NICE Workforce Framework Publication Aligns the Nation’s Cybersecurity Employment Field

Last Published Date: 
July 7, 2017

The public comment period runs through January 6, 2017.

Released: November 2, 2016

Today the U.S. Commerce Department’s National Institute of Standards and Technology (NIST) released a reference resource that will allow our nation to more effectively identify, recruit, develop and maintain its cybersecurity talent. The draft NICE Cybersecurity Workforce Framework (NCWF) (http://go.usa.gov/xk6Ag) provides a common language to categorize and describe cybersecurity work that will help organizations build a strong workforce to protect their systems and data.

Cybersecurity is still a new and rapidly developing field in which job titles vary from sector to sector and the way work roles are described is inconsistent from organization to organization. The NCWF can be viewed as a cybersecurity workforce dictionary that helps employers, educators, trainers, students and those in the workforce to use consistent terms to describe cybersecurity work. It can serve as a reference resource to help organizations define and share information about the cybersecurity workforce in a detailed, consistent and descriptive way.

In addition to helping organizations recruit, train and retain a qualified cybersecurity workforce, the NCWF will also serve as a building block for the development of training standards and individual career plans.

The NICE workforce framework was developed through a partnership between the NIST-led National Initiative for Cybersecurity Education (NICE), the U.S. Department of Homeland Security, and the Department of Defense and is the culmination of many years of collaboration between industry, government and academia.

The NCWF organizes the workforce into an overarching structure of seven high-level categories that group work and workers that share common functions. The seven categories are made up of more than 30 specialty areas such as “Incident Response” and “Legal Advice and Advocacy.”  Some specialty areas map to a single work role and others contain more than one work role. The more than 50 work roles defined in the framework are each defined by extensive sets of related knowledge, skills and abilities (KSAs) and tasks.

Federal agencies will soon be using the NCWF to identify its cybersecurity workforce as called for by the Federal Cybersecurity Workforce Assessment in the Cybersecurity Act of 2015 (Division N, Consolidated Appropriations Act, 2016).

Authors of the draft NICE Cybersecurity Workforce Framework (NCWF), NIST Special Publication 800-181, encourage readers to comment on the document, with an eye to ensuring that it applies to cybersecurity workforce needs of the entire nation. Suggestions for new tasks and KSAs are expected to allow the document to address all of our cybersecurity workforce needs.

The public comment period runs through January 6, 2017, and comments may be sent to ncwf@nist.gov.