Date Published: December 8, 2022
Comments Due:
Email Questions to:
Author(s)
Nicole Keller (NIST), Stephen Quinn (NIST), Karen Scarfone (Scarfone Cybersecurity), Matthew Smith (Huntington Ingalls Industries), Vincent Johnson (Electrosoft Services)
Announcement
NIST is seeking public comments on two draft NIST Internal Reports (NIST IR) for the National Online Informative References (OLIR) Program. This Program is a NIST effort to facilitate subject matter experts in defining Online Informative References (OLIRs), which are standardized expressions of relationships between concepts in information and communication technology (ICT) documents, like the NIST Cybersecurity Framework.
The draft reports are revisions of existing publications that provide 1) an overview of the Program and its benefits and use (NIST IR 8278r1), and 2) submission guidance for OLIR developers (NIST IR 8278Ar1).
The public comment period for both drafts is open through January 20, 2023.
Details:
Draft NIST IR 8278r1, National Online Informative References (OLIR) Program: Overview, Benefits, and Use, describes the OLIR Program, including what OLIRs are, what benefits they provide, and how anyone can access and use OLIRs. Based on feedback received from OLIR adopters, this draft has the following changes from the original NIST IR 8278:
- Editorial and structural changes throughout the report to improve clarity and usability
- Updated content throughout the report to reflect proposed changes to OLIR, such as eliminating the concept of tiers of OLIR reference data and adding the concept of unilateral and bilateral OLIRs
- Added content on the NIST Cybersecurity and Privacy Reference Tool (CPRT)
Draft NIST IR 8278Ar1, National Online Informative References (OLIR) Program: Submission Guidance for OLIR Developers, instructs OLIR Developers – the subject matter experts who create OLIRs – on how to complete an OLIR Template when submitting an OLIR to NIST for inclusion in the OLIR Catalog. Based on feedback received from OLIR adopters, proposed changes to OLIR in this revision of the original NIST IR 8278A include:
- Definitions for “crosswalk OLIR” and “mapping OLIR,” as well as expanded guidance and templates to include them
- Revisions to the OLIR life cycle steps so that an OLIR does not need to be posted publicly until NIST’s review has been completed
- Splitting the original template into two – one for defining OLIRs and one for general information
- Modified explanations and guidance for several template fields, including the Informative Reference Name, Reference Document, Rationale, and Group and Group Identifier
- Updated examples to reflect the proposed changes to OLIR
NOTE: A call for patent claims is included on page ii of each draft. For additional information, see the Information Technology Laboratory (ITL) Patent Policy--Inclusion of Patents in ITL Publications.
Information and communication technology (ICT) domains – such as cybersecurity, privacy, and Internet of Things (IoT) – have many requirements and recommendations made by national and international standards, guidelines, frameworks, and regulations. An Online Informative Reference (OLIR) provides a standardized expression of the relationships between concepts in such documents. OLIRs provide a consistent and authoritative way of specifying relationships that can be used by both humans and automation. The National OLIR Program is a NIST effort to encourage and facilitate subject matter experts in defining OLIRs and to provide a centralized location for displaying and comparing OLIRs. This report provides an overview of the National OLIR Program, explains the basics of OLIRs and the benefits they can provide, and shows how anyone can access and use OLIRs.
Information and communication technology (ICT) domains – such as cybersecurity, privacy, and Internet of Things (IoT) – have many requirements and recommendations made by national and international standards, guidelines, frameworks, and regulations. An Online Informative Reference (OLIR) provides a...
See full abstract
Information and communication technology (ICT) domains – such as cybersecurity, privacy, and Internet of Things (IoT) – have many requirements and recommendations made by national and international standards, guidelines, frameworks, and regulations. An Online Informative Reference (OLIR) provides a standardized expression of the relationships between concepts in such documents. OLIRs provide a consistent and authoritative way of specifying relationships that can be used by both humans and automation. The National OLIR Program is a NIST effort to encourage and facilitate subject matter experts in defining OLIRs and to provide a centralized location for displaying and comparing OLIRs. This report provides an overview of the National OLIR Program, explains the basics of OLIRs and the benefits they can provide, and shows how anyone can access and use OLIRs.
Hide full abstract
Keywords
catalog; crosswalk; informative references; mapping; National OLIR Program; Online Informative References (OLIRs).
Control Families
None selected
) or https:// don't prove our archive is authentic, only that you securely accessed it. Note that we are working to fix that :)
