The Online Informative Reference Catalog contains all the Reference Data—Informative References and Derived Relationship Mappings (DRMs)—for the National Cybersecurity Online Informative References (OLIR) Program. All Reference Data in the Informative Reference Catalog has been validated against the requirements of NIST Interagency Report (IR) 8204, Cybersecurity Framework OLIR Submissions: Specification for Completing the OLIR Template. If interested in participating in the OLIR program, please refer to the Informative Reference submission page.
The Informative Reference Catalog provides interfaces for Developers to submit Informative References and for Users to view and analyze Reference Data. The Catalog includes links to draft content that is being evaluated during a 30-day public comment period and final versions that have completed the public comment period.
For more information on the National Cybersecurity Online Informative References (OLIR) Program, refer to NISTIR 8278, National Cybersecurity OLIR Program: Guidelines for OLIR Users and Developers which describes the OLIR Program, focusing on explaining what OLIRs are, how they can be beneficial, and how subject matter experts can contribute OLIRs.
Certain commercial entities, equipment, or materials may be identified in this Web site or linked Web sites in order to support Framework understanding and use. Such identification is not intended to imply recommendation or endorsement by NIST, nor is it intended to imply that the entities, materials, or equipment are necessarily the best available for the purpose.
| Informative Reference (ver) | Reference Document | Posted Date | Focal Document | Submitting Organization | Authority | Category of Submitter |
|---|---|---|---|---|---|---|
| NIST-Privacy-Framework-v1-to-NIST-CSF-v1-1 (1.0.0) (More Details) | NIST Privacy Framework: A Tool for Improving Privacy Through Enterprise Risk Management | 05/19/20 | Cybersecurity Framework v1.1 | NIST | Owner | Public Sector |
| ts mitigation™ -open (1.0.0) (More Details) | ts mitigation™ - open v1.1 | 05/11/20 | Cybersecurity Framework v1.1 | Threat Sketch, LLC | Owner | Private Sector |
| HITRUST-CSF-v9-3-1-to-NIST-CSF-v1-1 (1.0.0) (More Details) | HITRUST CSF v9.3.1 | 03/10/20 | Cybersecurity Framework v1.1 | HITRUST Alliance; Standards | Owner | Private Sector |
| CIS Critical Security Controls (1.0.0) (More Details) | CIS Controls Version 7.1 | 11/21/19 | Cybersecurity Framework v1.1 | Center for Internet Security | Owner | Private Sector |
| Factor Analysis of Information Risk (FAIR) - Risk Analysis Mapping (1.0.0) (More Details) | C13G - OpenFAIR Risk Analysis | 11/20/19 | Cybersecurity Framework v1.1 | FAIR Institute/OpenGroup | Non-Owner | Private Sector |
| Factor Analysis of Information Risk (FAIR) - Risk Taxonomy Mapping (1.0.0) (More Details) | C13K - OpenFAIR Risk Taxonomy | 11/20/19 | Cybersecurity Framework v1.1 | FAIR Institute/OpenGroup | Non-Owner | Private Sector |
| HITRUST-CSF-v9-2-to-NIST-CSF-v1-1 (1.0.0) (More Details) | HITRUST CSF v9.2 | 11/19/19 | Cybersecurity Framework v1.1 | HITRUST Alliance; Standards | Owner | Private Sector |
| ISF Standard of Good Practice for Information Security 2018 Online Informative Reference to the NIST Cybersecurity Framework (1.0.0) (More Details) | ISF Standard of Good Practice for Information Security 2018 | 11/14/19 | Cybersecurity Framework v1.1 | Information Security Forum | Owner | Private Sector |
| COBIT 2019 (1.0.0) (More Details) | COBIT 2019 | 11/13/19 | Cybersecurity Framework v1.1 | ISACA | Owner | Private Sector |
| NIST Cybersecurity Framework Informative Reference for 800-171 Rev. 1 (1.0.0) (More Details) | Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations | 11/13/19 | Cybersecurity Framework v1.1 | NIST | Owner | Public Sector |
Applications: cybersecurity framework
Laws and Regulations: Executive Order 13636, Executive Order 13800
