NICE Framework

From CyberEdWiki
Jump to: navigation, search

This article is derived from NIST Special Publication 800-181 Dated August 2017. See the NIST Special Publication 800-181 resource center.

The National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework or NICE Framework provides a fundamental reference resource for describing and sharing information about cybersecurity work roles, the discrete tasks performed by staff within those roles, and the knowledge, skills, and abilities (KSAs) needed to complete the tasks successfully.

NICE Framework Components

The NICE Framework Components includes 7 Categories, each containing Specialty Areas. These Specialty Areas have their own definitions, Work Roles, and Work Role definitions. The Work Roles each require different KSAs and defined Tasks.

NICE Framework

NICE Framework
Categories (7) Specialty Area (33) Work Role (52)
Securely Provision (SP)
Risk Management (RSK) Authorizing Official/Designating Representative
Security Control Assessor
Software Development (DEV) Software Developer
Secure Software Assessor
Systems Architecture (ARC) Enterprise Architect
Security Architect
Technology R&D (RD) Research & Development Specialist
Systems Requirements Planning (SRP) Systems Requirements Planner
Test and Evaluation (TST) System Testing and Evaluation Specialist
Systems Development (SYS) Information Systems Security Developer
Systems Developer
Operate and Maintain (OM)
Data Administration (DTA) Database Administrator
Data Analyst
Knowledge Management (KMG) Knowledge Manager
Customer Service and Technical Support (STS) Technical Support Specialist
Network Services (NET) Network Operations Specialist
Systems Administration (ADM) System Administrator
Systems Analysis (ANA) Systems Security Analyst
Oversee and Govern (OV)
Legal Advice and Advocacy (LGA) Cyber Legal Advisor
Privacy Officer/Privacy Compliance Manager
Training, Education, and Awareness (TEA) Cyber Instructional Curriculum Developer
Cyber Instructor
Cybersecurity Management (MGT) Information Systems Security Manager
COMSEC Manager
Strategic Planning and Policy (SPP) Cyber Workforce Developer and Manager
Cyber Policy and Strategy Planner
Executive Cyber Leadership (EXL) Executive Cyber Leadership
Program/Project Management (PMA) and Acquisition Program Manager
IT Project Manager
Product Support Manager
IT Investment/Portfolio Manager
IT Program Auditor
Protect and Defend (PR)
Cybersecurity Defense Analysis (CDA) Cyber Defense Analyst
Cybersecurity Defense Infrastructure Support (INF) Cyber Defense Infrastructure Support Specialist
Incident Response (CIR) Cyber Defense Incident Responder
Vulnerability Assessment and Management (VAM) Vulnerability Assessment Analyst
Analyze (AN)
Threat Analysis (TWA) Threat/Warning Analyst
Exploitation Analysis (EXP) Exploitation Analyst
All-Source Analysis (ASA) All-Source Analyst
Mission Assessment Specialist
Targets (TGT) Target Developer
Target Network Analyst
Language Analysis (LNG) Multi-Disciplined Language Analyst
Collect and Operate (CO)
Collection Operations (CLP) All Source-Collection Manager
All Source-Collection Requirements Manager
Cyber Operational Planning (OPL) Cyber Intel Planner
Cyber Ops Planner
Partner Integration Planner
Cyber Operations (OPS) Cyber Operator
Investigate (IN)
Cyber Investigation (INV) Cyber Crime Investigator
Digital Forensics (FOR) Law Enforcement/CounterIntelligence Forensics Analyst
Cyber Defense Forensics Analyst