Cybersecurity Workforce Framework

Cybersecurity Workforce Framework

The National Cybersecurity Workforce Framework provides a blueprint to categorize, organize, and describe cybersecurity work into Specialty Areas, tasks, and knowledge, skills, and abilities (KSAs).  The Workforce Framework provides a common language to speak about cyber roles and jobs and helps define personal requirements in cybersecurity.

The Workforce Framework organizes cybersecurity into seven high-level Categories, each comprised of several Specialty Areas.

Framework Categories

Within the Framework, there are seven Categories, each comprising of several Specialty Areas. This organizing structure is based on extensive job analyses that groups together work and workers that share common major functions, regardless of job titles or other occupational terms.

Click on each Category Link to see the Specialty Areas.

Icon with a graphAnalyze

Specialty areas responsible for highly specialized review and evaluation of incoming cybersecurity information to determine its usefulness for intelligence.

  • All Source Intelligence

Analyzes threat information from multiple sources, disciplines, and agencies across the Intelligence Community. Synthesizes and places intelligence information in context; draws insights about the possible implications.

  • Exploitation Analysis

Analyzes collected information to identify vulnerabilities and potential for exploitation.

  • Targets

Applies current knowledge of one or more regions, countries, non-state entities, and/or technologies.

  • Threat Analysis

Identifies and assesses the capabilities and activities of cyber criminals or foreign intelligence entities; produces findings to help initialize or support law enforcement and counterintelligence investigations or activities.


Icon with the database server image.Collect and Operate

Specialty areas responsible for specialized denial and deception operations and collection of cybersecurity information that may be used to develop intelligence.


Icon with the binary code and magnifying glass images.Investigate

Specialty areas responsible for the investigation of cyber events and/or crimes of IT systems, networks, and digital evidence.


Icon with a hammer and wrench in x shape image.Operate and Maintain

Specialty areas responsible for providing the support, administration, and maintenance necessary to ensure effective and efficient IT system performance and security.


Icon with magnifying glass imageOversight and Development

Oversight and Development – Specialty areas providing leadership, management, direction, and/or development and advocacy so that all individuals and the organization may effectively conduct cybersecurity work.


Icon that has a shield inside image.Protect and Defend

Specialty areas responsible for the identification, analysis, and mitigation of threats to internal IT systems or networks.


Icon that is a padlock image.Securely Provision

Specialty areas concerned with conceptualizing, designing, and building secure IT systems, with responsibility for some aspect of the systems’ development

Share this Article

Share on facebook
Share on google
Share on twitter
Share on linkedin
Share on pinterest
Share on print
Share on email
Table of Contents
2060-D Avenida de Los Arboles, Suite 771 Thousand Oaks, CA  91362 | (866) 420.4573

Generic filters

Scroll to Top