National Cybersecurity Online Informative References (OLIR) Program: Submission Guidance for OLIR Developers

Barrett, Matthew; Keller, Nicole; Quinn, Stephen; Smith, Matthew; Scarfone, Karen

doi:https://doi.org/10.6028/NIST.IR.8278A-draft

NIST IR 8278A (Initial Public Draft)

Obsoleted on November 20, 2020 by IR 8278A

National Cybersecurity Online Informative References (OLIR) Program: Submission Guidance for OLIR Developers

Date Published: August 2020
Comments Due: September 4, 2020 (public comment period is CLOSED)
Email Questions to: olir@nist.gov

Planning Note (08/04/2020):

NIST is seeking public comments on two draft NISTIRs for the National Cybersecurity Online Informative References (OLIR) Program. This Program is a NIST effort to facilitate subject matter experts in defining standardized Online Informative References (OLIRs), which are relationships between elements of their documents and elements of other documents like the NIST Cybersecurity Framework. The draft reports focus on 1) OLIR program overview and uses (NISTIR 8278), and 2) submission guidance for OLIR developers (NISTIR 8278A).

Upon final publication, NISTIR 8278A will replace NISTIR 8204, Cybersecurity Framework Online Informative References (OLIR) Submissions: Specification for Completing the OLIR Template. The primary focus of 8278A is to instruct Developers on how to complete the OLIR Focal Document spreadsheet when submitting an Informative Reference to NIST for inclusion in the OLIR Catalog. Based on feedback received from early adopters as well as discussions at the December 2019 OLIR workshop, this revision includes:

Updated requirement guidance to include the two new focal document templates introduced in NISTIR 8278.
A new “Strength of Relationships” section (3.2.11) that includes guidance for populating the magnitude field when evaluating focal and reference document elements. Interested commenters should read the ‘Note to Reviewers’ (page iii) as we seek feedback on this requested feature describing additional detail about the relationship.

NOTE: A call for patent claims is included on page iv of this draft. For additional information, see the Information Technology Laboratory (ITL) Patent Policy--Inclusion of Patents in ITL Publications.

Author(s)

Matthew Barrett (NIST), Nicole Keller (NIST), Stephen Quinn (NIST), Matthew Smith (Huntington Ingalls Industries), Karen Scarfone (Scarfone Cybersecurity)

Announcement

Abstract

The National Cybersecurity Online Informative References (OLIR) Program is a NIST effort to facilitate subject matter experts in defining standardized Online Informative References (OLIRs), which are relationships between elements of their documents and elements of other documents like the NIST Cybersecurity Framework. This document assists Informative Reference Developers in understanding the processes and requirements for participating in the Program. The primary focus of the document is to instruct Developers on how to complete the OLIR Template spreadsheet when submitting an Informative Reference to NIST for inclusion in the OLIR Catalog. This document replaces IR 8204, Cybersecurity Framework Online Informative References (OLIR) Submissions: Specification for Completing the OLIR Template.

Keywords

crosswalk; Informative References; mapping; Online Informative References (OLIR)

Control Families

None selected

Documentation

Publication:
https://doi.org/10.6028/NIST.IR.8278A-draft
Download URL

Supplemental Material:
Informative references homepage
Focal Document Templates
Focal Documents Schema
OLIR Catalog

Other Parts of this Publication:
IR 8278

Document History:
08/04/20: IR 8278A (Draft)
11/20/20: IR 8278A (Final)

Topics

Security and Privacy

controls, security programs & operations

Applications

cybersecurity framework

Laws and Regulations

Executive Order 13636, Federal Information Security Modernization Act