CLIENT STORY
Electrosoft assisted the National Institute of Standards and Technology (NIST) to develop and implement the National Cybersecurity Online Informative References (OLIR) Program to provide a standardized format for expressing online informative references and a centralized location for hosting them. By standardizing how informative references are expressed, they become more consistent, organizable, and usable to cybersecurity practitioners.
PROBLEM
There is a plethora of documents (standards, guidance, and regulations) related to cybersecurity, privacy and the cyber workforce. One of the challenges facing practitioners involves understanding and relating concepts and definitions documented within these documents. While these documents vary in structure, size and complexity, there is not a standardized way to indicate how a concept within one document relates to a concept within another. The lack of standardization and the vast number of locations for references wastes an enormous amount of time and effort and leads to inconsistent and confusing information in cybersecurity documents.
SOLUTION
Electrosoft supported NIST in developing and implementing the National Cybersecurity Online Informative References (OLIR) Program. The three main objectives for the OLIR program are:
Electrosoft helped to develop content for NISTIR 8278, National Cybersecurity OLIR Program: Program Overview and OLIR Users. The document describes the OLIR Program, focusing on explaining what OLIRs are, how they can be beneficial, how users can browse and analyze the data within the OLIR Catalog and how subject matter experts can contribute OLIRs.
Electrosoft also supported NIST in creating an online repository, the OLIR catalog, for hosting, sharing, and comparing references. Developers can submit OLIRs for inclusion within this online catalog. The catalog contains links to OLIR content and provides users with the ability to research and analyze the relationships between different OLIRs.
In addition, Electrosoft provides NIST with the day-to-day operational support for analyzing the submitted OLIRs for correctness, working with submitters regarding any corrections, and helping maintain life cycle support of the public draft and final versions of the OLIRs.
RESULTS/BENEFITS
With the vast number of reference documents in the cybersecurity and privacy space, the OLIR Program provides a consolidated, easy-to-use location where people can get information on many reference documents and analyze their relationships. This significantly reduces the time organizations need to research and analyze their current and target cybersecurity activities and communicate with others regarding cybersecurity activities. The OLIR Program increases transparency, alignment, and harmonization of definitions and concepts across reference documents. Standardizing how references are expressed also provides a way for automation technologies to ingest and utilize them. The OLIR Program increases integration of NIST guidance produced in support of United States Government legislative and administrative responsibilities.
REFERENCES