The SCF is a recognized participant in the NIST National Online Informative References (OLIR) Program. NIST accepted SCF-submitted OLIRs for both NIST CSF v1.1 and NIST SP 800-171 R2, which are available in the NIST OLIR Information Reference Catalog.
The NIST OLIR Program facilitates Subject Matter Experts in defining standardized Online Informative References between elements of their work and NIST publications.
NIST IR 8278, National Online Informative References (OLIR) Program: Program Overview and OLIR Uses, explains what OLIRs are, what benefits they provide, how anyone can search and access OLIRs, and how SMEs can contribute their own OLIRs.
Important note
SCF participation in the NIST OLIR Program is not an endorsement by NIST. NIST provides the program infrastructure; the SCF is responsible for the content of its submitted OLIRs.
The SCF’s participation in the NIST OLIR Program means the crosswalk mapping between SCF controls and key NIST publications has been formally reviewed and accepted by NIST as meeting the OLIR program standards.
NIST acceptance of the SCF’s submitted OLIRs provides independent validation that the crosswalk mappings meet the rigorous standards of NIST IR 8278 and NIST IR 8477.
OLIRs accepted into the NIST catalog are publicly accessible, allowing organizations and auditors to reference the SCF-to-NIST mappings as an authoritative source.
For organizations subject to NIST-based requirements (FedRAMP, CMMC, etc.), OLIR participation demonstrates that SCF-to-NIST mappings are credible and recognized at the federal level.
OLIR participation connects the SCF to the broader NIST cybersecurity ecosystem, including NIST CSF, SP 800-53, SP 800-171, AI RMF, and other key frameworks.
OLIR documents follow a standardized structure defined by NIST. Each OLIR submitted by the SCF documents the formal relationship between SCF controls and elements of a NIST publication.
The document being mapped (e.g., NIST CSF v1.1 or NIST SP 800-171 R2). Each element of the focal document is identified as a Focal Document Element (FDE) with a unique identifier and description.
The SCF serves as the Reference Document. Each SCF control that maps to a FDE is identified with its control ID, name, and a documented STRM relationship type and strength.
Each FDE-to-SCF mapping uses one of the 5 STRM relationship types: Subset Of, Intersects With, Equal To, Superset Of, or No Relationship, consistent with NIST IR 8477 methodology.
A numeric strength score (1–10) accompanies each mapping to indicate the degree of semantic overlap between the FDE and the SCF control, providing nuance beyond a binary match/no-match determination.
Users can go to https://csrc.nist.gov/projects/olir/informative-reference-catalog#/ and search for "secure controls framework" to find what mappings exist in NIST OLIR.
STRM Methodology
Learn how Set Theory Relationship Mapping works and the 5 relationship types used in all SCF crosswalk mappings.
Included LRF
Browse all 200+ laws, regulations and frameworks mapped in the SCF using STRM across 5 global regions.
SCF CORE
Explore the SCF CORE program, the free comprehensive controls framework that underpins all OLIR mappings.
Download the SCF
Get the free SCF spreadsheet with all controls and STRM-based LRF mappings included. No registration required.
%20(white).png)
.png)