National Cybersecurity Workforce Framework
The National Cybersecurity Workforce Framework (Workforce Framework) is the foundation for increasing the size and capability of the US cybersecurity workforce.
NOTE: Framework 1.0 is still active and available here.
Notice for Federal Agencies
A future update to the OPM Guide to Data Element Standards will advise Federal agencies of subsequent changes to the Cybersecurity Category/Specialty Area Data Element Standard that may be required by the NICE Framework, version 2.0 (May 2014).
What is the Workforce Framework?
The Workforce Framework is a national resource that categorizes, organizes, and describes cybersecurity work. The National Initiative for Cybersecurity Education (NICE) developed the Workforce Framework to provide educators, students, employers, employees, training providers and policy makers with a systematic way to for organizing the way we think and talk about cybersecurity work, and what is required of the cybersecurity workforce.
When degrees, jobs, training and certifications are aligned to the Workforce Framework:
- Colleges and Training Vendors can create programs that are aligned to jobs,
- Students will graduate with knowledge and skills that employers need,
- Employers will recruit from a larger pool of more qualified candidates,
- Employees will have more defined career paths and opportunities, and
- Policy makers can set standards to evolve the field
Click on the "Explore the Workforce Framework" button to discover the Workforce Framework's Specialty Areas, knowledge, skills and abilities (KSAs), and tasks
The Workforce Framework describes cybersecurity work irrespective of organizational structures, job titles, or idiosyncratic conventions. “Categories” and “Specialty Areas” were used to hierarchically organize similar types of work. Categories provide an overarching structure for the Workforce Framework by grouping related Specialty Areas. Each Specialty Area contains typical tasks, KSAs, and sample job titles. Each KSA is linked to a competency.
Why was it developed?
Workers with cybersecurity skills are critical to protecting the digital infrastructures on which much of modern society is built. Industries as diverse as retail, healthcare, manufacturing, and energy all depend on the security and reliability of cyberspace. With the nation facing new and dynamic risks, threats, and vulnerabilities, a highly skilled cybersecurity workforce capable of responding to these challenges is needed now more than ever.
The cybersecurity profession is maturing and growing and cybersecurity roles are becoming more distinct and defined. In the past, employers had to develop customized position descriptions to fill existing capability gaps. Some large employers followed a standard, but different employers followed different standards. This resulted in a disorganized job market.
- Colleges couldn't create programs that were aligned to jobs
- Employers had to often retrain new hires in the specific skills required
- Students didn't have clear job prospects and career opportunities
- Policy makers couldn't effectively develop programs to promote job growth
To effectively coordinate the cybersecurity job market, Colleges, Educators, Employers, Employees and Training Vendors need a standardized way to describe the work encompassed by the term “cybersecurity.” The Workforce Framework is an organized, comprehensive description of the work done by cybersecurity professionals. It is the foundation for increasing the size and capability of the US cybersecurity workforce.
How was it developed?
The National Cybersecurity Workforce Framework effort began in 2010. More than 20 Federal Departments and Agencies contributed to the process. The result was the development of the initial Workforce Framework in 2011.
In 2013, NICE refreshed the Workforce Framework to reflect the evolving cybersecurity field and changes in technology. The updates reflect input from across government, private industry, and academia.
The National Initiative for Cybersecurity Education (NICE) developed the National Cybersecurity Workforce Framework to categorize and define cybersecurity work. NICE is led by the National Institute of Standards and Technology (NIST). NICE raises public awareness, enhances the recruitment, training, and retention of cybersecurity professionals, and promotes cybersecurity education. NICE’s three components and their goals are:
- Enhance Awareness - Raise awareness and improve the nation's ability to be safer and more secure online
- Expand the Pipeline - Increase the quality and quantity of the cybersecurity workforce by determining the merits of professionalization
- Evolve the Field - Develop and maintain and unrivaled and globally competitive national cybersecurity workforce by establishing standards and strategies for cybersecurity training and professional development
Where can you find more information?
To learn more about the Workforce Framework, you can: