developers. Upon final publication, this report will replace NISTIR 8204, Cybersecurity Framework Online Informative References (OLIR) Submissions: Specification for Completing the OLIR Template. The primary focus of 8278A is to instruct Developers on how to complete the OLIR Focal Document spreadsheet when submitting an Informative Reference to NIST for inclusion in the OLIR Catalog. Based on feedback received from early adopters as well as discussions at the December 2019 OLIR workshop, this revision includes:

  • Updated requirement guidance to include the two new focal document templates introduced in NISTIR 8278.
  • A new “Strength of Relationships” section (3.2.11) that includes guidance for populating the magnitude field when evaluating focal and reference document elements.  Interested commenters should read the ‘Note to Reviewers’ (page iii) as we seek feedback on this requested feature describing additional detail about the relationship.

 

NOTE: A call for patent claims is included on page iv of each draft. For additional information, see the Information Technology Laboratory (ITL) Patent Policy--Inclusion of Patents in ITL Publications.

 

Created August 04, 2020, Updated August 17, 2020