NIST Interagency Report (IR) 8477, titled “Mapping Relationships Between Documentary Standards, Regulations, Frameworks, and Guidelines,” outlines a structured approach for mapping and documenting the relationships between elements-such as controls, requirements, and recommendations-across various cybersecurity and privacy standards, regulations, frameworks, and guidelines. The document provides guidance on identifying and documenting use cases for such mappings, including defining the intended users, clarifying the conceptual relationships between sources, and specifying the direction of the mapping (i.e., which source maps to which).
It introduces several types of concept relationships-such as “supports,” “is supported by,” “identical,” “equivalent,” and “contrary”-and further refines supportive relationships with properties like “example of,” “integral to,” and “precedes,” to capture nuances in how concepts relate. The report is intended to be used by NIST and the broader cybersecurity and privacy community, particularly in the context of the NIST National Online Informative References (OLIR) process and the Cybersecurity and Privacy Reference Tool (CPRT), to build a cohesive, consistent mapping system that enhances transparency, usability, and interoperability across diverse guidance sources