National Online Informative References (OLIR) Program: Two Draft NIST IRs Available for Comment

NIST

View As Web Page

Header

NIST Cybersecurity and Privacy Program

National Online Informative References (OLIR) Program: Two Draft NIST IRs Available for Comment

NIST is seeking public comments on two draft NIST Internal Reports (NIST IR) for the National Online Informative References (OLIR) Program. This Program is a NIST effort to facilitate subject matter experts in defining Online Informative References (OLIRs), which are standardized expressions of relationships between concepts in information and communication technology (ICT) documents, like the NIST Cybersecurity Framework. 

The draft reports are revisions of existing publications that provide 1) an overview of the Program and its benefits and use (NIST IR 8278r1), and 2) submission guidance for OLIR developers (NIST IR 8278Ar1).

The public comment period for both drafts is open through January 20, 2023. See the publication details (linked below) for a copy of the documents and instructions on submitting comments.

Details:

Draft NIST IR 8278r1, National Online Informative References (OLIR) Program: Overview, Benefits, and Use, describes the OLIR Program, including what OLIRs are, what benefits they provide, and how anyone can access and use OLIRs. Based on feedback received from OLIR adopters, this draft has the following changes from the original NIST IR 8278:

  • Editorial and structural changes throughout the report to improve clarity and usability
  • Updated content throughout the report to reflect proposed changes to OLIR, such as eliminating the concept of tiers of OLIR reference data and adding the concept of unilateral and bilateral OLIRs
  • Added content on the NIST Cybersecurity and Privacy Reference Tool (CPRT)

Draft NIST IR 8278Ar1, National Online Informative References (OLIR) Program: Submission Guidance for OLIR Developers, instructs OLIR Developers – the subject matter experts who create OLIRs – on how to complete an OLIR Template when submitting an OLIR to NIST for inclusion in the OLIR Catalog. Based on feedback received from OLIR adopters, proposed changes to OLIR in this revision of the original NIST IR 8278A include:

  • Definitions for “crosswalk OLIR” and “mapping OLIR,” as well as expanded guidance and templates to include them
  • Revisions to the OLIR life cycle steps so that an OLIR does not need to be posted publicly until NIST’s review has been completed
  • Splitting the original template into two – one for defining OLIRs and one for general information
  • Modified explanations and guidance for several template fields, including the Informative Reference Name, Reference Document, Rationale, and Group and Group Identifier
  • Updated examples to reflect the proposed changes to OLIR

NOTE: A call for patent claims is included on page ii of each draft. For additional information, see the Information Technology Laboratory (ITL) Patent Policy--Inclusion of Patents in ITL Publications.

Read More

NIST Cybersecurity and Privacy Program
Questions/Comments about this notice: olir@nist.gov
CSRC Website questions: csrc-inquiry@nist.gov