Secure Controls Framework
↓ Download SCF
Start Here ▼
What Is The SCF?SCRMS – How To Implement The SCFSCF Domains & PrinciplesIncluded Laws, Regulations & Frameworks (LRF)Set Theory Relationship Mapping (STRM)NIST OLIR ParticipationESG Considerations
Free Content ▼
SCF DownloadRisk Management Model (SCR-RMM)Capability Maturity Model (SCR-CMM)Cybersecurity Assessment Standards (CDPAS)Mergers, Acquisitions & Divestitures (MA&D)Data Privacy Management Principles (DPMP)Evidence Request List (ERL)Unified Scoping Guide (USG)
SCF CORE
GRC Fundamentals ▼
Common Cybersecurity Frameworks
NIST CSF 2.0ISO 27001 / ISO 27002NIST SP 800-53PCI DSS
Word Crimes & Emerging Trends
Word CrimesEmerging Trends
US (FED) – CMMCUS (FED) – DFARS 252.204-70XXUS (NY) – NY DFS 23 NYCRR Part 500US (FED) – GLBAUS (FED) – HIPAA / HITECHUS (FED) – SOXUS (TX) – SB 2610EU – DORAEU – NIS2 DirectiveCIS Critical Security Controls (CSC)NIST SP 800-161NIST SP 800-171NIST SP 800-172Trust Services Criteria (SOC 2)Metaframework – HITRUSTMetaframework – Unified Compliance (UC)
Policy vs Standard vs ProcedureRisks vs ThreatsStrategy vs Operations vs TacticsInheritance vs Reciprocity
TPRM & SCRMIntegrityResilienceMSP / MSSP Dumpster Fire
GRC Basics
The Output Of GRC PracticesCybersecurity MaterialityLaws vs Regulations vs Frameworks
Common Cybersecurity Laws
US (FED) - FedRampUS (FED) - GLBAUS (FED) - HIPAA / HITECHUS (FED) - SOXUS (CA) - CCPA / CPRAUS (TX) - SB 2610EU - DORAEU - GDPREU - NIS2 Directive
Common Cybersecurity Regulations
US (FED) - CMMCUS (FED) - DFARS 252.204-70xxUS (NY) - NY DFS 23 NYCRR Part 500
Common Cybersecurity Frameworks
CIS Critical Security Controls (CSC)ISO 27001 / ISO 27002NIST CSF 2.0NIST SP 800-53NIST SP 800-161NIST SP 800-171NIST SP 800-172PCI DSSTrust Services Criteria (SOC 2)Metaframework - HITRUSTMetaframework - Unified Compliance (UC)
Word Crimes
Policy vs Standard vs ProcedureRisks vs ThreatsStrategy vs Operations vs TacticsInheritance vs Reciprocity
Emerging Trends
TPRM & SCRMIntegrityResilienceCybersecurity MaterialityMSP / MSSP Dumpster Fire
SCF Certified ▼
Organization-Level SCF Certifications
SCF Conformity Assessment Program (CAP)SCF Assessment Guides
SCF Training & Individual-Level Certifications
SCF PractitionerSCF ArchitectSCF Assessor
Marketplace ▼
SCF Connect (SSOT)SCF Licensed Content Providers (LCPs)Registered Provider Organizations (RPOs)Authorized Control Integrator (ACI)Authorized Solution Provider (ASP)Third-Party Assessment Organizations (3PAOs)
FAQAboutSwag
Start Here — NIST OLIR

NIST OLIR Project SCF Participation

The SCF is a recognized participant in the NIST National Online Informative References (OLIR) Program. NIST accepted SCF-submitted OLIRs for both NIST CSF v1.1 and NIST SP 800-171 R2 — available in the NIST OLIR Information Reference Catalog.

2
Accepted OLIRs
NIST CSF v1.1
Submitted Reference
SP 800-171 R2
Submitted Reference
NIST IR 8278
Program Standard
NIST OLIR Catalog ↗
About STRM Mapping
Program Overview

What Is the NIST OLIR Program?

The NIST OLIR Program facilitates Subject Matter Experts in defining standardized Online Informative References between elements of their work and NIST publications.

NIST IR 8278 — National Online Informative References (OLIR) Program: Program Overview and OLIR Uses — explains what OLIRs are, what benefits they provide, how anyone can search and access OLIRs, and how SMEs can contribute their own OLIRs.

Important note: SCF participation in the NIST OLIR Program is not an endorsement by NIST. NIST provides the program infrastructure; the SCF is responsible for the content of its submitted OLIRs.

NIST Publications
CSF · SP 800-53 · SP 800-171 · AI RMF
SCF Controls
33 Domains · Comprehensive CCF
NIST OLIR
Informative Reference Catalog
STRM-Based Crosswalk Mapping
Significance

Why Does OLIR Participation Matter?

The SCF’s participation in the NIST OLIR Program means the crosswalk mapping between SCF controls and key NIST publications has been formally reviewed and accepted by NIST as meeting the OLIR program standards.

Third-Party Validation

NIST acceptance of the SCF’s submitted OLIRs provides independent validation that the crosswalk mappings meet the rigorous standards of NIST IR 8278 and NIST IR 8477.

Authoritative Reference

OLIRs accepted into the NIST catalog are publicly accessible, allowing organizations and auditors to reference the SCF-to-NIST mappings as an authoritative source.

Regulatory Trust

For organizations subject to NIST-based requirements (FedRAMP, CMMC, etc.), OLIR participation demonstrates that SCF-to-NIST mappings are credible and recognized at the federal level.

Broader Ecosystem

OLIR participation connects the SCF to the broader NIST cybersecurity ecosystem, including NIST CSF, SP 800-53, SP 800-171, AI RMF, and other key frameworks.

OLIR Structure

What Is Contained in OLIR Documents?

OLIR documents follow a standardized structure defined by NIST. Each OLIR submitted by the SCF documents the formal relationship between SCF controls and elements of a NIST publication.

Focal Document

The document being mapped (e.g., NIST CSF v1.1 or NIST SP 800-171 R2). Each element of the focal document is identified as a Focal Document Element (FDE) with a unique identifier and description.

Reference Document

The SCF serves as the Reference Document. Each SCF control that maps to a FDE is identified with its control ID, name, and a documented STRM relationship type and strength.

Relationship Type

Each FDE-to-SCF mapping uses one of the 5 STRM relationship types: Subset Of, Intersects With, Equal To, Superset Of, or No Relationship — consistent with NIST IR 8477 methodology.

Relationship Strength

A numeric strength score (1–10) accompanies each mapping to indicate the degree of semantic overlap between the FDE and the SCF control, providing nuance beyond a binary match/no-match determination.

SCF Submissions

SCF-Submitted OLIRs

The following SCF-submitted Informative References have been accepted by NIST and are accessible through the NIST OLIR Information Reference Catalog:

Accepted

SCF v2023.2 → NIST CSF v1.1

Crosswalk mapping between the Secure Controls Framework version 2023.2 and the NIST Cybersecurity Framework version 1.1, documenting the STRM relationship type and strength for each CSF subcategory mapped to a SCF control.

View in NIST OLIR Catalog ↗
Accepted

SCF v2023.2 → NIST SP 800-171 R2

Crosswalk mapping between the Secure Controls Framework version 2023.2 and NIST Special Publication 800-171 Revision 2, documenting the STRM relationship type and strength for each SP 800-171 R2 requirement mapped to a SCF control.

View in NIST OLIR Catalog ↗

Related Topics

STRM Methodology — Learn how Set Theory Relationship Mapping works and the 5 relationship types used in all SCF crosswalk mappings.

Included LRF — Browse all 262+ laws, regulations and frameworks mapped in the SCF using STRM across 5 global regions.

SCF CORE — Explore the SCF CORE program, the free comprehensive controls framework that underpins all OLIR mappings.

Download the SCF — Get the free SCF spreadsheet with all controls and STRM-based LRF mappings included. No registration required.

Access the SCF’s NIST-Recognized Controls Framework

The free SCF download includes all NIST-aligned STRM mappings — including the OLIR-accepted crosswalks for NIST CSF v1.1 and SP 800-171 R2.

↓ Download Free SCF
Learn About STRM
Secure Controls Framework

FREE cybersecurity metaframework. Creative Commons licensed. Volunteer-driven. Used worldwide.

Terms and Conditions
Download the SCF
Join the SCF Discord
Blog
Sponsors
Donate to the SCF
Privacy Notice
Cookie Notice

Start Here

Free Content

Resources

© 2026 Secure Controls Framework Council. Common Controls Framework™ is a registered trademark.

Sitemap