Cybersecurity Framework: NIST Publishes NISTIR 8204, Specs for Completing the Online Information References Template


NIST has published NIST Internal Report (NISTIR) 8204, Cybersecurity Framework Online Informative References (OLIR) Submissions: Specification for Completing the OLIR Template.

The Framework for Improving Critical Infrastructure Cybersecurity (Cybersecurity Framework) lists several related cybersecurity documents as Informative References. Informative References show relationships between the Cybersecurity Framework’s functions, categories, and subcategories and specific sections of standards, guidelines, and best practices. Informative References are often more detailed than the functions, categories, and subcategories and illustrate ways to achieve those outcomes. Finally, Informative References suggest how to use a given cybersecurity document in coordination with the Framework for the purposes of cybersecurity risk management.

NISTIR 8204 provides a robust method of defining relationships between Reference elements and Cybersecurity Framework Core elements. NISTIR 8204 can be used to help prepare an Informative Reference for submission. NIST is continuing to identify potential candidates that are willing to participate in the Online Informative Reference (OLIR) Program.  The envisioned development and public feedback process can be reviewed at

Publication details:

Cybersecurity Framework–Informative References:

CSRC Update: