This publication describes the National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework (NICE Framework), a reference structure that describes the interdisciplinary nature of the cybersecurity work. It serves as a fundamental reference resource for describing and sharing information about cybersecurity work and the knowledge, skills, and abilities (KSAs) needed to complete tasks that can strengthen the cybersecurity posture of an organization. As a common, consistent lexicon that categorizes and describes cybersecurity work, the NICE Framework improves communication about how to identify, recruit, develop, and retain cybersecurity talent. The NICE Framework is a reference source from which organizations or sectors can develop additional publications or tools that meet their needs to define or provide guidance on different aspects of cybersecurity workforce development, planning, training, and education.
The National Initiative for Cybersecurity Education (NICE), led by the National Institute of Standards and Technology (NIST) of the U.S. Department of Commerce, is a partnership between government, academia, and the private sector working to energize and promote a robust network and an ecosystem of cybersecurity education, training, and workforce development. NICE fulfills this mission by coordinating with government, academic, and industry partners to build on existing successful programs, facilitate change and innovation, and bring leadership and vision to increase the number of skilled cybersecurity professionals helping to keep our nation secure.
NICE is committed to cultivating an integrated cybersecurity workforce that is globally competitive from hire to retire and prepared to protect our nation from existing and emerging cybersecurity challenges. NICE promotes nationwide initiatives that increase the number of people with the knowledge, skills, and abilities to perform the tasks required for cybersecurity work.
As threats that exploit vulnerabilities in our cyberinfrastructure grow and evolve, an integrated cybersecurity workforce must be capable of designing, developing, implementing, and maintaining defensive and offensive cyber strategies. An integrated cybersecurity workforce includes technical and nontechnical roles that are staffed with knowledgeable and experienced people. An integrated cybersecurity workforce can address the cybersecurity challenges inherent to preparing their organizations to successfully implement aspects of their missions and business processes connected to cyberspace.
This publication provides a fundamental reference in support of a workforce capable of meeting an organization’s cybersecurity needs by using a common, consistent lexicon to describe cybersecurity work by category, specialty area, and work role. It provides a superset of cybersecurity Knowledge, Skills, and Abilities (KSAs) and Tasks for each work role. The NICE Framework supports consistent organizational and sector communication for cybersecurity education, training, and workforce development.
A user of the NICE Framework will reference it for different aspects of workforce development, education, and/or training purposes, and when that material is used at organizational levels, the user should customize what is pulled from the NICE Framework to standards, regulations, needs, and mission of the user’s organization. The NICE Framework is a reference starting point for the content of guidance and guidelines on career paths, education, training, and credentialing programs.
The NICE Framework is a resource that will strengthen an organization’s ability to communicate consistently and clearly about cybersecurity work and its cybersecurity workforce. Organizations or sectors can develop additional publications or tools that meet their needs to define or provide guidance on different aspects of workforce development, planning, training, and education.