NIST releases draft version of the NICE Framework

NIST's National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework aims to provide organizations with a common vocabulary when describing the role, area of specialty, category of work, and the knowledge, skills, and abilities (KSA) of cybersecurity professionals.

According to the NIST report, "The NICE Cybersecurity Workforce Framework improves communication, about how to identify, recruit, develop, and retain cyber security talent". Employers, recruiters, and guidance counselors, for example, may use the framework as a resource when writing cybersecurity job descriptions, or use it to define with greater clarity the types of IT security professionals in the workforce.

The NICE Framework is comprised of the following components:

• Categories (7) – A high-level grouping of common cybersecurity functions;
• Specialty Areas (33) – Distinct areas of cybersecurity work;
• Work Roles (52) – The most detailed groupings cybersecurity work comprised of specific knowledge, skills, and abilities required to perform tasks in a work role;
  • Knowledge, Skills, and Abilities (KSAs) – Attributes required to perform Tasks, generally demonstrated through relevant experience or performance-based education and training.
  • Tasks – Specific work activities that could be assigned to a professional working in one of the NICE Framework’s Work Roles.

The next draft of NIST Special Publication 800-16, a Role-Based Model for Federal Information Technology/Cybersecurity Training (Fall 2017), will include cybersecurity competencies that will be linked with components of the NICE Framework.

Download the NICE Cybersecurity Workforce Framework (aka the NICE Framework)

Source: www.nist.gov, www.darkreading.com