Workforce Framework for Cybersecurity (NICE Framework)

Executive Summary

Each of us—individually and organizationally—performs important work that provides a contribution to society. However, as information and technology, including many evolving types of operational technology, grow increasingly complex and interconnected it can be difficult to clearly describe the work that is being performed or that we desire to accomplish, in these areas in particular. The National Initiative for Cybersecurity Education (NICE) recognizes that those performing cybersecurity work—including students, job seekers, and employees— are lifelong learners throughout their efforts to emphasize and address cybersecurity implications across many domains. This segment of people is referenced in this document both as “Learners” and at times as the “cybersecurity workforce”, though the latter is not meant to imply that the work roles and content included in the NICE Framework apply only to those fully embedded in the cybersecurity domain. The tasks that these learners perform are further referenced here as “cybersecurity work”, and the Framework provides a means to describing that work with precision to support learner education or training and in the recruitment, hiring, development, and retention of employees. The NICE Framework has been developed to help provide a reference taxonomy—that is, a common language—of the cybersecurity work and of the individuals who carry out that work. The NICE Framework supports the NICE mission to energize, promote, and coordinate a robust community working together to advance an integrated ecosystem of cybersecurity education, training, and workforce development. The NICE Framework provides a set of building blocks for describing the tasks, knowledge, and skills that are needed to perform cybersecurity work performed by individuals and teams. Through these building blocks, the NICE Framework enables organizations to develop their workforces to perform cybersecurity work, and it helps learners to explore cybersecurity work and to engage in appropriate learning activities to develop their knowledge and skills. This development, in turn, benefits employers and employees through the identification of career pathways that document how to prepare for cybersecurity work using the data of Task, Knowledge, and Skill (TKS) statements bundled into Work Roles and Competencies.

The use of common terms and language helps to organize and communicate the work to be done and the attributes of those that are qualified to perform that work. In this way, the NICE Framework helps to simplify communications and provide focus on the tasks at hand. Finally, use of the NICE Framework improves clarity and consistency at all organizational levels—from an individual to a technology system to a program, organization, sector, state, or nation.