Systems Requirements Planning
Consults with customers to gather and evaluate functional requirements and translates these requirements into technical solutions. Provides guidance to customers about applicability of information systems to meet business needs.
Below are the roles for this Specialty Area. Click each role to see the KSAs (Knowledge, Skills, and Abilities) and Tasks.
Consults with customers to evaluate functional requirements and translate functional requirements into technical solutions.
Ability to interpret and translate customer requirements into operational capabilities.
Ability to apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).
Ability to identify critical infrastructure systems with information communication technology that were designed without system security considerations.
Knowledge of computer networking concepts and protocols, and network security methodologies.
Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).
Knowledge of laws, regulations, policies, and ethics as they relate to cybersecurity and privacy.
Knowledge of cybersecurity and privacy principles.
Knowledge of cyber threats and vulnerabilities.
Knowledge of specific operational impacts of cybersecurity lapses.
Knowledge of applicable business processes and operations of customer organizations.
Knowledge of capabilities and requirements analysis.
Knowledge of encryption algorithms
Knowledge of cryptography and cryptographic key management concepts
Knowledge of resiliency and redundancy.
Knowledge of installation, integration, and optimization of system components.
Knowledge of cybersecurity and privacy principles used to manage risks related to the use, processing, storage, and transmission of information or data.
Knowledge of industry-standard and organizationally accepted analysis principles and methods.
Knowledge of cybersecurity and privacy principles and organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).
Knowledge of information security systems engineering principles (NIST SP 800-160).
Knowledge of information technology (IT) architectural concepts and frameworks.
Knowledge of microprocessors.
Knowledge of network access, identity, and access management (e.g., public key infrastructure, Oauth, OpenID, SAML, SPML).
Knowledge of new and emerging information technology (IT) and cybersecurity technologies.
Knowledge of operating systems.
Knowledge of how traffic flows across the network (e.g., Transmission Control Protocol [TCP] and Internet Protocol [IP], Open System Interconnection Model [OSI], Information Technology Infrastructure Library, current version [ITIL]).
Knowledge of parallel and distributed computing concepts.
Knowledge of Privacy Impact Assessments.
Knowledge of process engineering concepts.
Knowledge of secure configuration management techniques.
Knowledge of key concepts in security management (e.g., Release Management, Patch Management).
Knowledge of system design tools, methods, and techniques, including automated systems analysis and design tools.
Knowledge of system software and organizational design standards, policies, and authorized approaches (e.g., International Organization for Standardization [ISO] guidelines) relating to system design.
Knowledge of system life cycle management principles, including software security and usability.
Knowledge of systems testing and evaluation methods.
Knowledge of telecommunications concepts (e.g., Communications channel, Systems Link Budgeting, Spectral efficiency, Multiplexing).
Knowledge of the organization’s enterprise information technology (IT) goals and objectives.
Knowledge of the systems engineering process.
Knowledge of Supply Chain Risk Management Practices (NIST SP 800-161)
Knowledge of critical information technology (IT) procurement requirements.
Knowledge of functionality, quality, and security requirements and how these will apply to specific items of supply (i.e., elements and processes).
Knowledge of applicable laws, statutes (e.g., in Titles 10, 18, 32, 50 in U.S. Code), Presidential Directives, executive branch guidelines, and/or administrative/criminal legal guidelines and procedures.
Knowledge of information technology (IT) supply chain security and supply chain risk management policies, requirements, and procedures.
Knowledge of critical infrastructure systems with information communication technology that were designed without system security considerations.
Knowledge of network systems management principles, models, methods (e.g., end-to-end systems performance monitoring), and tools.
Knowledge of service management concepts for networks and related standards (e.g., Information Technology Infrastructure Library, current version [ITIL]).
Knowledge of laws, policies, procedures, or governance relevant to cybersecurity for critical infrastructures.
Knowledge of an organization's information classification program and procedures for information compromise.
Knowledge of Information Theory (e.g., source coding, channel coding, algorithm complexity theory, and data compression).
Knowledge of network protocols such as TCP/IP, Dynamic Host Configuration, Domain Name System (DNS), and directory services.
Knowledge of network design processes, to include understanding of security objectives, operational objectives, and trade-offs.
Knowledge of controls related to the use, processing, storage, and transmission of data.
Skill in applying and incorporating information technologies into proposed solutions.
Skill in applying confidentiality, integrity, and availability principles.
Skill in applying organization-specific systems analysis principles and techniques.
Skill in conducting capabilities and requirements analysis.
Skill in design modeling and building use cases (e.g., unified modeling language).
Skill in conducting reviews of systems.
Skill to apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).
Conduct risk analysis, feasibility study, and/or trade-off analysis to develop, document, and refine functional requirements and specifications.
Consult with customers to evaluate functional requirements.
Coordinate with systems architects and developers, as needed, to provide oversight in the development of design solutions.
Define project scope and objectives based on customer requirements.
Develop and document requirements, capabilities, and constraints for design procedures and processes.
Integrate and align information security and/or cybersecurity policies to ensure that system analysis meets security requirements.
Oversee and make recommendations regarding configuration management.
Perform needs analysis to determine opportunities for new and improved business process solutions.
Prepare use cases to justify the need for specific information technology (IT) solutions.
Translate functional requirements into technical solutions.
Develop and document supply chain risks for critical system elements, as appropriate.
Develop and document User Experience (UX) requirements including information architecture and user interface requirements.
Design and document quality standards.
Document a system's purpose and preliminary system security concept of operations.
Ensure that all systems components can be integrated and aligned (e.g., procedures, databases, policies, software, and hardware).
Define baseline security requirements in accordance with applicable guidelines.
Develop cost estimates for new or modified system(s).
Manage the information technology (IT) planning process to ensure that developed solutions meet customer requirements.