As part of our Outreach Program to government agencies, we are working with the National Institute of Standards and Technology (NIST) to provide the cybersecurity ecosystem with excellent support data.
One of NIST’s main missions is metrology and measurement. Another key piece of the puzzle they offer is reference data. This data can range from the definitive standard of peanut butter to the universal constants of physics. Of interest to this readership is cybersecurity reference data. NIST uses the Computer Security Resource Center as its main point of entry for cybersecurity reference data. The documents within this warehouse of guidance represent a tremendous wealth of information on how to protect organizational assets and conduct cybersecurity risk management programs.
While these documents are excellent sources of information on their own, it can be difficult to understand how they might relate to guidance that is mandated, regulated, or simply useful from outside organizations. Many organizations are using guidance that is non-NIST and may be wondering how to align that guidance with NIST guidance. Enter: The Online Informative Reference (OLIR) program.
The OLIR program provides the connective tissue between the documents within NIST as well as those documents looking to align with NIST. The two documents which define the OLIR program, NIST Interagency Reports (NISTIR)s 8278 and 8278a, are relatively long and full of great information for those seeking to understand the intricacies of how inter-document relationships work (maybe there will be another wave on that topic alone one day). The important thing for this post is that 8278a defines a format for 3rd party organizations to create relationships between documents (called an OLIR).
STLLC has submitted an OLIR to the NIST program and it has been accepted. The OLIR is in a 30 day comment period for other folks to check it out and kick the tires before it is finalized in the official OLIR catalog. We are excited to contribute to the cybersecurity reference data ecosystem! After getting our feet wet with this submission, we have many more submissions in the pipeline ready to go. What two documents are you looking to have mapped together? Maybe we can collaborate!