Securely Provision

Consults with customers to gather and evaluate functional requirements and translates these requirements into technical solutions. Provides guidance to customers about applicability of information systems to meet business needs.

Below are the roles for this Specialty Area. Click each role to see the KSAs (Knowledge, Skills, and Abilities) and Tasks.

  • A0064: Ability to interpret and translate customer requirements into operational capabilities.
  • A0123: Ability to apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation). 
  • A0170: Ability to identify critical infrastructure systems with information communication technology that were designed without system security considerations. 
  • K0001: Knowledge of computer networking concepts and protocols, and network security methodologies. 
  • K0002: Knowledge of risk management processes (e.g., methods for assessing and mitigating risk). 
  • K0003: Knowledge of laws, regulations, policies, and ethics as they relate to cybersecurity and privacy. 
  • K0004: Knowledge of cybersecurity and privacy principles. 
  • K0005: Knowledge of cyber threats and vulnerabilities. 
  • K0006: Knowledge of specific operational impacts of cybersecurity lapses. 
  • K0008: Knowledge of applicable business processes and operations of customer organizations. 
  • K0012: Knowledge of capabilities and requirements analysis. 
  • K0018: Knowledge of encryption algorithms 
  • K0019: Knowledge of cryptography and cryptographic key management concepts 
  • K0032: Knowledge of resiliency and redundancy. 
  • K0035: Knowledge of installation, integration, and optimization of system components.
  • K0038: Knowledge of cybersecurity and privacy principles used to manage risks related to the use, processing, storage, and transmission of information or data.
  • K0043: Knowledge of industry-standard and organizationally accepted analysis principles and methods. 
  • K0044: Knowledge of cybersecurity and privacy principles and organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation). 
  • K0045: Knowledge of information security systems engineering principles (NIST SP 800-160). 
  • K0047: Knowledge of information technology (IT) architectural concepts and frameworks.
  • K0055: Knowledge of microprocessors. 
  • K0056: Knowledge of network access, identity, and access management (e.g., public key infrastructure, Oauth, OpenID, SAML, SPML). 
  • K0059: Knowledge of new and emerging information technology (IT) and cybersecurity technologies. 
  • K0060: Knowledge of operating systems.
  • K0061: Knowledge of how traffic flows across the network (e.g., Transmission Control Protocol [TCP] and Internet Protocol [IP], Open System Interconnection Model [OSI], Information Technology Infrastructure Library, current version [ITIL]).
  • K0063: Knowledge of parallel and distributed computing concepts.
  • K0066: Knowledge of Privacy Impact Assessments.
  • K0067: Knowledge of process engineering concepts.
  • K0073: Knowledge of secure configuration management techniques.
  • K0074: Knowledge of key concepts in security management (e.g., Release Management, Patch Management).
  • K0086: Knowledge of system design tools, methods, and techniques, including automated systems analysis and design tools.
  • K0087: Knowledge of system software and organizational design standards, policies, and authorized approaches (e.g., International Organization for Standardization [ISO] guidelines) relating to system design.
  • K0090: Knowledge of system life cycle management principles, including software security and usability.
  • K0091: Knowledge of systems testing and evaluation methods.
  • K0093: Knowledge of telecommunications concepts (e.g., Communications channel, Systems Link Budgeting, Spectral efficiency, Multiplexing). 
  • K0101: Knowledge of the organization’s enterprise information technology (IT) goals and objectives.
  • K0102: Knowledge of the systems engineering process.
  • K0126: Knowledge of Supply Chain Risk Management Practices (NIST SP 800-161) 
  • K0163: Knowledge of critical information technology (IT) procurement requirements.
  • K0164: Knowledge of functionality, quality, and security requirements and how these will apply to specific items of supply (i.e., elements and processes).
  • K0168: Knowledge of applicable laws, statutes (e.g., in Titles 10, 18, 32, 50 in U.S. Code), Presidential Directives, executive branch guidelines, and/or administrative/criminal legal guidelines and procedures.
  • K0169: Knowledge of information technology (IT) supply chain security and supply chain risk management policies, requirements, and procedures. 
  • K0170: Knowledge of critical infrastructure systems with information communication technology that were designed without system security considerations. 
  • K0180: Knowledge of network systems management principles, models, methods (e.g., end-to-end systems performance monitoring), and tools. 
  • K0200: Knowledge of service management concepts for networks and related standards (e.g., Information Technology Infrastructure Library, current version [ITIL]).
  • K0267: Knowledge of laws, policies, procedures, or governance relevant to cybersecurity for critical infrastructures. 
  • K0287: Knowledge of an organization's information classification program and procedures for information compromise. 
  • K0325: Knowledge of Information Theory (e.g., source coding, channel coding, algorithm complexity theory, and data compression).
  • K0332: Knowledge of network protocols such as TCP/IP, Dynamic Host Configuration, Domain Name System (DNS), and directory services.
  • K0333: Knowledge of network design processes, to include understanding of security objectives, operational objectives, and trade-offs.
  • K0622: Knowledge of controls related to the use, processing, storage, and transmission of data. 
  • S0005: Skill in applying and incorporating information technologies into proposed solutions.
  • S0006: Skill in applying confidentiality, integrity, and availability principles.
  • S0008: Skill in applying organization-specific systems analysis principles and techniques.
  • S0010: Skill in conducting capabilities and requirements analysis.
  • S0050: Skill in design modeling and building use cases (e.g., unified modeling language).
  • S0134: Skill in conducting reviews of systems.
  • S0367: Skill to apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation). 
  • T0033: Conduct risk analysis, feasibility study, and/or trade-off analysis to develop, document, and refine functional requirements and specifications.
  • T0039: Consult with customers to evaluate functional requirements.
  • T0045: Coordinate with systems architects and developers, as needed, to provide oversight in the development of design solutions.
  • T0052: Define project scope and objectives based on customer requirements.
  • T0062: Develop and document requirements, capabilities, and constraints for design procedures and processes.
  • T0127: Integrate and align information security and/or cybersecurity policies to ensure that system analysis meets security requirements.
  • T0156: Oversee and make recommendations regarding configuration management.
  • T0174: Perform needs analysis to determine opportunities for new and improved business process solutions.
  • T0191: Prepare use cases to justify the need for specific information technology (IT) solutions.
  • T0235: Translate functional requirements into technical solutions.
  • T0273: Develop and document supply chain risks for critical system elements, as appropriate.
  • T0300: Develop and document User Experience (UX) requirements including information architecture and user interface requirements.
  • T0313: Design and document quality standards.
  • T0325: Document a system's purpose and preliminary system security concept of operations.
  • T0334: Ensure that all systems components can be integrated and aligned (e.g., procedures, databases, policies, software, and hardware).
  • T0454: Define baseline security requirements in accordance with applicable guidelines.
  • T0463: Develop cost estimates for new or modified system(s).
  • T0497: Manage the information technology (IT) planning process to ensure that developed solutions meet customer requirements.
  • Capability Indicators for Systems Requirements Planner
    Category Entry Intermediate Advanced
    Credentials/Certifications
    • Recommended: N/A
    • Example Types: N/A
    • Example Topics: N/A
    • Recommended: Yes
    • Example Types: N/A
    • Example Topics: Certifications addressing IT service management/lifecycle, change management, system security, network infrastructure, access control, cryptography, assessments and audits, organizational security, system engineering, architecture development, and requirements engineering
    • Recommended: Yes
    • Example Topics: Certifications addressing IT service management/lifecycle, change management, security and risk management, asset security, security engineering, communications and network security, identity and access management, security assessment and testing, security operations, software development security, project management (initiating, planning executing, monitoring and controlling, closing), system engineering, architecture development, and requirements engineering
    Continuous Learning
    • Recommended: Not essential but may be beneficial
    • Examples: Job shadowing, receiving mentoring, tutorials, seminars, or workshops
    • Recommended: Yes
    • Examples: 40 hours annually (may include seminars; mentoring an Entry-level coworker with a more advanced manager in the mentoring circle)
    • Recommended: Yes
    • Examples: 40 hours annually (may include seminars; providing mentoring and teaching others)
    Education
    • Recommended: Not essential but may be beneficial (4 years on-the-job experience may substitute education)
    • Example Types: No degree, Associate's, bachelor's
    • Example Topics: Systems engineering, IT, computer science, and business fields
    • Recommended: Yes
    • Example Types: Bachelor's
    • Example Topics: IT and business fields; systems engineering; coursework in communications, liberal arts, and sciences may be beneficial
    • Recommended: Yes
    • Example Types: Master's, Ph.D.
    • Example Topics: Systems engineering; coursework in communication, liberal arts, sciences, security management, and IT leadership may be beneficial
    Experiential Learning
    • Recommended: Yes
    • Examples: Hands on experience with requirements gathering and systems engineering
    • Recommended: Yes
    • Examples: 5 years of relevant experience (a master's may substitute for 2 years of experience); minimum 5 years of hands-on data analytics; 2+ years planning complex activities in an IT environment, requirement vetting and developing, technical formatting; three projects successfully completed demonstrating independent project management capabilities
    • Recommended: Yes
    • Examples: 15+ years of relevant experience, developing and refining requirements among a variety of stakeholders, documenting and presenting requirements for technical and non-technical audiences, including senior management; experience with large-scale complex systems, stakeholder negotiations; successful completion of five diverse projects with outstanding results
    Training
    • Recommended: Yes
    • Example Types: N/A
    • Example Topics: Apprenticeship/hands-on training; business systems requirements documentation, introductory project management with risk management emphasis, computer and system engineering
    • Recommended: Yes
    • Example Types: N/A
    • Example Topics: Minimum 2 years of apprenticeship/hands-on training; systems requirements documentation, computer and system engineering
    • Recommended: Yes
    • Example Types: N/A
    • Example Topics: Hands-on training in complex systems requirements planning and project management, computer and system engineering