The National Cybersecurity Workforce Framework
Defining the Cybersecurity workforce Defining the cybersecurity population using common, standardized labels and definitions is an essential step in ensuring that our country is able to educate, recruit, train, develop, and retain a highly-qualified workforce.
The NICE, in collaboration with federal government agencies, public and private experts and organizations, and industry partners, has published version 1.0 of the National Cybersecurity Workforce Framework (“the Framework”) to provide a common understanding of and lexicon for cybersecurity work. The National Cybersecurity Workforce Framework establishes the common taxonomy and lexicon that is to be used to describe all cybersecurity work and workers irrespective of where or for whom the work is performed.
The Framework is intended to be applied in the public, private, and academic sectors. Use of the Framework does not require that organizations change organizational or occupational structures. In fact, the Framework was developed because requiring such changes would be costly, impractical, ineffective, and inefficient. The Framework is agnostic to the particulars of a given organization and is overarching by design so that it can be overlaid onto any existing occupational structure to facilitate achieving an agile, highly-qualified cybersecurity workforce.
The Framework consists of thirty-one specialty areas organized into seven categories. These categories, serving as an overarching structure for the Framework, group related specialty areas together. In essence, specialty areas in a given category are typically more similar to one another than to specialty areas in other categories. Within each specialty area, typical tasks and knowledges, skills, and abilities (KSAs) are provided. This interactive document provides the Framework in its entirety.