Visible to the public NICE Program Office posts Draft Cybersecurity Workforce Framework (NIST SP 800-181) for public commentsConflict Detection Enabled

Submitted by wdnewho on Fri, 12/09/2016 - 2:07pm

The U.S. Commerce Department's National Institute of Standards and Technology (NIST) released a reference resource that will help U.S. employers more effectively identify, recruit, develop and maintain cybersecurity talent. The draft NICE Cybersecurity Workforce Framework (NCWF) provides a common language to categorize and describe cybersecurity work to help organizations build a strong staff to protect their systems and data.

Cybersecurity is still a nascent and rapidly developing field in which job titles and role descriptions vary from organization to organization and sector to sector. The NCWF can be viewed as a cybersecurity workforce dictionary that will help organizations define and share information in a detailed, consistent and descriptive way.

The NICE workforce framework was developed by the NIST-led National Initiative for Cybersecurity Education (NICE) and is the culmination of many years of collaboration between industry, government and academia. NICE focused teammates from the U.S. Departments of Defense and Homeland Security are co-authors.

The NCWF was designed to serve several key groups, including employers, current cybersecurity staff, students and workers considering a career in the field, educators and workforce trainers and technology providers.

In addition to being the common lexicon that helps educate, recruit, train and retain a qualified cybersecurity workforce, the NCWF will serve as a building block for the identification of training programs, as well as for individual career planning. It will also allow organizations to develop a more realistic image of their cybersecurity workforce when used as a reference towards cybersecurity workforce assessment.

The NCWF organizes the workforce into an overarching structure of seven high-level categories that group work and workers sharing common functions. Two examples are "Oversight and Govern" and "Protect and Defend." The seven categories are made up of more than 30 specialty areas such as "Incident Response" and "Legal Advice and Advocacy." Some specialty areas map to a single work role and others are contained in more than one work role.

The more than 50 work roles defined in the framework include "cyber legal advisor" and "vulnerability analyst." Each work role is defined by extensive sets of related knowledge, skills and abilities (KSAs) and tasks.

The federal government will soon be using the NCWF to identify its cybersecurity workforce, as directed by the Federal Cybersecurity Workforce Assessment Act of 2015 .

Terminology from the NCWF has already been incorporated into two new online resources for the cybersecurity field: the CyberSeek jobs map graphically displays the nation's cybersecurity job demand and availability; and the Career Pathway, which can help students or job seekers new to the field develop career plans.

Visit this page http://csrc.nist.gov/publications/PubsDrafts.html#SP-800-181 to find the comment submission template and the NCWF.

The authors are particularly interested in suggestions for new tasks and KSAs, to help ensure the final version addresses cybersecurity workforce needs throughout the U.S.