Informative Reference Catalog

The Online Informative Reference Catalog contains all the Reference Data—Informative References and Derived Relationship Mappings (DRMs)—for the National Online Informative References (OLIR) Program. All Reference Data in the Informative Reference Catalog has been validated against the requirements of NIST Interagency Report (IR) 8278A, National Online Informative References (OLIR) Program: Submission Guidance for OLIR Developers. If interested in participating in the OLIR program, please refer to the Informative Reference submission page.

The OLIR Catalog provides an interface for Developers and Users to view Informative References and analyze Reference Data. The Catalog includes links to draft content that is being evaluated during a 30-day public comment period and final versions that have completed the public comment period.

For more information on the National Online Informative References (OLIR) Program, refer to NISTIR 8278, National Online Informative References (OLIR) Program: Program Overview and OLIR Uses which describes the OLIR Program, focusing on explaining what OLIRs are, how they can be beneficial, and how subject matter experts can contribute OLIRs.

Status

The status field is used to indicate the level of completion an OLIR is currently in. The following is a description of each stage of completion and what each stage represents, for more information, please see the status FAQ:

Derived Relationship Mapping

Advanced Search

Focal Document

800-53 Rev. 5 Cybersecurity Framework v1.1 IoT Device Cybersecurity Capability Core Baseline Privacy Framework v1.0 SP 800-53 Rev. 4

Informative Reference Name

800-53-v4-to-Framework-v1.1 800-53-v5-to-Framework-v1.1 CIS Critical Security Controls COBIT 2019 CTA-2088-to-NISTIR-8259A Factor Analysis of Information Risk (FAIR) - Risk Analysis Mapping Factor Analysis of Information Risk (FAIR) - Risk Taxonomy Mapping Framework-v1.1-to-800-53-Rev4 Framework-v1.1-to-800-53-Rev5 Framework-v1.1-to-Privacy-Framework-v1.0 HITRUST-CSF-v9-2-to-NIST-CSF-v1-1 HITRUST-CSF-v9-3-1-to-NIST-CSF-v1-1 IoTSF-Framework-to-IR8259A (1.0.0) ISF Standard of Good Practice for Information Security 2018 Online Informative Reference to the NIST Cybersecurity Framework NIST Cybersecurity Framework Informative Reference for 800-171 Rev. 1 NIST-8259A-to-SESIP-v1.2 (1.0.0) NISTIR_8259A_Eurofins_SCD_Logo_OLIR NISTIR-8286A-to-CSF-v1-1 NISTIR-8286-to-CSF-v1-1 NISTIR-8374-Ransomware-Profile-to-CSF-v1.1 NIST-Privacy-Framework-v1-to-NIST-CSF-v1-1 NIST-SP-800-181-to-Framework-v1.1 SP800-161-to-SP800-53-Rev-4 SP800-177-Rev-1-to-SP800-53-Rev-4 SP-800-213A-v1.0-to-Cybersecurity-Framework-v1.1 SP-800-213A-v1.0-to-SP-800-53r5 SP800-37-Rev-2-to-Framework-v1.1 SP800-82-Rev-2-to-SP800-53-Rev-4 ts mitigation™ -open TUVSUD-17003-to-NISTIR-8259A

Reference Document

C13G - OpenFAIR Risk Analysis C13K - OpenFAIR Risk Taxonomy CIS Controls Version 7.1 COBIT 2019 CTA-2088 Baseline Cybersecurity Standard for Devices and Device Systems (November 2020) EIOTS-2011 Secure Connected Devices Logo Requirements 01.001 Framework for Improving Critical Infrastructure Cybersecurity Framework for Improving Critical Infrastructure Cybersecurity Version 1.1 Framework for Improving Critical Infrastructure Cybersecurity Version 1.1 HITRUST CSF v9.2 HITRUST CSF v9.3.1 Identifying and Estimating Cybersecurity Risk for Enterprise Risk Management Integrating Cybersecurity and Enterprise Risk Management (ERM) IoT Device Cybersecurity Guidance for the Federal Government: IoT Device Cybersecurity Requirement Catalog IoT Device Cybersecurity Guidance for the Federal Government: IoT Device Cybersecurity Requirement Catalog IoTSF IoT Security Compliance Framework v2.1 ISF Standard of Good Practice for Information Security 2018 NIST Privacy Framework: A Tool for Improving Privacy Through Enterprise Risk Management NIST SP 800-181 - National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework NIST Special Publication 800-37 Revision 2 NISTIR 8374 Cybersecurity Framework Profile for Ransomware Risk Management Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations Security Evaluation Standard for IoT Platform (SESIP), Version 1.0, Ref. GP_FST_070 SP 800-161 SP 800-177 Rev. 1 SP 800-82 Rev. 2 Special Publication 800-53 Revision 4: Security and Privacy Controls for Federal Information Systems and Organizations Special Publication 800-53 Revision 5: Security and Privacy Controls for Information Systems and Organizations ts mitigation™ - open v1.1 TÜV SÜD Testing Guidelines for NISTIR 8259

Posted Date

to

Authority

Non-Owner Non-Owner Owner Owner

Category of Submitter

Academia Academia Other Other Private Sector Private Sector Public Sector Public Sector

Keyword(s)

Status

Draft Final Work-in-Progress Draft

Sort By

Status (A-Z) Informative Reference (A-Z) Reference Document (A-Z) Posted Date (newest first) Focal Document (A-Z) Submitting Organization (A-Z) Authority (A-Z) Category of Submitter (A-Z)

Please fix the following:

Search Reset

Status	Informative Reference (version)	Reference Document	Posted Date	Focal Document	Submitting Organization	Authority	Category of Submitter
Draft	SP-800-213A-v1.0-to-Cybersecurity-Framework-v1.1 (1.0.0) (More Details)	IoT Device Cybersecurity Guidance for the Federal Government: IoT Device Cybersecurity Requirement Catalog	12/06/21	Cybersecurity Framework v1.1	NIST	Owner	Public Sector
Draft	SP-800-213A-v1.0-to-SP-800-53r5 (1.0.0) (More Details)	IoT Device Cybersecurity Guidance for the Federal Government: IoT Device Cybersecurity Requirement Catalog	12/06/21	800-53 Rev. 5	NIST	Owner	Public Sector
Final	SP800-37-Rev-2-to-Framework-v1.1 (1.0.0) (More Details)	NIST Special Publication 800-37 Revision 2	11/23/21	Cybersecurity Framework v1.1	National Institute of Standards and Technology	Owner	Public Sector
Final	NISTIR_8259A_Eurofins_SCD_Logo_OLIR (1.1.0) (More Details)	EIOTS-2011 Secure Connected Devices Logo Requirements 01.001	11/10/21	IoT Device Cybersecurity Capability Core Baseline	Eurofins Cyber Security	Owner	Private Sector
Final	IoTSF-Framework-to-IR8259A (1.0.0) (1.0.0) (More Details)	IoTSF IoT Security Compliance Framework v2.1	11/10/21	IoT Device Cybersecurity Capability Core Baseline	IoTSF	Owner	Private Sector
Work-in-Progress Draft	NISTIR-8286A-to-CSF-v1-1 (1.0.0) (More Details)	Identifying and Estimating Cybersecurity Risk for Enterprise Risk Management	11/10/21	Cybersecurity Framework v1.1	National Institute of Standards and Technology	Owner	Public Sector
Work-in-Progress Draft	NISTIR-8374-Ransomware-Profile-to-CSF-v1.1 (1.0.0) (More Details)	NISTIR 8374 Cybersecurity Framework Profile for Ransomware Risk Management	09/08/21	Cybersecurity Framework v1.1	National Institute of Standards and Technology	Owner	Public Sector
Work-in-Progress Draft	Framework-v1.1-to-800-53-Rev5 (1.0.0) (More Details)	Framework for Improving Critical Infrastructure Cybersecurity Version 1.1	08/24/21	800-53 Rev. 5	National Institute of Standards and Technology	Owner	Public Sector
Final	NIST-8259A-to-SESIP-v1.2 (1.0.0) (1.0.0) (More Details)	Security Evaluation Standard for IoT Platform (SESIP), Version 1.0, Ref. GP_FST_070	08/17/21	IoT Device Cybersecurity Capability Core Baseline	GlobalPlatform	Owner	Private Sector
Work-in-Progress Draft	SP800-177-Rev-1-to-SP800-53-Rev-4 (1.0.0) (More Details)	SP 800-177 Rev. 1	08/17/21	SP 800-53 Rev. 4	National Institute of Standards and Technology	Owner	Public Sector
Work-in-Progress Draft	SP800-161-to-SP800-53-Rev-4 (1.0.0) (More Details)	SP 800-161	08/17/21	SP 800-53 Rev. 4	National Institute of Standards and Technology	Owner	Public Sector
Work-in-Progress Draft	SP800-82-Rev-2-to-SP800-53-Rev-4 (1.0.0) (More Details)	SP 800-82 Rev. 2	08/17/21	SP 800-53 Rev. 4	National Institute of Standards and Technology	Owner	Public Sector
Final	TUVSUD-17003-to-NISTIR-8259A (1.0.0) (More Details)	TÜV SÜD Testing Guidelines for NISTIR 8259	07/29/21	IoT Device Cybersecurity Capability Core Baseline	TÜV SÜD	Owner	Private Sector
Work-in-Progress Draft	800-53-v4-to-Framework-v1.1 (1.0.0) (More Details)	Special Publication 800-53 Revision 4: Security and Privacy Controls for Federal Information Systems and Organizations	07/13/21	Cybersecurity Framework v1.1	National Institute of Standards and Technology	Owner	Public Sector
Work-in-Progress Draft	800-53-v5-to-Framework-v1.1 (1.0.0) (More Details)	Special Publication 800-53 Revision 5: Security and Privacy Controls for Information Systems and Organizations	07/13/21	Cybersecurity Framework v1.1	National Institute of Standards and Technology	Owner	Public Sector
Final	NIST-SP-800-181-to-Framework-v1.1 (1.0.0) (More Details)	NIST SP 800-181 - National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework	01/21/21	Cybersecurity Framework v1.1	National Institute of Standards and Technology	Owner	Public Sector
Final	CTA-2088-to-NISTIR-8259A (1.0.0) (More Details)	CTA-2088 Baseline Cybersecurity Standard for Devices and Device Systems (November 2020)	01/21/21	IoT Device Cybersecurity Capability Core Baseline	Consumer Technology Association	Owner	Private Sector
Work-in-Progress Draft	Framework-v1.1-to-800-53-Rev4 (1.0.0) (More Details)	Framework for Improving Critical Infrastructure Cybersecurity Version 1.1	12/17/20	SP 800-53 Rev. 4	National Institute of Standards and Technology	Owner	Public Sector
Final	Framework-v1.1-to-Privacy-Framework-v1.0 (1.0.0) (More Details)	Framework for Improving Critical Infrastructure Cybersecurity	11/30/20	Privacy Framework v1.0	National Institute of Standards and Technology	Owner	Public Sector
Final	NISTIR-8286-to-CSF-v1-1 (1.0.0) (More Details)	Integrating Cybersecurity and Enterprise Risk Management (ERM)	11/30/20	Cybersecurity Framework v1.1	National Institute of Standards and Technology	Owner	Public Sector
Final	COBIT 2019 (1.0.0) (More Details)	COBIT 2019	08/26/20	Cybersecurity Framework v1.1	ISACA	Owner	Private Sector
Final	NIST-Privacy-Framework-v1-to-NIST-CSF-v1-1 (1.0.0) (More Details)	NIST Privacy Framework: A Tool for Improving Privacy Through Enterprise Risk Management	05/19/20	Cybersecurity Framework v1.1	NIST	Owner	Public Sector
Final	ts mitigation™ -open (1.0.0) (More Details)	ts mitigation™ - open v1.1	05/11/20	Cybersecurity Framework v1.1	Threat Sketch, LLC	Owner	Private Sector
Final	HITRUST-CSF-v9-3-1-to-NIST-CSF-v1-1 (1.0.0) (More Details)	HITRUST CSF v9.3.1	03/10/20	Cybersecurity Framework v1.1	HITRUST Alliance; Standards	Owner	Private Sector
Final	CIS Critical Security Controls (1.0.0) (More Details)	CIS Controls Version 7.1	11/21/19	Cybersecurity Framework v1.1	Center for Internet Security	Owner	Private Sector
Final	Factor Analysis of Information Risk (FAIR) - Risk Analysis Mapping (1.0.0) (More Details)	C13G - OpenFAIR Risk Analysis	11/20/19	Cybersecurity Framework v1.1	FAIR Institute/OpenGroup	Non-Owner	Private Sector
Final	Factor Analysis of Information Risk (FAIR) - Risk Taxonomy Mapping (1.0.0) (More Details)	C13K - OpenFAIR Risk Taxonomy	11/20/19	Cybersecurity Framework v1.1	FAIR Institute/OpenGroup	Non-Owner	Private Sector
Final	HITRUST-CSF-v9-2-to-NIST-CSF-v1-1 (1.0.0) (More Details)	HITRUST CSF v9.2	11/19/19	Cybersecurity Framework v1.1	HITRUST Alliance; Standards	Owner	Private Sector
Final	ISF Standard of Good Practice for Information Security 2018 Online Informative Reference to the NIST Cybersecurity Framework (1.0.0) (More Details)	ISF Standard of Good Practice for Information Security 2018	11/14/19	Cybersecurity Framework v1.1	Information Security Forum	Owner	Private Sector
Final	NIST Cybersecurity Framework Informative Reference for 800-171 Rev. 1 (1.0.0) (More Details)	Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations	11/13/19	Cybersecurity Framework v1.1	NIST	Owner	Public Sector

Representations and Warranties

Certain commercial entities, equipment, or materials may be identified in this Web site or linked Web sites in order to support OLIR understanding and use. Such identification is not intended to imply recommendation or endorsement by NIST, nor is it intended to imply that the entities, materials, or equipment are necessarily the best available for the purpose.