Page: Show Framework

NICE Framework

NICE
The National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework (NICE Framework), a reference structure that describes the interdisciplinary nature of the cybersecurity work. It serves as a fundamental reference resource for describing and sharing information about cybersecurity work and the knowledge, skills, and abilities (KSAs) needed to complete tasks that can strengthen the cybersecurity posture of an organization. As a common, consistent lexicon that categorizes and describes cybersecurity work, the NICE Framework improves communication about how to identify, recruit, develop, and retain cybersecurity talent. The NICE Framework is a reference source from which organizations or sectors can develop additional publications or tools that meet their needs to define or provide guidance on different aspects of cybersecurity workforce development, planning, training, and education.

Framework Tasks For NICE

Framework Name Description Show
NICE T0001 Acquire and manage the necessary resources, including leadership support, financial resources, and key security personnel, to support information technology (IT) security goals and objectives and reduce overall organizational risk. Show
NICE T0002 Acquire necessary resources, including financial resources, to conduct an effective enterprise continuity of operations program. Show
NICE T0003 Advise senior management (e.g., Chief Information Officer [CIO]) on risk levels and security posture. Show
NICE T0004 Advise senior management (e.g., CIO) on cost/benefit analysis of information security programs, policies, processes, systems, and elements. Show
NICE T0005 Advise appropriate senior leadership or Authorizing Official of changes affecting the organization's cybersecurity posture. Show
NICE T0006 Advocate organization's official position in legal and legislative proceedings. Show
NICE T0007 Analyze and define data requirements and specifications. Show
NICE T0008 Analyze and plan for anticipated changes in data capacity requirements. Show
NICE T0009 Analyze information to determine, recommend, and plan the development of a new application or modification of an existing application. Show
NICE T0010 Analyze organization's cyber defense policies and configurations and evaluate compliance with regulations and organizational directives. Show
NICE T0011 Analyze user needs and software requirements to determine feasibility of design within time and cost constraints. Show
NICE T0012 Analyze design constraints, analyze trade-offs and detailed system and security design, and consider life cycle support. Show
NICE T0013 Apply coding and testing standards, apply security testing tools including "'fuzzing" static-analysis code scanning tools, and conduct code reviews. Show
NICE T0014 Apply secure code documentation. Show
NICE T0015 Apply security policies to applications that interface with one another, such as Business-to-Business (B2B) applications. Show
NICE T0016 Apply security policies to meet security objectives of the system. Show
NICE T0017 Apply service-oriented security architecture principles to meet organization's confidentiality, integrity, and availability requirements. Show
NICE T0018 Assess the effectiveness of cybersecurity measures utilized by system(s). Show
NICE T0019 Assess threats to and vulnerabilities of computer system(s) to develop a security risk profile. Show
NICE T0020 Develop content for cyber defense tools. Show
NICE T0021 Build, test, and modify product prototypes using working models or theoretical models. Show
NICE T0022 Capture security controls used during the requirements phase to integrate security within the process, to identify key security objectives, and to maximize software security while minimizing disruption to plans and schedules. Show
NICE T0023 Characterize and analyze network traffic to identify anomalous activity and potential threats to network resources. Show
NICE T0024 Collect and maintain data needed to meet system cybersecurity reporting. Show
NICE T0025 Communicate the value of information technology (IT) security throughout all levels of the organization stakeholders. Show
NICE T0026 Compile and write documentation of program development and subsequent revisions, inserting comments in the coded instructions so others can understand the program. Show
NICE T0027 Conduct analysis of log files, evidence, and other information to determine best methods for identifying the perpetrator(s) of a network intrusion. Show
NICE T0028 Conduct and/or support authorized penetration testing on enterprise network assets. Show
NICE T0029 Conduct functional and connectivity testing to ensure continuing operability. Show
NICE T0030 Conduct interactive training exercises to create an effective learning environment. Show
NICE T0031 Conduct interviews of victims and witnesses and conduct interviews or interrogations of suspects. Show
NICE T0032 Conduct Privacy Impact Assessments (PIAs) of the application’s security design for the appropriate security controls, which protect the confidentiality and integrity of Personally Identifiable Information (PII). Show
NICE T0033 Conduct risk analysis, feasibility study, and/or trade-off analysis to develop, document, and refine functional requirements and specifications. Show
NICE T0034 Confer with systems analysts, engineers, programmers, and others to design application and to obtain information on project limitations and capabilities, performance requirements, and interfaces. Show
NICE T0035 Configure and optimize network hubs, routers, and switches (e.g., higher-level protocols, tunneling). Show
NICE T0036 Confirm what is known about an intrusion and discover new information, if possible, after identifying intrusion via dynamic analysis. Show
NICE T0037 Construct access paths to suites of information (e.g., link pages) to facilitate access by end-users. Show
NICE T0038 Develop threat model based on customer interviews and requirements. Show
NICE T0039 Consult with customers to evaluate functional requirements. Show
NICE T0040 Consult with engineering staff to evaluate interface between hardware and software. Show
NICE T0041 Coordinate and provide expert technical support to enterprise-wide cyber defense technicians to resolve cyber defense incidents. Show
NICE T0042 Coordinate with Cyber Defense Analysts to manage and administer the updating of rules and signatures (e.g., intrusion detection/protection systems, antivirus, and content blacklists) for specialized cyber defense applications. Show
NICE T0043 Coordinate with enterprise-wide cyber defense staff to validate network alerts. Show
NICE T0044 Collaborate with stakeholders to establish the enterprise continuity of operations program, strategy, and mission assurance. Show
NICE T0045 Coordinate with systems architects and developers, as needed, to provide oversight in the development of design solutions. Show
NICE T0046 Correct errors by making appropriate changes and rechecking the program to ensure that desired results are produced. Show
NICE T0047 Correlate incident data to identify specific vulnerabilities and make recommendations that enable expeditious remediation. Show
NICE T0048 Create a forensically sound duplicate of the evidence (i.e., forensic image) that ensures the original evidence is not unintentionally modified, to use for data recovery and analysis processes. This includes, but is not limited to, hard drives, floppy diskettes, CDs, PDAs, mobile phones, GPS, and all tape formats. Show
NICE T0049 Decrypt seized data using technical means. Show
NICE T0050 Define and prioritize essential system capabilities or business functions required for partial or full system restoration after a catastrophic failure event. Show
NICE T0051 Define appropriate levels of system availability based on critical system functions and ensure that system requirements identify appropriate disaster recovery and continuity of operations requirements to include any appropriate fail-over/alternate site requirements, backup requirements, and material supportability requirements for system recover/restoration. Show
NICE T0052 Define project scope and objectives based on customer requirements. Show
NICE T0053 Design and develop cybersecurity or cybersecurity-enabled products. Show
NICE T0054 Design group policies and access control lists to ensure compatibility with organizational standards, business rules, and needs. Show
NICE T0055 Design hardware, operating systems, and software applications to adequately address cybersecurity requirements. Show
NICE T0056 Design or integrate appropriate data backup capabilities into overall system designs, and ensure that appropriate technical and procedural processes exist for secure system backups and protected storage of backup data. Show
NICE T0057 Design, develop, and modify software systems, using scientific analysis and mathematical models to predict and measure outcome and consequences of design. Show
NICE T0058 Determine level of assurance of developed capabilities based on test results. Show
NICE T0059 Develop a plan to investigate alleged crime, violation, or suspicious activity utilizing computers and the Internet. Show
NICE T0060 Develop an understanding of the needs and requirements of information end-users. Show
NICE T0061 Develop and direct system testing and validation procedures and documentation. Show
NICE T0062 Develop and document requirements, capabilities, and constraints for design procedures and processes. Show
NICE T0063 Develop and document systems administration standard operating procedures. Show
NICE T0064 Review and validate data mining and data warehousing programs, processes, and requirements. Show
NICE T0065 Develop and implement network backup and recovery procedures. Show
NICE T0066 Develop and maintain strategic plans. Show
NICE T0067 Develop architectures or system components consistent with technical specifications. Show
NICE T0068 Develop data standards, policies, and procedures. Show
NICE T0069 Develop detailed security design documentation for component and interface specifications to support system design and development. Show
NICE T0070 Develop Disaster Recovery and Continuity of Operations plans for systems under development and ensure testing prior to systems entering a production environment. Show
NICE T0071 Develop/integrate cybersecurity designs for systems and networks with multilevel security requirements or requirements for the processing of multiple classification levels of data primarily applicable to government organizations (e.g., UNCLASSIFIED, SECRET, and TOP SECRET). Show
NICE T0072 Develop methods to monitor and measure risk, compliance, and assurance efforts. Show
NICE T0073 Develop new or identify existing awareness and training materials that are appropriate for intended audiences. Show
NICE T0074 Develop policy, programs, and guidelines for implementation. Show
NICE T0075 Provide technical summary of findings in accordance with established reporting procedures. Show
NICE T0076 Develop risk mitigation strategies to resolve vulnerabilities and recommend security changes to system or system components as needed. Show
NICE T0077 Develop secure code and error handling. Show
NICE T0078 Develop specific cybersecurity countermeasures and risk mitigation strategies for systems and/or applications. Show
NICE T0079 Develop specifications to ensure that risk, compliance, and assurance efforts conform with security, resilience, and dependability requirements at the software application, system, and network environment level. Show
NICE T0080 Develop test plans to address specifications and requirements. Show
NICE T0081 Diagnose network connectivity problem. Show
NICE T0082 Document and address organization's information security, cybersecurity architecture, and systems security engineering requirements throughout the acquisition life cycle. Show
NICE T0083 Draft statements of preliminary or residual security risks for system operation. Show
NICE T0084 Employ secure configuration management processes. Show
NICE T0085 Ensure all systems security operations and maintenance activities are properly documented and updated as necessary. Show
NICE T0086 Ensure that the application of security patches for commercial products integrated into system design meet the timelines dictated by the management authority for the intended operational environment. Show
NICE T0087 Ensure that chain of custody is followed for all digital media acquired in accordance with the Federal Rules of Evidence. Show
NICE T0088 Ensure that cybersecurity-enabled products or other compensating security control technologies reduce identified risk to an acceptable level. Show
NICE T0089 Ensure that security improvement actions are evaluated, validated, and implemented as required. Show
NICE T0090 Ensure that acquired or developed system(s) and architecture(s) are consistent with organization's cybersecurity architecture guidelines. Show
NICE T0091 Ensure that cybersecurity inspections, tests, and reviews are coordinated for the network environment. Show
NICE T0092 Ensure that cybersecurity requirements are integrated into the continuity planning for that system and/or organization(s). Show
NICE T0093 Ensure that protection and detection capabilities are acquired or developed using the IS security engineering approach and are consistent with organization-level cybersecurity architecture. Show
NICE T0094 Establish and maintain communication channels with stakeholders. Show
NICE T0095 Establish overall enterprise information security architecture (EISA) with the organization’s overall security strategy. Show
NICE T0096 Establish relationships, if applicable, between the incident response team and other groups, both internal (e.g., legal department) and external (e.g., law enforcement agencies, vendors, public relations professionals). Show
NICE T0097 Evaluate and approve development efforts to ensure that baseline security safeguards are appropriately installed. Show
NICE T0098 Evaluate contracts to ensure compliance with funding, legal, and program requirements. Show
NICE T0099 Evaluate cost/benefit, economic, and risk analysis in decision-making process. Show
NICE T0100 Evaluate factors such as reporting formats required, cost constraints, and need for security restrictions to determine hardware configuration. Show
NICE T0101 Evaluate the effectiveness and comprehensiveness of existing training programs. Show
NICE T0102 Evaluate the effectiveness of laws, regulations, policies, standards, or procedures. Show
NICE T0103 Examine recovered data for information of relevance to the issue at hand. Show
NICE T0104 Fuse computer network attack analyses with criminal and counterintelligence investigations and operations. Show
NICE T0105 Identify components or elements, allocate security functions to those elements, and describe the relationships between the elements. Show
NICE T0106 Identify alternative information security strategies to address organizational security objective. Show
NICE T0107 Identify and direct the remediation of technical problems encountered during testing and implementation of new systems (e.g., identify and find work-arounds for communication protocols that are not interoperable). Show
NICE T0108 Identify and prioritize critical business functions in collaboration with organizational stakeholders. Show
NICE T0109 Identify and prioritize essential system functions or sub-systems required to support essential capabilities or business functions for restoration or recovery after a system failure or during a system recovery event based on overall system requirements for continuity and availability. Show
NICE T0110 Identify and/or determine whether a security incident is indicative of a violation of law that requires specific legal action. Show
NICE T0111 Identify basic common coding flaws at a high level. Show
NICE T0112 Identify data or intelligence of evidentiary value to support counterintelligence and criminal investigations. Show
NICE T0113 Identify digital evidence for examination and analysis in such a way as to avoid unintentional alteration. Show
NICE T0114 Identify elements of proof of the crime. Show
NICE T0115 Identify information technology (IT) security program implications of new technologies or technology upgrades. Show
NICE T0116 Identify organizational policy stakeholders. Show
NICE T0117 Identify security implications and apply methodologies within centralized and decentralized environments across the enterprise’s computer systems in software development. Show
NICE T0118 Identify security issues around steady state operation and management of software and incorporate security measures that must be taken when a product reaches its end of life. Show
NICE T0119 Identify, assess, and recommend cybersecurity or cybersecurity-enabled products for use within a system and ensure that recommended products are in compliance with organization's evaluation and validation requirements. Show
NICE T0120 Identify, collect, and seize documentary or physical evidence, to include digital media and logs associated with cyber intrusion incidents, investigations, and operations. Show
NICE T0121 Implement new system design procedures, test procedures, and quality standards. Show
NICE T0122 Implement security designs for new or existing system(s). Show
NICE T0123 Implement specific cybersecurity countermeasures for systems and/or applications. Show
NICE T0124 Incorporate cybersecurity vulnerability solutions into system designs (e.g., Cybersecurity Vulnerability Alerts). Show
NICE T0125 Install and maintain network infrastructure device operating system software (e.g., IOS, firmware). Show
NICE T0126 Install or replace network hubs, routers, and switches. Show
NICE T0127 Integrate and align information security and/or cybersecurity policies to ensure that system analysis meets security requirements. Show
NICE T0128 Integrate automated capabilities for updating or patching system software where practical and develop processes and procedures for manual updating and patching of system software based on current and projected patch timeline requirements for the operational environment of the system. Show
NICE T0129 Integrate new systems into existing network architecture. Show
NICE T0130 Interface with external organizations (e.g., public affairs, law enforcement, Command or Component Inspector General) to ensure appropriate and accurate dissemination of incident and other Computer Network Defense information. Show
NICE T0131 Interpret and apply laws, regulations, policies, standards, or procedures to specific issues. Show
NICE T0132 Interpret and/or approve security requirements relative to the capabilities of new information technologies. Show
NICE T0133 Interpret patterns of noncompliance to determine their impact on levels of risk and/or overall effectiveness of the enterprise’s cybersecurity program. Show
NICE T0134 Lead and align information technology (IT) security priorities with the security strategy. Show
NICE T0135 Lead and oversee information security budget, staffing, and contracting. Show
NICE T0136 Maintain baseline system security according to organizational policies. Show
NICE T0137 Maintain database management systems software. Show
NICE T0138 Maintain deployable cyber defense audit toolkit (e.g., specialized cyber defense software and hardware) to support cyber defense audit missions. Show
NICE T0139 Maintain directory replication services that enable information to replicate automatically from rear servers to forward units via optimized routing. Show
NICE T0140 Maintain information exchanges through publish, subscribe, and alert functions that enable users to send and receive critical information as required. Show
NICE T0141 Maintain information systems assurance and accreditation materials. Show
NICE T0142 Maintain knowledge of applicable cyber defense policies, regulations, and compliance documents specifically related to cyber defense auditing. Show
NICE T0143 Make recommendations based on test results. Show
NICE T0144 Manage accounts, network rights, and access to systems and equipment. Show
NICE T0145 Manage and approve Accreditation Packages (e.g., ISO/IEC 15026-2). Show
NICE T0146 Manage the compilation, cataloging, caching, distribution, and retrieval of data. Show
NICE T0147 Manage the monitoring of information security data sources to maintain organizational situational awareness. Show
NICE T0148 Manage the publishing of Computer Network Defense guidance (e.g., TCNOs, Concept of Operations, Net Analyst Reports, NTSM, MTOs) for the enterprise constituency. Show
NICE T0149 Manage threat or target analysis of cyber defense information and production of threat information within the enterprise. Show
NICE T0150 Monitor and evaluate a system's compliance with information technology (IT) security, resilience, and dependability requirements. Show
NICE T0151 Monitor and evaluate the effectiveness of the enterprise's cybersecurity safeguards to ensure that they provide the intended level of protection. Show
NICE T0152 Monitor and maintain databases to ensure optimal performance. Show
NICE T0153 Monitor network capacity and performance. Show
NICE T0154 Monitor and report the usage of knowledge management assets and resources. Show
NICE T0155 Document and escalate incidents (including event’s history, status, and potential impact for further action) that may cause ongoing and immediate impact to the environment. Show
NICE T0156 Oversee and make recommendations regarding configuration management. Show
NICE T0157 Oversee the information security training and awareness program. Show
NICE T0158 Participate in an information security risk assessment during the Security Assessment and Authorization process. Show
NICE T0159 Participate in the development or modification of the computer environment cybersecurity program plans and requirements. Show
NICE T0160 Patch network vulnerabilities to ensure that information is safeguarded against outside parties. Show
NICE T0161 Perform analysis of log files from a variety of sources (e.g., individual host logs, network traffic logs, firewall logs, and intrusion detection system [IDS] logs) to identify possible threats to network security. Show
NICE T0162 Perform backup and recovery of databases to ensure data integrity. Show
NICE T0163 Perform cyber defense incident triage, to include determining scope, urgency, and potential impact, identifying the specific vulnerability, and making recommendations that enable expeditious remediation. Show
NICE T0164 Perform cyber defense trend analysis and reporting. Show
NICE T0165 Perform dynamic analysis to boot an “image” of a drive (without necessarily having the original drive) to see the intrusion as the user may have seen it, in a native environment. Show
NICE T0166 Perform event correlation using information gathered from a variety of sources within the enterprise to gain situational awareness and determine the effectiveness of an observed attack. Show
NICE T0167 Perform file signature analysis. Show
NICE T0168 Perform hash comparison against established database. Show
NICE T0169 Perform cybersecurity testing of developed applications and/or systems. Show
NICE T0170 Perform initial, forensically sound collection of images and inspect to discern possible mitigation/remediation on enterprise systems. Show
NICE T0171 Perform integrated quality assurance testing for security functionality and resiliency attack. Show
NICE T0172 Perform real-time forensic analysis (e.g., using Helix in conjunction with LiveView). Show
NICE T0173 Perform timeline analysis. Show
NICE T0174 Perform needs analysis to determine opportunities for new and improved business process solutions. Show
NICE T0175 Perform real-time cyber defense incident handling (e.g., forensic collections, intrusion correlation and tracking, threat analysis, and direct system remediation) tasks to support deployable Incident Response Teams (IRTs). Show
NICE T0176 Perform secure programming and identify potential flaws in codes to mitigate vulnerabilities. Show
NICE T0177 Perform security reviews, identify gaps in security architecture, and develop a security risk management plan. Show
NICE T0178 Perform security reviews and identify security gaps in security architecture resulting in recommendations for inclusion in the risk mitigation strategy. Show
NICE T0179 Perform static media analysis. Show
NICE T0180 Perform system administration on specialized cyber defense applications and systems (e.g., antivirus, audit and remediation) or Virtual Private Network (VPN) devices, to include installation, configuration, maintenance, backup, and restoration. Show
NICE T0181 Perform risk analysis (e.g., threat, vulnerability, and probability of occurrence) whenever an application or system undergoes a major change. Show
NICE T0182 Perform tier 1, 2, and 3 malware analysis. Show
NICE T0183 Perform validation steps, comparing actual results with expected results and analyze the differences to identify impact and risks. Show
NICE T0184 Plan and conduct security authorization reviews and assurance case development for initial installation of systems and networks. Show
NICE T0185 Plan and manage the delivery of knowledge management projects. Show
NICE T0186 Plan, execute, and verify data redundancy and system recovery procedures. Show
NICE T0187 Plan and recommend modifications or adjustments based on exercise results or system environment. Show
NICE T0188 Prepare audit reports that identify technical and procedural findings, and provide recommended remediation strategies/solutions. Show
NICE T0189 Prepare detailed workflow charts and diagrams that describe input, output, and logical operation, and convert them into a series of instructions coded in a computer language. Show
NICE T0190 Prepare digital media for imaging by ensuring data integrity (e.g., write blockers in accordance with standard operating procedures). Show
NICE T0191 Prepare use cases to justify the need for specific information technology (IT) solutions. Show
NICE T0192 Prepare, distribute, and maintain plans, instructions, guidance, and standard operating procedures concerning the security of network system(s) operations. Show
NICE T0193 Process crime scenes. Show
NICE T0194 Properly document all systems security implementation, operations, and maintenance activities and update as necessary. Show
NICE T0195 Provide a managed flow of relevant information (via web-based portals or other means) based on mission requirements. Show
NICE T0196 Provide advice on project costs, design concepts, or design changes. Show
NICE T0197 Provide an accurate technical evaluation of the software application, system, or network, documenting the security posture, capabilities, and vulnerabilities against relevant cybersecurity compliances. Show
NICE T0198 Provide daily summary reports of network events and activity relevant to cyber defense practices. Show
NICE T0199 Provide enterprise cybersecurity and supply chain risk management guidance for development of the Continuity of Operations Plans. Show
NICE T0200 Provide feedback on network requirements, including network architecture and infrastructure. Show
NICE T0201 Provide guidelines for implementing developed systems to customers or installation teams. Show
NICE T0202 Provide cybersecurity guidance to leadership. Show
NICE T0203 Provide input on security requirements to be included in statements of work and other appropriate procurement documents. Show
NICE T0204 Provide input to implementation plans and standard operating procedures. Show
NICE T0205 Provide input to the Risk Management Framework process activities and related documentation (e.g., system life-cycle support plans, concept of operations, operational procedures, and maintenance training materials). Show
NICE T0206 Provide leadership and direction to information technology (IT) personnel by ensuring that cybersecurity awareness, basics, literacy, and training are provided to operations personnel commensurate with their responsibilities. Show
NICE T0207 Provide ongoing optimization and problem-solving support. Show
NICE T0208 Provide recommendations for possible improvements and upgrades. Show
NICE T0209 Provide recommendations on data structures and databases that ensure correct and quality production of reports/management information. Show
NICE T0210 Provide recommendations on new database technologies and architectures. Show
NICE T0211 Provide system-related input on cybersecurity requirements to be included in statements of work and other appropriate procurement documents. Show
NICE T0212 Provide technical assistance on digital evidence matters to appropriate personnel. Show
NICE T0213 Provide technical documents, incident reports, findings from computer examinations, summaries, and other situational awareness information to higher headquarters. Show
NICE T0214 Receive and analyze network alerts from various sources within the enterprise and determine possible causes of such alerts. Show
NICE T0215 Recognize a possible security violation and take appropriate action to report the incident, as required. Show
NICE T0216 Recognize and accurately report forensic artifacts indicative of a particular operating system. Show
NICE T0217 Address security implications in the software acceptance phase including completion criteria, risk acceptance and documentation, common criteria, and methods of independent testing. Show
NICE T0218 Recommend new or revised security, resilience, and dependability measures based on the results of reviews. Show
NICE T0219 Recommend resource allocations required to securely operate and maintain an organization’s cybersecurity requirements. Show
NICE T0220 Resolve conflicts in laws, regulations, policies, standards, or procedures. Show
NICE T0221 Review authorization and assurance documents to confirm that the level of risk is within acceptable limits for each software application, system, and network. Show
NICE T0222 Review existing and proposed policies with stakeholders. Show
NICE T0223 Review or conduct audits of information technology (IT) programs and projects. Show
NICE T0224 Review training documentation (e.g., Course Content Documents [CCD], lesson plans, student texts, examinations, Schedules of Instruction [SOI], and course descriptions). Show
NICE T0225 Secure the electronic device or information source. Show
NICE T0226 Serve on agency and interagency policy boards. Show
NICE T0227 Recommend policy and coordinate review and approval. Show
NICE T0228 Store, retrieve, and manipulate data for analysis of system capabilities and requirements. Show
NICE T0229 Supervise or manage protective or corrective measures when a cybersecurity incident or vulnerability is discovered. Show
NICE T0230 Support the design and execution of exercise scenarios. Show
NICE T0231 Provide support to security/certification test and evaluation activities. Show
NICE T0232 Test and maintain network infrastructure including software and hardware devices. Show
NICE T0233 Track and document cyber defense incidents from initial detection through final resolution. Show
NICE T0234 Track audit findings and recommendations to ensure that appropriate mitigation actions are taken. Show
NICE T0235 Translate functional requirements into technical solutions. Show
NICE T0236 Translate security requirements into application design elements including documenting the elements of the software attack surfaces, conducting threat modeling, and defining any specific security criteria. Show
NICE T0237 Troubleshoot system hardware and software. Show
NICE T0238 Extract data using data carving techniques (e.g., Forensic Tool Kit [FTK], Foremost). Show
NICE T0239 Use federal and organization-specific published documents to manage operations of their computing environment system(s). Show
NICE T0240 Capture and analyze network traffic associated with malicious activities using network monitoring tools. Show
NICE T0241 Use specialized equipment and techniques to catalog, document, extract, collect, package, and preserve digital evidence. Show
NICE T0242 Utilize models and simulations to analyze or predict system performance under different operating conditions. Show
NICE T0243 Verify and update security documentation reflecting the application/system security design features. Show
NICE T0244 Verify that application software/network/system security postures are implemented as stated, document deviations, and recommend required actions to correct those deviations. Show
NICE T0245 Verify that the software application/network/system accreditation and assurance documentation is current. Show
NICE T0246 Write and publish cyber defense techniques, guidance, and reports on incident findings to appropriate constituencies. Show
NICE T0247 Write instructional materials (e.g., standard operating procedures, production manual) to provide detailed guidance to relevant portion of the workforce. Show
NICE T0248 Promote awareness of security issues among management and ensure sound security principles are reflected in the organization's vision and goals. Show
NICE T0249 Research current technology to understand capabilities of required system or network. Show
NICE T0250 Identify cyber capabilities strategies for custom hardware and software development based on mission requirements. Show
NICE T0251 Develop security compliance processes and/or audits for external services (e.g., cloud service providers, data centers). Show
NICE T0252 Conduct required reviews as appropriate within environment (e.g., Technical Surveillance, Countermeasure Reviews [TSCM], TEMPEST countermeasure reviews). Show
NICE T0253 Conduct cursory binary analysis. Show
NICE T0254 Oversee policy standards and implementation strategies to ensure procedures and guidelines comply with cybersecurity policies. Show
NICE T0255 Participate in Risk Governance process to provide security risks, mitigations, and input on other technical risk. Show
NICE T0256 Evaluate the effectiveness of procurement function in addressing information security requirements and supply chain risks through procurement activities and recommend improvements. Show
NICE T0257 Determine scope, infrastructure, resources, and data sample size to ensure system requirements are adequately demonstrated. Show
NICE T0258 Provide timely detection, identification, and alerting of possible attacks/intrusions, anomalous activities, and misuse activities and distinguish these incidents and events from benign activities. Show
NICE T0259 Use cyber defense tools for continual monitoring and analysis of system activity to identify malicious activity. Show
NICE T0260 Analyze identified malicious activity to determine weaknesses exploited, exploitation methods, effects on system and information. Show
NICE T0261 Assist in identifying, prioritizing, and coordinating the protection of critical cyber defense infrastructure and key resources. Show
NICE T0262 Employ approved defense-in-depth principles and practices (e.g., defense-in-multiple places, layered defenses, security robustness). Show
NICE T0263 Identify security requirements specific to an information technology (IT) system in all phases of the system life cycle. Show
NICE T0264 Ensure that plans of actions and milestones or remediation plans are in place for vulnerabilities identified during risk assessments, audits, inspections, etc. Show
NICE T0265 Assure successful implementation and functionality of security requirements and appropriate information technology (IT) policies and procedures that are consistent with the organization's mission and goals. Show
NICE T0266 Perform penetration testing as required for new or updated applications. Show
NICE T0267 Design countermeasures and mitigations against potential exploitations of programming language weaknesses and vulnerabilities in system and elements. Show
NICE T0268 Define and document how the implementation of a new system or new interfaces between systems impacts the security posture of the current environment. Show
NICE T0269 Design and develop key management functions (as related to cybersecurity). Show
NICE T0270 Analyze user needs and requirements to plan and conduct system security development. Show
NICE T0271 Develop cybersecurity designs to meet specific operational needs and environmental factors (e.g., access controls, automated applications, networked operations, high integrity and availability requirements, multilevel security/processing of multiple classification levels, and processing Sensitive Compartmented Information). Show
NICE T0272 Ensure that security design and cybersecurity development activities are properly documented (providing a functional description of security implementation) and updated as necessary. Show
NICE T0273 Develop and document supply chain risks for critical system elements, as appropriate. Show
NICE T0274 Create auditable evidence of security measures. Show
NICE T0275 Support necessary compliance activities (e.g., ensure that system security configuration guidelines are followed, compliance monitoring occurs). Show
NICE T0276 Participate in the acquisition process as necessary, following appropriate supply chain risk management practices. Show
NICE T0277 Ensure that all acquisitions, procurements, and outsourcing efforts address information security requirements consistent with organization goals. Show
NICE T0278 Collect intrusion artifacts (e.g., source code, malware, Trojans) and use discovered data to enable mitigation of potential cyber defense incidents within the enterprise. Show
NICE T0279 Serve as technical expert and liaison to law enforcement personnel and explain incident details as required. Show
NICE T0280 Continuously validate the organization against policies/guidelines/procedures/regulations/laws to ensure compliance. Show
NICE T0281 Forecast ongoing service demands and ensure that security assumptions are reviewed as necessary. Show
NICE T0282 Define and/or implement policies and procedures to ensure protection of critical infrastructure as appropriate. Show
NICE T0283 Collaborate with stakeholders to identify and/or develop appropriate solutions technology. Show
NICE T0284 Design and develop new tools/technologies as related to cybersecurity. Show
NICE T0285 Perform virus scanning on digital media. Show
NICE T0286 Perform file system forensic analysis. Show
NICE T0287 Perform static analysis to mount an "image" of a drive (without necessarily having the original drive). Show
NICE T0288 Perform static malware analysis. Show
NICE T0289 Utilize deployable forensics toolkit to support operations as necessary. Show
NICE T0290 Determine tactics, techniques, and procedures (TTPs) for intrusion sets. Show
NICE T0291 Examine network topologies to understand data flows through the network. Show
NICE T0292 Recommend computing environment vulnerability corrections. Show
NICE T0293 Identify and analyze anomalies in network traffic using metadata. Show
NICE T0294 Conduct research, analysis, and correlation across a wide variety of all source data sets (indications and warnings). Show
NICE T0295 Validate intrusion detection system (IDS) alerts against network traffic using packet analysis tools. Show
NICE T0296 Isolate and remove malware. Show
NICE T0297 Identify applications and operating systems of a network device based on network traffic. Show
NICE T0298 Reconstruct a malicious attack or activity based off network traffic. Show
NICE T0299 Identify network mapping and operating system (OS) fingerprinting activities. Show
NICE T0300 Develop and document User Experience (UX) requirements including information architecture and user interface requirements. Show
NICE T0301 Develop and implement cybersecurity independent audit processes for application software/networks/systems and oversee ongoing independent audits to ensure that operational and Research and Design (R&D) processes and procedures are in compliance with organizational and mandatory cybersecurity requirements and accurately followed by Systems Administrators and other cybersecurity staff when performing their day-to-day activities. Show
NICE T0302 Develop contract language to ensure supply chain, system, network, and operational security are met. Show
NICE T0303 Identify and leverage the enterprise-wide version control system while designing and developing secure applications. Show
NICE T0304 Implement and integrate system development life cycle (SDLC) methodologies (e.g., IBM Rational Unified Process) into development environment. Show
NICE T0305 Performs configuration management, problem management, capacity management, and financial management for databases and data management systems. Show
NICE T0306 Supports incident management, service-level management, change management, release management, continuity management, and availability management for databases and data management systems. Show
NICE T0307 Analyze candidate architectures, allocate security services, and select security mechanisms. Show
NICE T0308 Analyze incident data for emerging trends. Show
NICE T0309 Assess the effectiveness of security controls. Show
NICE T0310 Assist in the construction of signatures which can be implemented on cyber defense network tools in response to new or observed threats within the network environment or enclave. Show
NICE T0311 Consult with customers about software system design and maintenance. Show
NICE T0312 Coordinate with intelligence analysts to correlate threat assessment data. Show
NICE T0313 Design and document quality standards. Show
NICE T0314 Develop a system security context, a preliminary system security Concept of Operations (CONOPS), and define baseline system security requirements in accordance with applicable cybersecurity requirements. Show
NICE T0315 Develop and deliver technical training to educate others or meet customer needs. Show
NICE T0316 Develop or assist in the development of computer based training modules or classes. Show
NICE T0317 Develop or assist in the development of course assignments. Show
NICE T0318 Develop or assist in the development of course evaluations. Show
NICE T0319 Develop or assist in the development of grading and proficiency standards. Show
NICE T0320 Assist in the development of individual/collective development, training, and/or remediation plans. Show
NICE T0321 Develop or assist in the development of learning objectives and goals. Show
NICE T0322 Develop or assist in the development of on-the-job training materials or programs. Show
NICE T0323 Develop or assist in the development of written tests for measuring and assessing learner proficiency. Show
NICE T0324 Direct software programming and development of documentation. Show
NICE T0325 Document a system's purpose and preliminary system security concept of operations. Show
NICE T0326 Employ configuration management processes. Show
NICE T0327 Evaluate network infrastructure vulnerabilities to enhance capabilities being developed. Show
NICE T0328 Evaluate security architectures and designs to determine the adequacy of security design and architecture proposed or provided in response to requirements contained in acquisition documents. Show
NICE T0329 Follow software and systems engineering life cycle standards and processes. Show
NICE T0330 Maintain assured message delivery systems. Show
NICE T0331 Maintain incident tracking and solution database. Show
NICE T0332 Notify designated managers, cyber incident responders, and cybersecurity service provider team members of suspected cyber incidents and articulate the event's history, status, and potential impact for further action in accordance with the organization's cyber incident response plan. Show
NICE T0333 Perform cyber defense trend analysis and reporting. Show
NICE T0334 Ensure that all systems components can be integrated and aligned (e.g., procedures, databases, policies, software, and hardware). Show
NICE T0335 Build, install, configure, and test dedicated cyber defense hardware. Show
NICE T0336 WITHDRAWN: Integrated with T0228 Show
NICE T0337 Supervise and assign work to programmers, designers, technologists and technicians, and other engineering and scientific personnel. Show
NICE T0338 Write detailed functional specifications that document the architecture development process. Show
NICE T0339 Lead efforts to promote the organization's use of knowledge management and information sharing. Show
NICE T0340 Act as a primary stakeholder in the underlying information technology (IT) operational processes and functions that support the service, provide direction and monitor all significant activities so the service is delivered successfully. Show
NICE T0341 Advocate for adequate funding for cyber training resources, to include both internal and industry-provided courses, instructors, and related materials. Show
NICE T0342 Analyze data sources to provide actionable recommendations. Show
NICE T0343 Analyze the crisis to ensure public, personal, and resource protection. Show
NICE T0344 Assess all the configuration management (change configuration/release management) processes. Show
NICE T0345 Assess effectiveness and efficiency of instruction according to ease of instructional technology use and student learning, knowledge transfer, and satisfaction. Show
NICE T0346 Assess the behavior of the individual victim, witness, or suspect as it relates to the investigation. Show
NICE T0347 Assess the validity of source data and subsequent findings. Show
NICE T0348 Assist in assessing the impact of implementing and sustaining a dedicated cyber defense infrastructure. Show
NICE T0349 Collect metrics and trending data. Show
NICE T0350 Conduct a market analysis to identify, assess, and recommend commercial, Government off-the-shelf, and open source products for use within a system and ensure recommended products are in compliance with organization's evaluation and validation requirements. Show
NICE T0351 Conduct hypothesis testing using statistical processes. Show
NICE T0352 Conduct learning needs assessments and identify requirements. Show
NICE T0353 Confer with systems analysts, engineers, programmers, and others to design application. Show
NICE T0354 Coordinate and manage the overall service provided to a customer end-to-end. Show
NICE T0355 Coordinate with internal and external subject matter experts to ensure existing qualification standards reflect organizational functional requirements and meet industry standards. Show
NICE T0356 Coordinate with organizational manpower stakeholders to ensure appropriate allocation and distribution of human capital assets. Show
NICE T0357 Create interactive learning exercises to create an effective learning environment. Show
NICE T0358 Design and develop system administration and management functionality for privileged access users. Show
NICE T0359 Design, implement, test, and evaluate secure interfaces between information systems, physical systems, and/or embedded technologies. Show
NICE T0360 Determine the extent of threats and recommend courses of action or countermeasures to mitigate risks. Show
NICE T0361 Develop and facilitate data-gathering methods. Show
NICE T0362 Develop and implement standardized position descriptions based on established cyber work roles. Show
NICE T0363 Develop and review recruiting, hiring, and retention procedures in accordance with current HR policies. Show
NICE T0364 Develop cyber career field classification structure to include establishing career field entry requirements and other nomenclature such as codes and identifiers. Show
NICE T0365 Develop or assist in the development of training policies and protocols for cyber training. Show
NICE T0366 Develop strategic insights from large data sets. Show
NICE T0367 Develop the goals and objectives for cyber curriculum. Show
NICE T0368 Ensure that cyber career fields are managed in accordance with organizational HR policies and directives. Show
NICE T0369 Ensure that cyber workforce management policies and processes comply with legal and organizational requirements regarding equal opportunity, diversity, and fair hiring/employment practices. Show
NICE T0370 Ensure that appropriate Service-Level Agreements (SLAs) and underpinning contracts have been defined that clearly set out for the customer a description of the service and the measures for monitoring the service. Show
NICE T0371 Establish acceptable limits for the software application, network, or system. Show
NICE T0372 Establish and collect metrics to monitor and validate cyber workforce readiness including analysis of cyber workforce data to assess the status of positions identified, filled, and filled with qualified personnel. Show
NICE T0373 Establish and oversee waiver processes for cyber career field entry and training qualification requirements. Show
NICE T0374 Establish cyber career paths to allow career progression, deliberate development, and growth within and between cyber career fields. Show
NICE T0375 Establish manpower, personnel, and qualification data element standards to support cyber workforce management and reporting requirements. Show
NICE T0376 Establish, resource, implement, and assess cyber workforce management programs in accordance with organizational requirements. Show
NICE T0377 Gather feedback on customer satisfaction and internal service performance to foster continual improvement. Show
NICE T0378 Incorporates risk-driven systems maintenance updates process to address system deficiencies (periodically and out of cycle). Show
NICE T0379 Manage the internal relationship with information technology (IT) process owners supporting the service, assisting with the definition and agreement of Operating Level Agreements (OLAs). Show
NICE T0380 Plan instructional strategies such as lectures, demonstrations, interactive exercises, multimedia presentations, video courses, web-based courses for most effective learning environment in conjunction with educators and trainers. Show
NICE T0381 Present technical information to technical and nontechnical audiences. Show
NICE T0382 Present data in creative formats. Show
NICE T0383 Program custom algorithms. Show
NICE T0384 Promote awareness of cyber policy and strategy as appropriate among management and ensure sound principles are reflected in the organization's mission, vision, and goals. Show
NICE T0385 Provide actionable recommendations to critical stakeholders based on data analysis and findings. Show
NICE T0386 Provide criminal investigative support to trial counsel during the judicial process. Show
NICE T0387 Review and apply cyber career field qualification standards. Show
NICE T0388 Review and apply organizational policies related to or influencing the cyber workforce. Show
NICE T0389 Review service performance reports identifying any significant issues and variances, initiating, where necessary, corrective actions and ensuring that all outstanding issues are followed up. Show
NICE T0390 Review/Assess cyber workforce effectiveness to adjust skill and/or qualification standards. Show
NICE T0391 Support integration of qualified cyber workforce personnel into information systems life cycle development processes. Show
NICE T0392 Utilize technical documentation or resources to implement a new mathematical, data science, or computer science method. Show
NICE T0393 Validate specifications and requirements for testability. Show
NICE T0394 Work with other service managers and product owners to balance and prioritize services to meet overall customer requirements, constraints, and objectives. Show
NICE T0395 Write and publish after action reviews. Show
NICE T0396 Process image with appropriate tools depending on analyst’s goals. Show
NICE T0397 Perform Windows registry analysis. Show
NICE T0398 Perform file and registry monitoring on the running system after identifying intrusion via dynamic analysis. Show
NICE T0399 Enter media information into tracking database (e.g., Product Tracker Tool) for digital media that has been acquired. Show
NICE T0400 Correlate incident data and perform cyber defense reporting. Show
NICE T0401 Maintain deployable cyber defense toolkit (e.g., specialized cyber defense software/hardware) to support Incident Response Team mission. Show
NICE T0402 Effectively allocate storage capacity in the design of data management systems. Show
NICE T0403 Read, interpret, write, modify, and execute simple scripts (e.g., Perl, VBScript) on Windows and UNIX systems (e.g., those that perform tasks such as: parsing large data files, automating manual tasks, and fetching/processing remote data). Show
NICE T0404 Utilize different programming languages to write code, open files, read files, and write output to different files. Show
NICE T0405 Utilize open source language such as R and apply quantitative techniques (e.g., descriptive and inferential statistics, sampling, experimental design, parametric and non-parametric tests of difference, ordinary least squares regression, general line). Show
NICE T0406 Ensure that design and development activities are properly documented (providing a functional description of implementation) and updated as necessary. Show
NICE T0407 Participate in the acquisition process as necessary. Show
NICE T0408 Interpret and apply applicable laws, statutes, and regulatory documents and integrate into policy. Show
NICE T0409 Troubleshoot prototype design and process issues throughout the product design, development, and pre-launch phases. Show
NICE T0410 Identify functional- and security-related features to find opportunities for new capability development to exploit or mitigate vulnerabilities. Show
NICE T0411 Identify and/or develop reverse engineering tools to enhance capabilities and detect vulnerabilities. Show
NICE T0412 Conduct import/export reviews for acquiring systems and software. Show
NICE T0413 Develop data management capabilities (e.g., cloud-based, centralized cryptographic key management) to include support to the mobile workforce. Show
NICE T0414 Develop supply chain, system, network, performance, and cybersecurity requirements. Show
NICE T0415 Ensure that supply chain, system, network, performance, and cybersecurity requirements are included in contract language and delivered. Show
NICE T0416 Enable applications with public keying by leveraging existing public key infrastructure (PKI) libraries and incorporating certificate management and encryption functionalities when appropriate. Show
NICE T0417 Identify and leverage the enterprise-wide security services while designing and developing secure applications (e.g., Enterprise PKI, Federated Identity server, Enterprise Antivirus solution) when appropriate. Show
NICE T0418 Install, update, and troubleshoot systems/servers. Show
NICE T0419 Acquire and maintain a working knowledge of constitutional issues which arise in relevant laws, regulations, policies, agreements, standards, procedures, or other issuances. Show
NICE T0420 Administer test bed(s), and test and evaluate applications, hardware infrastructure, rules/signatures, access controls, and configurations of platforms managed by service provider(s). Show
NICE T0421 Manage the indexing/cataloguing, storage, and access of explicit organizational knowledge (e.g., hard copy documents, digital files). Show
NICE T0422 Implement data management standards, requirements, and specifications. Show
NICE T0423 Analyze computer-generated threats for counter intelligence or criminal activity. Show
NICE T0424 Analyze and provide information to stakeholders that will support the development of security application or modification of an existing security application. Show
NICE T0425 Analyze organizational cyber policy. Show
NICE T0426 Analyze the results of software, hardware, or interoperability testing. Show
NICE T0427 Analyze user needs and requirements to plan architecture. Show
NICE T0428 Analyze security needs and software requirements to determine feasibility of design within time and cost constraints and security mandates. Show
NICE T0429 Assess policy needs and collaborate with stakeholders to develop policies to govern cyber activities. Show
NICE T0430 Gather and preserve evidence used on the prosecution of computer crimes. Show
NICE T0431 Check system hardware availability, functionality, integrity, and efficiency. Show
NICE T0432 Collect and analyze intrusion artifacts (e.g., source code, malware, and system configuration) and use discovered data to enable mitigation of potential cyber defense incidents within the enterprise. Show
NICE T0433 Conduct analysis of log files, evidence, and other information to determine best methods for identifying the perpetrator(s) of a network intrusion or other crimes. Show
NICE T0434 Conduct framing of pleadings to properly identify alleged violations of law, regulations, or policy/guidance. Show
NICE T0435 Conduct periodic system maintenance including cleaning (both physically and electronically), disk checks, routine reboots, data dumps, and testing. Show
NICE T0436 Conduct trial runs of programs and software applications to ensure that the desired information is produced and instructions and security levels are correct. Show
NICE T0437 Correlate training and learning to business or mission requirements. Show
NICE T0438 Create, edit, and manage network access control lists on specialized cyber defense systems (e.g., firewalls and intrusion prevention systems). Show
NICE T0439 Detect and analyze encrypted data, stenography, alternate data streams and other forms of concealed data. Show
NICE T0440 Capture and integrate essential system capabilities or business functions required for partial or full system restoration after a catastrophic failure event. Show
NICE T0441 Define and integrate current and future mission environments. Show
NICE T0442 Create training courses tailored to the audience and physical environment. Show
NICE T0443 Deliver training courses tailored to the audience and physical/virtual environments. Show
NICE T0444 Apply concepts, procedures, software, equipment, and/or technology applications to students. Show
NICE T0445 Design/integrate a cyber strategy that outlines the vision, mission, and goals that align with the organization’s strategic plan. Show
NICE T0446 Design, develop, integrate, and update system security measures that provide confidentiality, integrity, availability, authentication, and non-repudiation. Show
NICE T0447 Design hardware, operating systems, and software applications to adequately address requirements. Show
NICE T0448 Develop enterprise architecture or system components required to meet user needs. Show
NICE T0449 Design to security requirements to ensure requirements are met for all systems and/or applications. Show
NICE T0450 Design training curriculum and course content based on requirements. Show
NICE T0451 Participate in development of training curriculum and course content. Show
NICE T0452 Design, build, implement, and maintain a knowledge management framework that provides end-users access to the organization’s intellectual capital. Show
NICE T0453 Determine and develop leads and identify sources of information to identify and/or prosecute the responsible parties to an intrusion or other crimes. Show
NICE T0454 Define baseline security requirements in accordance with applicable guidelines. Show
NICE T0455 Develop software system testing and validation procedures, programming, and documentation. Show
NICE T0456 Develop secure software testing and validation procedures. Show
NICE T0457 Develop system testing and validation procedures, programming, and documentation. Show
NICE T0458 Comply with organization systems administration standard operating procedures. Show
NICE T0459 Implement data mining and data warehousing applications. Show
NICE T0460 Develop and implement data mining and data warehousing programs. Show
NICE T0461 Implement and enforce local network usage policies and procedures. Show
NICE T0462 Develop procedures and test fail-over for system operations transfer to an alternate site based on system availability requirements. Show
NICE T0463 Develop cost estimates for new or modified system(s). Show
NICE T0464 Develop detailed design documentation for component and interface specifications to support system design and development. Show
NICE T0465 Develop guidelines for implementation. Show
NICE T0466 Develop mitigation strategies to address cost, schedule, performance, and security risks. Show
NICE T0467 Ensure that training meets the goals and objectives for cybersecurity training, education, or awareness. Show
NICE T0468 Diagnose and resolve customer reported system incidents, problems, and events. Show
NICE T0469 Analyze and report organizational security posture trends. Show
NICE T0470 Analyze and report system security posture trends. Show
NICE T0471 Document original condition of digital and/or associated evidence (e.g., via digital photographs, written reports, hash function checking). Show
NICE T0472 Draft, staff, and publish cyber policy. Show
NICE T0473 Document and update as necessary all definition and architecture activities. Show
NICE T0474 Provide legal analysis and decisions to inspectors general, privacy officers, oversight and compliance personnel regarding compliance with cybersecurity policies and relevant legal and regulatory requirements. Show
NICE T0475 Assess adequate access controls based on principles of least privilege and need-to-know. Show
NICE T0476 Evaluate the impact of changes to laws, regulations, policies, standards, or procedures. Show
NICE T0477 Ensure the execution of disaster recovery and continuity of operations. Show
NICE T0478 Provide guidance on laws, regulations, policies, standards, or procedures to management, personnel, or clients. Show
NICE T0479 Employ information technology (IT) systems and digital storage media to solve, investigate, and/or prosecute cybercrimes and fraud committed against people and property. Show
NICE T0480 Identify components or elements, allocate comprehensive functional components to include security functions, and describe the relationships between the elements. Show
NICE T0481 Identify and address cyber workforce planning and management issues (e.g. recruitment, retention, and training). Show
NICE T0482 Make recommendations based on trend analysis for enhancements to software and hardware solutions to enhance customer experience. Show
NICE T0483 Identify potential conflicts with implementation of any cyber defense tools (e.g., tool and signature testing and optimization). Show
NICE T0484 Determine the protection needs (i.e., security controls) for the information system(s) and network(s) and document appropriately. Show
NICE T0485 Implement security measures to resolve vulnerabilities, mitigate risks, and recommend security changes to system or system components as needed. Show
NICE T0486 Implement Risk Management Framework (RMF)/Security Assessment and Authorization (SA&A) requirements for dedicated cyber defense systems within the enterprise, and document and maintain records for them. Show
NICE T0487 Facilitate implementation of new or revised laws, regulations, executive orders, policies, standards, or procedures. Show
NICE T0488 Implement designs for new or existing system(s). Show
NICE T0489 Implement system security measures in accordance with established procedures to ensure confidentiality, integrity, availability, authentication, and non-repudiation. Show
NICE T0490 Install and configure database management systems and software. Show
NICE T0491 Install and configure hardware, software, and peripheral equipment for system users in accordance with organizational standards. Show
NICE T0492 Ensure the integration and implementation of Cross-Domain Solutions (CDS) in a secure environment. Show
NICE T0493 Lead and oversee budget, staffing, and contracting. Show
NICE T0494 Administer accounts, network rights, and access to systems and equipment. Show
NICE T0495 Manage Accreditation Packages (e.g., ISO/IEC 15026-2). Show
NICE T0496 Perform asset management/inventory of information technology (IT) resources. Show
NICE T0497 Manage the information technology (IT) planning process to ensure that developed solutions meet customer requirements. Show
NICE T0498 Manage system/server resources including performance, capacity, availability, serviceability, and recoverability. Show
NICE T0499 Mitigate/correct security deficiencies identified during security/certification testing and/or recommend risk acceptance for the appropriate senior leader or authorized representative. Show
NICE T0500 Modify and maintain existing software to correct errors, to adapt it to new hardware, or to upgrade interfaces and improve performance. Show
NICE T0501 Monitor and maintain system/server configuration. Show
NICE T0502 Monitor and report client-level computer system performance. Show
NICE T0503 Monitor external data sources (e.g., cyber defense vendor sites, Computer Emergency Response Teams, Security Focus) to maintain currency of cyber defense threat condition and determine which security issues may have an impact on the enterprise. Show
NICE T0504 Assess and monitor cybersecurity related to system implementation and testing practices. Show
NICE T0505 Monitor the rigorous application of cyber policies, principles, and practices in the delivery of planning and management services. Show
NICE T0506 Seek consensus on proposed policy changes from stakeholders. Show
NICE T0507 Oversee installation, implementation, configuration, and support of system components. Show
NICE T0508 Verify minimum security requirements are in place for all applications. Show
NICE T0509 Perform an information security risk assessment. Show
NICE T0510 Coordinate incident response functions. Show
NICE T0511 Perform developmental testing on systems under development. Show
NICE T0512 Perform interoperability testing on systems exchanging electronic information with other systems. Show
NICE T0513 Perform operational testing. Show
NICE T0514 Diagnose faulty system/server hardware. Show
NICE T0515 Perform repairs on faulty system/server hardware. Show
NICE T0516 Perform secure program testing, review, and/or assessment to identify potential flaws in codes and mitigate vulnerabilities. Show
NICE T0517 Integrate results regarding the identification of gaps in security architecture. Show
NICE T0518 Perform security reviews and identify security gaps in architecture. Show
NICE T0519 Plan and coordinate the delivery of classroom techniques and formats (e.g., lectures, demonstrations, interactive exercises, multimedia presentations) for the most effective learning environment. Show
NICE T0520 Plan non-classroom educational techniques and formats (e.g., video courses, mentoring, web-based courses). Show
NICE T0521 Plan implementation strategy to ensure that enterprise components can be integrated and aligned. Show
NICE T0522 Prepare legal and other relevant documents (e.g., depositions, briefs, affidavits, declarations, appeals, pleadings, discovery). Show
NICE T0523 Prepare reports to document the investigation following legal standards and requirements. Show
NICE T0524 Promote knowledge sharing between information owners/users through an organization’s operational processes and systems. Show
NICE T0525 Provide enterprise cybersecurity and supply chain risk management guidance. Show
NICE T0526 Provides cybersecurity recommendations to leadership based on significant threats and vulnerabilities. Show
NICE T0527 Provide input to implementation plans and standard operating procedures as they relate to information systems security. Show
NICE T0528 Provide input to implementation plans, standard operating procedures, maintenance documentation, and maintenance training materials Show
NICE T0529 Provide policy guidance to cyber management, staff, and users. Show
NICE T0530 Develop a trend analysis and impact report. Show
NICE T0531 Troubleshoot hardware/software interface and interoperability problems. Show
NICE T0532 Review forensic images and other data sources (e.g., volatile data) for recovery of potentially relevant information. Show
NICE T0533 Review, conduct, or participate in audits of cyber programs and projects. Show
NICE T0534 Conduct periodic reviews/revisions of course content for accuracy, completeness alignment, and currency (e.g., course content documents, lesson plans, student texts, examinations, schedules of instruction, and course descriptions). Show
NICE T0535 Recommend revisions to curriculum and course content based on feedback from previous training sessions. Show
NICE T0536 Serve as an internal consultant and advisor in own area of expertise (e.g., technical, copyright, print media, electronic media). Show
NICE T0537 Support the CIO in the formulation of cyber-related policies. Show
NICE T0538 Provide support to test and evaluation activities. Show
NICE T0539 Test, evaluate, and verify hardware and/or software to determine compliance with defined specifications and requirements. Show
NICE T0540 Record and manage test data. Show
NICE T0541 Trace system requirements to design components and perform gap analysis. Show
NICE T0542 Translate proposed capabilities into technical requirements. Show
NICE T0543 WITHDRAWN: Use data carving techniques (e.g., FTK-Foremost) to extract data for further analysis. Show
NICE T0544 Verify stability, interoperability, portability, and/or scalability of system architecture. Show
NICE T0545 Work with stakeholders to resolve computer security incidents and vulnerability compliance. Show
NICE T0546 Write and publish cyber defense recommendations, reports, and white papers on incident findings to appropriate constituencies. Show
NICE T0547 Research and evaluate available technologies and standards to meet customer requirements. Show
NICE T0548 Provide advice and input for Disaster Recovery, Contingency, and Continuity of Operations Plans. Show
NICE T0549 Perform technical (evaluation of technology) and nontechnical (evaluation of people and operations) risk and vulnerability assessments of relevant technology focus areas (e.g., local computing environment, network and infrastructure, enclave boundary, supporting infrastructure, and applications). Show
NICE T0550 Make recommendations regarding the selection of cost-effective security controls to mitigate risk (e.g., protection of information, systems and processes). Show
NICE T0551 Draft and publish supply chain security and risk management documents. Show
NICE T0552 Review and approve a supply chain security/risk management policy. Show
NICE T0553 Apply cybersecurity functions (e.g., encryption, access control, and identity management) to reduce exploitation opportunities. Show
NICE T0554 Determine and document software patches or the extent of releases that would leave software vulnerable. Show
NICE T0555 Document how the implementation of a new system or new interface between systems impacts the current and target environment including but not limited to security posture. Show
NICE T0556 Assess and design security management functions as related to cyberspace. Show
NICE T0557 Integrate key management functions as related to cyberspace. Show
NICE T0558 Analyze user needs and requirements to plan and conduct system development. Show
NICE T0559 Develop designs to meet specific operational needs and environmental factors (e.g., access controls, automated applications, networked operations. Show
NICE T0560 Collaborate on cybersecurity designs to meet specific operational needs and environmental factors (e.g., access controls, automated applications, networked operations, high integrity and availability requirements, multilevel security/processing of multiple classification levels, and processing Sensitive Compartmented Information). Show
NICE T0561 Accurately characterize targets. Show
NICE T0562 Adjust collection operations or collection plan to address identified issues/challenges and to synchronize collections with overall operational requirements. Show
NICE T0563 Provide input to the analysis, design, development or acquisition of capabilities used for meeting objectives. Show
NICE T0564 Analyze feedback to determine extent to which collection products and services are meeting requirements. Show
NICE T0565 Analyze incoming collection requests. Show
NICE T0566 Analyze internal operational architecture, tools, and procedures for ways to improve performance. Show
NICE T0567 Analyze target operational architecture for ways to gain access. Show
NICE T0568 Analyze plans, directives, guidance and policy for factors that would influence collection management's operational structure and requirement s (e.g., duration, scope, communication requirements, interagency/international agreements). Show
NICE T0569 Answer requests for information. Show
NICE T0570 Apply and utilize authorized cyber capabilities to enable access to targeted networks. Show
NICE T0571 Apply expertise in policy and processes to facilitate the development, negotiation, and internal staffing of plans and/or memorandums of agreement. Show
NICE T0572 Apply cyber collection, environment preparation and engagement expertise to enable new exploitation and/or continued collection operations, or in support of customer requirements. Show
NICE T0573 Assess and apply operational environment factors and risks to collection management process. Show
NICE T0574 Apply and obey applicable statutes, laws, regulations and policies. Show
NICE T0575 Coordinate for intelligence support to operational planning activities. Show
NICE T0576 Assess all-source intelligence and recommend targets to support cyber operation objectives. Show
NICE T0577 Assess efficiency of existing information exchange and management systems. Show
NICE T0578 Assess performance of collection assets against prescribed specifications. Show
NICE T0579 Assess target vulnerabilities and/or operational capabilities to determine course of action. Show
NICE T0580 Assess the effectiveness of collections in satisfying priority information gaps, using available capabilities and methods, and adjust collection strategies and collection requirements accordingly. Show
NICE T0581 Assist and advise interagency partners in identifying and developing best practices for facilitating operational support to achievement of organization objectives. Show
NICE T0582 Provide expertise to course of action development. Show
NICE T0583 Provide subject matter expertise to the development of a common operational picture. Show
NICE T0584 Maintain a common intelligence picture. Show
NICE T0585 Provide subject matter expertise to the development of cyber operations specific indicators. Show
NICE T0586 Assist in the coordination, validation, and management of all-source collection requirements, plans, and/or activities. Show
NICE T0587 Assist in the development and refinement of priority information requirements. Show
NICE T0588 Provide expertise to the development of measures of effectiveness and measures of performance. Show
NICE T0589 Assist in the identification of intelligence collection shortfalls. Show
NICE T0590 Enable synchronization of intelligence support plans across partner organizations as required. Show
NICE T0591 Perform analysis for target infrastructure exploitation activities. Show
NICE T0592 Provide input to the identification of cyber-related success criteria. Show
NICE T0593 Brief threat and/or target current situations. Show
NICE T0594 Build and maintain electronic target folders. Show
NICE T0595 Classify documents in accordance with classification guidelines. Show
NICE T0596 Close requests for information once satisfied. Show
NICE T0597 Collaborate with intelligence analysts/targeting organizations involved in related areas. Show
NICE T0598 Collaborate with development organizations to create and deploy the tools needed to achieve objectives. Show
NICE T0599 Collaborate with other customer, Intelligence and targeting organizations involved in related cyber areas. Show
NICE T0600 Collaborate with other internal and external partner organizations on target access and operational issues. Show
NICE T0601 Collaborate with other team members or partner organizations to develop a diverse program of information materials (e.g., web pages, briefings, print materials). Show
NICE T0602 Collaborate with customer to define information requirements. Show
NICE T0603 Communicate new developments, breakthroughs, challenges and lessons learned to leadership, and internal and external customers. Show
NICE T0604 Compare allocated and available assets to collection demand as expressed through requirements. Show
NICE T0605 Compile lessons learned from collection management activity's execution of organization collection objectives. Show
NICE T0606 Compile, integrate, and/or interpret all-source data for intelligence or vulnerability value with respect to specific targets. Show
NICE T0607 Identify and conduct analysis of target communications to identify information essential to support operations. Show
NICE T0608 Conduct analysis of physical and logical digital technologies (e.g., wireless, SCADA, telecom) to identify potential avenues of access. Show
NICE T0609 Conduct access enabling of wireless computer and digital networks. Show
NICE T0610 Conduct collection and processing of wireless computer and digital networks. Show
NICE T0611 Conduct end-of-operations assessments. Show
NICE T0612 Conduct exploitation of wireless computer and digital networks. Show
NICE T0613 Conduct formal and informal coordination of collection requirements in accordance with established guidelines and procedures. Show
NICE T0614 Conduct independent in-depth target and technical analysis including target-specific information (e.g., cultural, organizational, political) that results in access. Show
NICE T0615 Conduct in-depth research and analysis. Show
NICE T0616 Conduct network scouting and vulnerability analyses of systems within a network. Show
NICE T0617 Conduct nodal analysis. Show
NICE T0618 Conduct on-net activities to control and exfiltrate data from deployed technologies. Show
NICE T0619 Conduct on-net and off-net activities to control, and exfiltrate data from deployed, automated technologies. Show
NICE T0620 Conduct open source data collection via various online tools. Show
NICE T0621 Conduct quality control to determine validity and relevance of information gathered about networks. Show
NICE T0622 Develop, review and implement all levels of planning guidance in support of cyber operations. Show
NICE T0623 Conduct survey of computer and digital networks. Show
NICE T0624 Conduct target research and analysis. Show
NICE T0625 Consider efficiency and effectiveness of collection assets and resources if/when applied against priority information requirements. Show
NICE T0626 Construct collection plans and matrixes using established guidance and procedures. Show
NICE T0627 Contribute to crisis action planning for cyber operations. Show
NICE T0628 Contribute to the development of the organization's decision support tools if necessary. Show
NICE T0629 Contribute to the development, staffing, and coordination of cyber operations policies, performance standards, plans and approval packages with appropriate internal and/or external decision makers. Show
NICE T0630 Incorporate intelligence equities into the overall design of cyber operations plans. Show
NICE T0631 Coordinate resource allocation of collection assets against prioritized collection requirements with collection discipline leads. Show
NICE T0632 Coordinate inclusion of collection plan in appropriate documentation. Show
NICE T0633 Coordinate target vetting with appropriate partners. Show
NICE T0634 Re-task or re-direct collection assets and resources. Show
NICE T0635 Coordinate with intelligence and cyber defense partners to obtain relevant essential information. Show
NICE T0636 Coordinate with intelligence planners to ensure that collection managers receive information requirements. Show
NICE T0637 Coordinate with the intelligence planning team to assess capability to satisfy assigned intelligence tasks. Show
NICE T0638 Coordinate, produce, and track intelligence requirements. Show
NICE T0639 Coordinate, synchronize and draft applicable intelligence sections of cyber operations plans. Show
NICE T0640 Use intelligence estimates to counter potential target actions. Show
NICE T0641 Create comprehensive exploitation strategies that identify exploitable technical or operational vulnerabilities. Show
NICE T0642 Maintain awareness of internal and external cyber organization structures, strengths, and employments of staffing and technology. Show
NICE T0643 Deploy tools to a target and utilize them once deployed (e.g., backdoors, sniffers). Show
NICE T0644 Detect exploits against targeted networks and hosts and react accordingly. Show
NICE T0645 Determine course of action for addressing changes to objectives, guidance, and operational environment. Show
NICE T0646 Determine existing collection management webpage databases, libraries and storehouses. Show
NICE T0647 Determine how identified factors affect the tasking, collection, processing, exploitation and dissemination architecture's form and function. Show
NICE T0648 Determine indicators (e.g., measures of effectiveness) that are best suited to specific cyber operation objectives. Show
NICE T0649 Determine organizations and/or echelons with collection authority over all accessible collection assets. Show
NICE T0650 Determine what technologies are used by a given target. Show
NICE T0651 Develop a method for comparing collection reports to outstanding requirements to identify information gaps. Show
NICE T0652 Develop all-source intelligence targeting materials. Show
NICE T0653 Apply analytic techniques to gain more target information. Show
NICE T0654 Develop and maintain deliberate and/or crisis plans. Show
NICE T0655 Develop and review specific cyber operations guidance for integration into broader planning activities. Show
NICE T0656 Develop and review intelligence guidance for integration into supporting cyber operations planning and execution. Show
NICE T0657 Develop coordinating instructions by collection discipline for each phase of an operation. Show
NICE T0658 Develop cyber operations plans and guidance to ensure that execution and resource allocation decisions align with organization objectives. Show
NICE T0659 Develop detailed intelligence support to cyber operations requirements. Show
NICE T0660 Develop information requirements necessary for answering priority information requests. Show
NICE T0661 Develop measures of effectiveness and measures of performance. Show
NICE T0662 Allocate collection assets based on leadership's guidance, priorities, and/or operational emphasis. Show
NICE T0663 Develop munitions effectiveness assessment or operational assessment materials. Show
NICE T0664 Develop new techniques for gaining and keeping access to target systems. Show
NICE T0665 Develop or participate in the development of standards for providing, requesting, and/or obtaining support from external partners to synchronize cyber operations. Show
NICE T0666 Develop or shape international cyber engagement strategies, policies, and activities to meet organization objectives. Show
NICE T0667 Develop potential courses of action. Show
NICE T0668 Develop procedures for providing feedback to collection managers, asset managers, and processing, exploitation and dissemination centers. Show
NICE T0669 Develop strategy and processes for partner planning, operations, and capability development. Show
NICE T0670 Develop, implement, and recommend changes to appropriate planning procedures and policies. Show
NICE T0671 Develop, maintain, and assess cyber cooperation security agreements with external partners. Show
NICE T0672 Devise, document, and validate cyber operation strategy and planning documents. Show
NICE T0673 Disseminate reports to inform decision makers on collection issues. Show
NICE T0674 Disseminate tasking messages and collection plans. Show
NICE T0675 Conduct and document an assessment of the collection results using established procedures. Show
NICE T0676 Draft cyber intelligence collection and production requirements. Show
NICE T0677 Edit or execute simple scripts (e.g., Perl, VBScript) on Windows and UNIX systems. Show
NICE T0678 Engage customers to understand customers’ intelligence needs and wants. Show
NICE T0679 Ensure operational planning efforts are effectively transitioned to current operations. Show
NICE T0680 Ensure that intelligence planning activities are integrated and synchronized with operational planning timelines. Show
NICE T0681 Establish alternative processing, exploitation and dissemination pathways to address identified issues or problems. Show
NICE T0682 Validate the link between collection requests and critical information requirements and priority intelligence requirements of leadership. Show
NICE T0683 Establish processing, exploitation and dissemination management activity using approved guidance and/or procedures. Show
NICE T0684 Estimate operational effects generated through cyber activities. Show
NICE T0685 Evaluate threat decision-making processes. Show
NICE T0686 Identify threat vulnerabilities. Show
NICE T0687 Identify threats to Blue Force vulnerabilities. Show
NICE T0688 Evaluate available capabilities against desired effects to recommend efficient solutions. Show
NICE T0689 Evaluate extent to which collected information and/or produced intelligence satisfy information requests. Show
NICE T0690 Evaluate intelligence estimates to support the planning cycle. Show
NICE T0691 Evaluate the conditions that affect employment of available cyber intelligence capabilities. Show
NICE T0692 Generate and evaluate the effectiveness of network analysis strategies. Show
NICE T0693 Evaluate extent to which collection operations are synchronized with operational requirements. Show
NICE T0694 Evaluate the effectiveness of collection operations against the collection plan. Show
NICE T0695 Examine intercept-related metadata and content with an understanding of targeting significance. Show
NICE T0696 Exploit network devices, security devices, and/or terminals or environments using various methods or tools. Show
NICE T0697 Facilitate access enabling by physical and/or wireless means. Show
NICE T0698 Facilitate continuously updated intelligence, surveillance, and visualization input to common operational picture managers. Show
NICE T0699 Facilitate interactions between internal and external partner decision makers to synchronize and integrate courses of action in support of objectives. Show
NICE T0700 Facilitate the sharing of “best practices” and “lessons learned” throughout the cyber operations community. Show
NICE T0701 Collaborate with developers, conveying target and technical knowledge in tool requirements submissions, to enhance tool development. Show
NICE T0702 Formulate collection strategies based on knowledge of available intelligence discipline capabilities and gathering methods that align multi-discipline collection capabilities and accesses with targets and their observables. Show
NICE T0703 Gather and analyze data (e.g., measures of effectiveness) to determine effectiveness, and provide reporting for follow-on activities. Show
NICE T0704 Incorporate cyber operations and communications security support plans into organization objectives. Show
NICE T0705 Incorporate intelligence and counterintelligence to support plan development. Show
NICE T0706 Gather information about networks through traditional and alternative techniques, (e.g., social network analysis, call-chaining, traffic analysis.) Show
NICE T0707 Generate requests for information. Show
NICE T0708 Identify threat tactics, and methodologies. Show
NICE T0709 Identify all available partner intelligence capabilities and limitations supporting cyber operations. Show
NICE T0710 Identify and evaluate threat critical capabilities, requirements, and vulnerabilities. Show
NICE T0711 Identify, draft, evaluate, and prioritize relevant intelligence or information requirements. Show
NICE T0712 Identify and manage security cooperation priorities with external partners. Show
NICE T0713 Identify and submit intelligence requirements for the purposes of designating priority information requirements. Show
NICE T0714 Identify collaboration forums that can serve as mechanisms for coordinating processes, functions, and outputs with specified organizations and functional groups. Show
NICE T0715 Identify collection gaps and potential collection strategies against targets. Show
NICE T0716 Identify coordination requirements and procedures with designated collection authorities. Show
NICE T0717 Identify critical target elements. Show
NICE T0718 Identify intelligence gaps and shortfalls. Show
NICE T0719 Identify cyber intelligence gaps and shortfalls for cyber operational planning. Show
NICE T0720 Identify gaps in our understanding of target technology and developing innovative collection approaches. Show
NICE T0721 Identify issues or problems that can disrupt and/or degrade processing, exploitation and dissemination architecture effectiveness. Show
NICE T0722 Identify network components and their functionality to enable analysis and target development. Show
NICE T0723 Identify potential collection disciplines for application against priority information requirements. Show
NICE T0724 Identify potential points of strength and vulnerability within a network. Show
NICE T0725 Identify and mitigate risks to collection management ability to support the plan, operations and target cycle. Show
NICE T0726 Identify the need, scope, and timeframe for applicable intelligence environment preparation derived production. Show
NICE T0727 Identify, locate, and track targets via geospatial analysis techniques. Show
NICE T0728 Provide input to or develop courses of action based on threat factors. Show
NICE T0729 Inform external partners of the potential effects of new or revised policy and guidance on cyber operations partnering activities. Show
NICE T0730 Inform stakeholders (e.g., collection managers, asset managers, processing, exploitation and dissemination centers) of evaluation results using established procedures. Show
NICE T0731 Initiate requests to guide tasking and assist with collection management. Show
NICE T0732 Integrate cyber planning/targeting efforts with other organizations. Show
NICE T0733 Interpret environment preparations assessments to determine a course of action. Show
NICE T0734 Issue requests for information. Show
NICE T0735 Lead and coordinate intelligence support to operational planning. Show
NICE T0736 Lead or enable exploitation operations in support of organization objectives and target requirements. Show
NICE T0737 Link priority collection requirements to optimal assets and resources. Show
NICE T0738 Maintain awareness of advancements in hardware and software technologies (e.g., attend training or conferences, reading) and their potential implications. Show
NICE T0739 Maintain relationships with internal and external partners involved in cyber planning or related areas. Show
NICE T0740 Maintain situational awareness and functionality of organic operational infrastructure. Show
NICE T0741 Maintain situational awareness of cyber-related intelligence requirements and associated tasking. Show
NICE T0742 Maintain situational awareness of partner capabilities and activities. Show
NICE T0743 Maintain situational awareness to determine if changes to the operating environment require review of the plan. Show
NICE T0744 Maintain target lists (i.e., RTL, JTL, CTL, etc.). Show
NICE T0745 Make recommendations to guide collection in support of customer requirements. Show
NICE T0746 Modify collection requirements as necessary. Show
NICE T0747 Monitor and evaluate integrated cyber operations to identify opportunities to meet organization objectives. Show
NICE T0748 Monitor and report changes in threat dispositions, activities, tactics, capabilities, objectives, etc. as related to designated cyber operations warning problem sets. Show
NICE T0749 Monitor and report on validated threat activities. Show
NICE T0750 Monitor completion of reallocated collection efforts. Show
NICE T0751 Monitor open source websites for hostile content directed towards organizational or partner interests. Show
NICE T0752 Monitor operational environment and report on adversarial activities which fulfill leadership’s priority information requirements. Show
NICE T0753 Monitor operational status and effectiveness of the processing, exploitation and dissemination architecture. Show
NICE T0754 Monitor target networks to provide indications and warning of target communications changes or processing failures. Show
NICE T0755 Monitor the operational environment for potential factors and risks to the collection operation management process. Show
NICE T0756 Operate and maintain automated systems for gaining and maintaining access to target systems. Show
NICE T0757 Optimize mix of collection assets and resources to increase effectiveness and efficiency against essential information associated with priority intelligence requirements. Show
NICE T0758 Produce timely, fused, all-source cyber operations intelligence and/or indications and warnings intelligence products (e.g., threat assessments, briefings, intelligence studies, country studies). Show
NICE T0759 Contribute to the review and refinement of policy, to include assessments of the consequences of endorsing or not endorsing such policy. Show
NICE T0760 Provide subject matter expertise to planning teams, coordination groups, and task forces as necessary. Show
NICE T0761 Provide subject-matter expertise and support to planning/developmental forums and working groups as appropriate. Show
NICE T0762 WITHDRAWN: Provide subject matter expertise in course of action development. Show
NICE T0763 Conduct long-range, strategic planning efforts with internal and external partners in cyber activities. Show
NICE T0764 Provide subject matter expertise to planning efforts with internal and external cyber operations partners. Show
NICE T0765 Provide subject matter expertise to development of exercises. Show
NICE T0766 Propose policy which governs interactions with external coordination groups. Show
NICE T0767 Perform content and/or metadata analysis to meet organization objectives. Show
NICE T0768 Conduct cyber activities to degrade/remove information resident in computers and computer networks. Show
NICE T0769 Perform targeting automation activities. Show
NICE T0770 Characterize websites. Show
NICE T0771 Provide subject matter expertise to website characterizations. Show
NICE T0772 Prepare for and provide subject matter expertise to exercises. Show
NICE T0773 Prioritize collection requirements for collection platforms based on platform capabilities. Show
NICE T0774 Process exfiltrated data for analysis and/or dissemination to customers. Show
NICE T0775 Produce network reconstructions. Show
NICE T0776 Produce target system analysis products. Show
NICE T0777 Profile network or system administrators and their activities. Show
NICE T0778 Profile targets and their activities. Show
NICE T0779 Provide advice/assistance to operations and intelligence decision makers with reassignment of collection assets and resources in response to dynamic operational situations. Show
NICE T0780 Provide advisory and advocacy support to promote collection planning as an integrated component of the strategic campaign plans and other adaptive plans. Show
NICE T0781 Provide aim point and reengagement recommendations. Show
NICE T0782 Provide analyses and support for effectiveness assessment. Show
NICE T0783 Provide current intelligence support to critical internal/external stakeholders as appropriate. Show
NICE T0784 Provide cyber focused guidance and advice on intelligence support plan inputs. Show
NICE T0785 Provide evaluation and feedback necessary for improving intelligence production, intelligence reporting, collection requirements, and operations. Show
NICE T0786 Provide information and assessments for the purposes of informing leadership and customers; developing and refining objectives; supporting operation planning and execution; and assessing the effects of operations. Show
NICE T0787 Provide input for the development and refinement of the cyber operations objectives, priorities, strategies, plans, and programs. Show
NICE T0788 Provide input and assist in post-action effectiveness assessments. Show
NICE T0789 Provide input and assist in the development of plans and guidance. Show
NICE T0790 Provide input for targeting effectiveness assessments for leadership acceptance. Show
NICE T0791 Provide input to the administrative and logistical elements of an operational support plan. Show
NICE T0792 Provide intelligence analysis and support to designated exercises, planning activities, and time sensitive operations. Show
NICE T0793 Provide effectiveness support to designated exercises, and/or time sensitive operations. Show
NICE T0794 Provide operations and reengagement recommendations. Show
NICE T0795 Provide planning support between internal and external partners. Show
NICE T0796 Provide real-time actionable geolocation information. Show
NICE T0797 Provide target recommendations which meet leadership objectives. Show
NICE T0798 Provide targeting products and targeting support as designated. Show
NICE T0799 Provide time sensitive targeting support. Show
NICE T0800 Provide timely notice of imminent or hostile intentions or activities which may impact organization objectives, resources, or capabilities. Show
NICE T0801 Recommend refinement, adaption, termination, and execution of operational plans as appropriate. Show
NICE T0802 Review appropriate information sources to determine validity and relevance of information gathered. Show
NICE T0803 Reconstruct networks in diagram or report format. Show
NICE T0804 Record information collection and/or environment preparation activities against targets during operations designed to achieve cyber effects. Show
NICE T0805 Report intelligence-derived significant network events and intrusions. Show
NICE T0806 Request discipline-specific processing, exploitation, and disseminate information collected using discipline's collection assets and resources in accordance with approved guidance and/or procedures. Show
NICE T0807 Research communications trends in emerging technologies (in computer and telephony networks, satellite, cable, and wireless) in both open and classified sources. Show
NICE T0808 Review and comprehend organizational leadership objectives and guidance for planning. Show
NICE T0809 Review capabilities of allocated collection assets. Show
NICE T0810 Review intelligence collection guidance for accuracy/applicability. Show
NICE T0811 Review list of prioritized collection requirements and essential information. Show
NICE T0812 Review and update overarching collection plan, as required. Show
NICE T0813 Review, approve, prioritize, and submit operational requirements for research, development, and/or acquisition of cyber capabilities. Show
NICE T0814 Revise collection matrix based on availability of optimal assets and resources. Show
NICE T0815 Sanitize and minimize information to protect sources and methods. Show
NICE T0816 Scope the cyber intelligence planning effort. Show
NICE T0817 Serve as a conduit of information from partner teams by identifying subject matter experts who can assist in the investigation of complex or unusual situations. Show
NICE T0818 Serve as a liaison with external partners. Show
NICE T0819 Solicit and manage to completion feedback from requestors on quality, timeliness, and effectiveness of collection against collection requirements. Show
NICE T0820 Specify changes to collection plan and/or operational environment that necessitate re-tasking or re-directing of collection assets and resources. Show
NICE T0821 Specify discipline-specific collections and/or taskings that must be executed in the near term. Show
NICE T0822 Submit information requests to collection requirement management section for processing as collection requests. Show
NICE T0823 Submit or respond to requests for deconfliction of cyber operations. Show
NICE T0824 Support identification and documentation of collateral effects. Show
NICE T0825 Synchronize cyber international engagement activities and associated resource requirements as appropriate. Show
NICE T0826 Synchronize cyber portions of security cooperation plans. Show
NICE T0827 Synchronize the integrated employment of all available organic and partner intelligence collection assets using available collaboration capabilities and techniques. Show
NICE T0828 Test and evaluate locally developed tools for operational use. Show
NICE T0829 Test internal developed tools and techniques against target tools. Show
NICE T0830 Track status of information requests, including those processed as collection requests and production requirements, using established procedures. Show
NICE T0831 Translate collection requests into applicable discipline-specific collection requirements. Show
NICE T0832 Use feedback results (e.g., lesson learned) to identify opportunities to improve collection management efficiency and effectiveness. Show
NICE T0833 Validate requests for information according to established criteria. Show
NICE T0834 Work closely with planners, intelligence analysts, and collection managers to ensure intelligence requirements and collection plans are accurate and up-to-date. Show
NICE T0835 Work closely with planners, analysts, and collection managers to identify intelligence gaps and ensure intelligence requirements are accurate and up-to-date. Show
NICE T0836 Document lessons learned that convey the results of events and/or exercises. Show
NICE T0837 Advise managers and operators on language and cultural issues that impact organization objectives. Show
NICE T0838 Analyze and process information using language and/or cultural expertise. Show
NICE T0839 Assess, document, and apply a target's motivation and/or frame of reference to facilitate analysis, targeting and collection opportunities. Show
NICE T0840 Collaborate across internal and/or external organizational lines to enhance collection, analysis and dissemination. Show
NICE T0841 Conduct all-source target research to include the use of open source materials in the target language. Show
NICE T0842 Conduct analysis of target communications to identify essential information in support of organization objectives. Show
NICE T0843 Perform quality review and provide feedback on transcribed or translated materials. Show
NICE T0844 Evaluate and interpret metadata to look for patterns, anomalies, or events, thereby optimizing targeting, analysis and processing. Show
NICE T0845 Identify cyber threat tactics and methodologies. Show
NICE T0846 Identify target communications within the global network. Show
NICE T0847 Maintain awareness of target communication tools, techniques, and the characteristics of target communication networks (e.g., capacity, functionality, paths, critical nodes) and their potential implications for targeting, collection, and analysis. Show
NICE T0848 Provide feedback to collection managers to enhance future collection and analysis. Show
NICE T0849 Perform foreign language and dialect identification in initial source data. Show
NICE T0850 Perform or support technical network analysis and mapping. Show
NICE T0851 Provide requirements and feedback to optimize the development of language processing tools. Show
NICE T0852 Perform social network analysis and document as appropriate. Show
NICE T0853 Scan, identify and prioritize target graphic (including machine-to-machine communications) and/or voice language material. Show
NICE T0854 Tip critical or time-sensitive information to appropriate customers. Show
NICE T0855 Transcribe target voice materials in the target language. Show
NICE T0856 Translate (e.g., verbatim, gist, and/or summaries) target graphic material. Show
NICE T0857 Translate (e.g., verbatim, gist, and/or summaries) target voice material. Show
NICE T0858 Identify foreign language terminology within computer programs (e.g., comments, variable names). Show
NICE T0859 Provide near-real time language analysis support (e.g., live operations). Show
NICE T0860 Identify cyber/technology-related terminology in the target language. Show
NICE T0861 Work with the general counsel, external affairs and businesses to ensure both existing and new services comply with privacy and data security obligations. Show
NICE T0862 Work with legal counsel and management, key departments and committees to ensure the organization has and maintains appropriate privacy and confidentiality consent, authorization forms and information notices and materials reflecting current organization and legal practices and requirements. Show
NICE T0863 Coordinate with the appropriate regulating bodies to ensure that programs, policies and procedures involving civil rights, civil liberties and privacy considerations are addressed in an integrated and comprehensive manner. Show
NICE T0864 Liaise with regulatory and accrediting bodies. Show
NICE T0865 Work with external affairs to develop relationships with regulators and other government officials responsible for privacy and data security issues. Show
NICE T0866 Maintain current knowledge of applicable federal and state privacy laws and accreditation standards, and monitor advancements in information privacy technologies to ensure organizational adaptation and compliance. Show
NICE T0867 Ensure all processing and/or databases are registered with the local privacy/data protection authorities where required. Show
NICE T0868 Work with business teams and senior management to ensure awareness of “best practices” on privacy and data security issues. Show
NICE T0869 Work with organization senior management to establish an organization-wide Privacy Oversight Committee Show
NICE T0870 Serve in a leadership role for Privacy Oversight Committee activities Show
NICE T0871 Collaborate on cyber privacy and security policies and procedures Show
NICE T0872 Collaborate with cybersecurity personnel on the security risk assessment process to address privacy compliance and risk mitigation Show
NICE T0873 Interface with Senior Management to develop strategic plans for the collection, use and sharing of information in a manner that maximizes its value while complying with applicable privacy regulations Show
NICE T0874 Provide strategic guidance to corporate officers regarding information resources and technology Show
NICE T0875 Assist the Security Officer with the development and implementation of an information infrastructure Show
NICE T0876 Coordinate with the Corporate Compliance Officer regarding procedures for documenting and reporting self-disclosures of any evidence of privacy violations. Show
NICE T0877 Work cooperatively with applicable organization units in overseeing consumer information access rights Show
NICE T0878 Serve as the information privacy liaison for users of technology systems Show
NICE T0879 Act as a liaison to the information systems department Show
NICE T0880 Develop privacy training materials and other communications to increase employee understanding of company privacy policies, data handling practices and procedures and legal obligations Show
NICE T0881 Oversee, direct, deliver or ensure delivery of initial privacy training and orientation to all employees, volunteers, contractors, alliances, business associates and other appropriate third parties Show
NICE T0882 Conduct on-going privacy training and awareness activities Show
NICE T0883 Work with external affairs to develop relationships with consumer organizations and other NGOs with an interest in privacy and data security issues—and to manage company participation in public events related to privacy and data security Show
NICE T0884 Work with organization administration, legal counsel and other related parties to represent the organization’s information privacy interests with external parties, including government bodies, which undertake to adopt or amend privacy legislation, regulation or standard. Show
NICE T0885 Report on a periodic basis regarding the status of the privacy program to the Board, CEO or other responsible individual or committee Show
NICE T0886 Work with External Affairs to respond to press and other inquiries regarding concern over consumer and employee data Show
NICE T0887 Provide leadership for the organization’s privacy program Show
NICE T0888 Direct and oversee privacy specialists and coordinate privacy and data security programs with senior executives globally to ensure consistency across the organization Show
NICE T0889 Ensure compliance with privacy practices and consistent application of sanctions for failure to comply with privacy policies for all individuals in the organization’s workforce, extended workforce and for all business associates in cooperation with Human Resources, the information security officer, administration and legal counsel as applicable Show
NICE T0890 Develop appropriate sanctions for failure to comply with the corporate privacy policies and procedures Show
NICE T0891 Resolve allegations of noncompliance with the corporate privacy policies or notice of information practices Show
NICE T0892 Develop and coordinate a risk management and compliance framework for privacy Show
NICE T0893 Undertake a comprehensive review of the company’s data and privacy projects and ensure that they are consistent with corporate privacy and data security goals and policies. Show
NICE T0894 Develop and manage enterprise-wide procedures to ensure the development of new products and services is consistent with company privacy policies and legal obligations Show
NICE T0895 Establish a process for receiving, documenting, tracking, investigating and acting on all complaints concerning the organization’s privacy policies and procedures Show
NICE T0896 Establish with management and operations a mechanism to track access to protected health information, within the purview of the organization and as required by law and to allow qualified individuals to review or receive a report on such activity Show
NICE T0897 Provide leadership in the planning, design and evaluation of privacy and security related projects Show
NICE T0898 Establish an internal privacy audit program Show
NICE T0899 Periodically revise the privacy program considering changes in laws, regulatory or company policy Show
NICE T0900 Provide development guidance and assist in the identification, implementation and maintenance of organization information privacy policies and procedures in coordination with organization management and administration and legal counsel Show
NICE T0901 Assure that the use of technologies maintains, and does not erode, privacy protections on use, collection and disclosure of personal information Show
NICE T0902 Monitor systems development and operations for security and privacy compliance Show
NICE T0903 Conduct privacy impact assessments of proposed rules on the privacy of personal information, including the type of personal information collected and the number of people affected Show
NICE T0904 Conduct periodic information privacy impact assessments and ongoing compliance monitoring activities in coordination with the organization’s other compliance and operational assessment functions Show
NICE T0905 Review all system-related information security plans to ensure alignment between security and privacy practices Show
NICE T0906 Work with all organization personnel involved with any aspect of release of protected information to ensure coordination with the organization’s policies, procedures and legal requirements Show
NICE T0907 Account for and administer individual requests for release or disclosure of personal and/or protected information Show
NICE T0908 Develop and manage procedures for vetting and auditing vendors for compliance with the privacy and data security policies and legal requirements Show
NICE T0909 Participate in the implementation and ongoing compliance monitoring of all trading partner and business associate agreements, to ensure all privacy concerns, requirements and responsibilities are addressed Show
NICE T0910 Act as, or work with, counsel relating to business partner contracts Show
NICE T0911 Mitigate effects of a use or disclosure of personal information by employees or business partners Show
NICE T0912 Develop and apply corrective action procedures Show
NICE T0913 Administer action on all complaints concerning the organization’s privacy policies and procedures in coordination and collaboration with other similar functions and, when necessary, legal counsel Show
NICE T0914 Support the organization’s privacy compliance program, working closely with the Privacy Officer, Chief Information Security Officer, and other business leaders to ensure compliance with federal and state privacy laws and regulations Show
NICE T0915 Identify and correct potential company compliance gaps and/or areas of risk to ensure full compliance with privacy regulations Show
NICE T0916 Manage privacy incidents and breaches in conjunction with the Privacy Officer, Chief Information Security Officer, legal counsel and the business units Show
NICE T0917 Coordinate with the Chief Information Security Officer to ensure alignment between security and privacy practices Show
NICE T0918 Establish, implement and maintains organization-wide policies and procedures to comply with privacy regulations Show
NICE T0919 Ensure that the company maintains appropriate privacy and confidentiality notices, consent and authorization forms, and materials Show
NICE T0920 Develop and maintain appropriate communications and training to promote and educate all workforce members and members of the Board regarding privacy compliance issues and requirements, and the consequences of noncompliance Show
NICE T0921 Determine business partner requirements related to the organization’s privacy program. Show
NICE T0922 Establish and administer a process for receiving, documenting, tracking, investigating and taking corrective action as appropriate on complaints concerning the company’s privacy policies and procedures. Show
NICE T0923 Cooperate with the relevant regulatory agencies and other legal entities, and organization officers, in any compliance reviews or investigations. Show
NICE T0924 Perform ongoing privacy compliance monitoring activities. Show
NICE T0925 Monitor advancements in information privacy technologies to ensure organization adoption and compliance. Show
NICE T0926 Develop or assist with the development of privacy training materials and other communications to increase employee understanding of company privacy policies, data handling practices and procedures and legal obligations. Show
NICE T0927 Appoint and guide a team of IT security experts. Show
NICE T0928 Collaborate with key stakeholders to establish a cybersecurity risk management program. Show
NICE T0929 Identify and assign individuals to specific roles associated with the execution of the Risk Management Framework. Show
NICE T0930 Establish a risk management strategy for the organization that includes a determination of risk tolerance. Show
NICE T0931 Identify the missions, business functions, and mission/business processes the system will support. Show
NICE T0932 Identify stakeholders who have a security interest in the development, implementation, operation, or sustainment of a system. Show
NICE T0933 Identify stakeholders who have a security interest in the development, implementation, operation, or sustainment of a system. Show
NICE T0934 Identify stakeholder assets that require protection. Show
NICE T0935 Conduct an initial risk assessment of stakeholder assets and update the risk assessment on an ongoing basis. Show
NICE T0936 Define the stakeholder protection needs and stakeholder security requirements. Show
NICE T0937 Determine the placement of a system within the enterprise architecture. Show
NICE T0938 Identify organization-wide common controls that are available for inheritance by organizational systems. Show
NICE T0939 Conduct a second-level security categorization for organizational systems with the same impact level. Show
NICE T0940 Determine the boundary of a system. Show
NICE T0941 Identify the security requirements allocated to a system and to the organization. Show
NICE T0942 Identify the types of information to be processed, stored, or transmitted by a system. Show
NICE T0943 Categorize the system and document the security categorization results as part of system requirements. Show
NICE T0944 Describe the characteristics of a system. Show
NICE T0945 Register the system with appropriate organizational program/management offices. Show
NICE T0946 Select the security controls for a system and document the functional description of the planned control implementations in a security plan. Show
NICE T0947 Develop a strategy for monitoring security control effectiveness; coordinate the system-level strategy with the organization and mission/business process-level monitoring strategy. Show
NICE T0948 Review and approve security plans. Show
NICE T0949 Implement the security controls specified in a security plan or other system documentation. Show
NICE T0950 Document changes to planned security control implementation and establish the configuration baseline for a system. Show
NICE T0951 Develop, review, and approve a plan to assess the security controls in a system and the organization. Show
NICE T0952 Assess the security controls in accordance with the assessment procedures defined in a security assessment plan. Show
NICE T0953 Prepare a security assessment report documenting the issues, findings, and recommendations from the security control assessment. Show
NICE T0954 Conduct initial remediation actions on security controls based on the findings and recommendations of a security assessment report; reassess remediated controls. Show
NICE T0955 Prepare a plan of action and milestones based on the findings and recommendations of a security assessment report excluding any remediation actions taken. Show
NICE T0956 Assemble an authorization package and submit the package to an authorizing official for adjudication. Show
NICE T0957 Determine the risk from the operation or use of a system or the provision or use of common controls. Show
NICE T0958 Identify and implement a preferred course of action in response to the risk determined. Show
NICE T0959 Determine if the risk from the operation or use of the system or the provision or use of common controls, is acceptable. Show
NICE T0960 Monitor changes to a system and its environment of operation. Show
NICE T0961 Assess the security controls employed within and inherited by the system in accordance with an organization-defined monitoring strategy. Show
NICE T0962 Respond to risk based on the results of ongoing monitoring activities, assessment of risk, and outstanding items in a plan of action and milestones. Show
NICE T0963 Update a security plan, security assessment report, and plan of action and milestones based on the results of a continuous monitoring process. Show
NICE T0964 Report the security status of a system (including the effectiveness of security controls) to an authorizing official on an ongoing basis in accordance with the monitoring strategy. Show
NICE T0965 Review the security status of a system (including the effectiveness of security controls) on an ongoing basis to determine whether the risk remains acceptable. Show
NICE T0966 Implement a system disposal strategy which executes required actions when a system is removed from service. Show
NICE T0967 Sponsor and promote continuous monitoring within the organization. Show
NICE T0968 Assign staff as needed to appropriate continuous monitoring working groups. Show
NICE T0969 Identify reporting requirements to support continuous monitoring activities. Show
NICE T0970 Establish scoring and grading metrics to measure effectiveness of continuous monitoring program. Show
NICE T0971 Determine how to integrate a continuous monitoring program into the organization’s broader information security governance structures and policies. Show
NICE T0972 Use continuous monitoring scoring and grading metrics to make information security investment decisions to address persistent issues. Show
NICE T0973 Ensure that the continuous monitoring staff have the training and resources (e.g., staff and budget) needed to perform assigned duties. Show
NICE T0974 Work with organizational risk analysts to ensure that continuous monitoring reporting covers appropriate levels of the organization. Show
NICE T0975 Work with the organizational risk analysts to ensure risk metrics are defining realistically to support continuous monitoring. Show
NICE T0976 Work with organizational officials to ensure continuous monitoring tool data provides situation awareness of risk levels. Show
NICE T0977 Establish triggers for unacceptable risk thresholds for continuous monitoring data. Show
NICE T0978 Work with organizational officials to establish system level reporting categories that can be used by the organization’s continuous monitoring program. Show
NICE T0980 Designate a qualified person to be responsible for the management and implementation of the continuous monitoring program. Show
NICE T0981 Identify the continuous monitoring stakeholders and establish a process to keep them informed about the program. Show
NICE T0982 Identify security oriented organization reporting requirements that are fulfilled by the continuous monitoring program. Show
NICE T0983 Use the continuous monitoring data to make information security investment decisions to address persistent issues. Show
NICE T0984 Define triggers within the continuous monitoring program that can be used to define unacceptable risk and result in action being taken to resolve. Show
NICE T0985 Establish scoring and grading metrics to measure effectiveness of continuous monitoring program. Show
NICE T0986 Work with security managers to establish appropriate continuous monitoring reporting requirements at the system level. Show
NICE T0987 Use the continuous monitoring tools and technologies to assess risk on an ongoing basis. Show
NICE T0988 Establish appropriate reporting requirements in adherence to the criteria identified in the continuous monitoring program for use in automated control assessment. Show
NICE T0989 Use non-automated assessment methods where the data from the continuous monitoring tools and technologies is not yet of adequate sufficiency or quality. Show
NICE T0990 Develop processes with the external audit group on how to share information regarding the continuous monitoring program and its impact on security control assessment. Show
NICE T0991 Identify reporting requirements for use in automated control assessment to support continuous monitoring. Show
NICE T0992 Determine how the continuous monitoring results will be used in ongoing authorization. Show
NICE T0993 Establish continuous monitoring tools and technologies access control process and procedures. Show
NICE T0994 Ensure that continuous monitoring tools and technologies access control is managed adequately. Show
NICE T0995 Establish a process to provide technical help to continuous monitoring mitigators. Show
NICE T0996 Coordinate continuous monitoring reporting requirements across various users. Show
NICE T0997 Establish responsibilities for supporting implementation of each continuous monitoring tool or technology. Show
NICE T0998 Establish liaison with scoring and metrics working group to support continuous monitoring. Show
NICE T0999 Establish and operate a process to manage introduction of new risk to support continuous monitoring. Show
NICE T1000 Establish continuous monitoring configuration settings issues and coordination sub-group. Show
NICE T1001 Establish continuous monitoring tools and technologies performance measurement/management requirements. Show
NICE T1002 Using scores and grades to motivate and assess performance while addressing concerns to support continuous monitoring Show
NICE T1003 Work with security managers (i.e., system owners, information system security managers, information system security officers, etc.) to establish appropriate reporting requirements for continuous monitoring at the system level. Show
NICE T1004 Use continuous monitoring tools to assess risk on an ongoing basis. Show
NICE T1005 Use the continuous monitoring data to make information security investment decisions to address persistent issues. Show
NICE T1006 Respond to issues flagged during continuous monitoring, escalate and coordinate a response. Show
NICE T1007 Review findings from the continuous monitoring program and mitigate risks on a timely basis. Show

Knowledge Descriptions For NICE

Framework Name Description Show
NICE K0001 Knowledge of computer networking concepts and protocols, and network security methodologies. Show
NICE K0002 Knowledge of risk management processes (e.g., methods for assessing and mitigating risk). Show
NICE K0003 Knowledge of laws, regulations, policies, and ethics as they relate to cybersecurity and privacy. Show
NICE K0004 Knowledge of cybersecurity and privacy principles. Show
NICE K0005 Knowledge of cyber threats and vulnerabilities. Show
NICE K0006 Knowledge of specific operational impacts of cybersecurity lapses. Show
NICE K0007 Knowledge of authentication, authorization, and access control methods. Show
NICE K0008 Knowledge of applicable business processes and operations of customer organizations. Show
NICE K0009 Knowledge of application vulnerabilities. Show
NICE K0010 Knowledge of communication methods, principles, and concepts that support the network infrastructure. Show
NICE K0011 Knowledge of capabilities and applications of network equipment including routers, switches, bridges, servers, transmission media, and related hardware. Show
NICE K0012 Knowledge of capabilities and requirements analysis. Show
NICE K0013 Knowledge of cyber defense and vulnerability assessment tools and their capabilities. Show
NICE K0014 Knowledge of complex data structures. Show
NICE K0015 Knowledge of computer algorithms. Show
NICE K0016 Knowledge of computer programming principles Show
NICE K0017 Knowledge of concepts and practices of processing digital forensic data. Show
NICE K0018 Knowledge of encryption algorithms Show
NICE K0019 Knowledge of cryptography and cryptographic key management concepts Show
NICE K0020 Knowledge of data administration and data standardization policies. Show
NICE K0021 Knowledge of data backup and recovery. Show
NICE K0022 Knowledge of data mining and data warehousing principles. Show
NICE K0023 Knowledge of database management systems, query languages, table relationships, and views. Show
NICE K0024 Knowledge of database systems. Show
NICE K0025 Knowledge of digital rights management. Show
NICE K0026 Knowledge of business continuity and disaster recovery continuity of operations plans. Show
NICE K0027 Knowledge of organization's enterprise information security architecture. Show
NICE K0028 Knowledge of organization's evaluation and validation requirements. Show
NICE K0029 Knowledge of organization's Local and Wide Area Network connections. Show
NICE K0030 Knowledge of electrical engineering as applied to computer architecture (e.g., circuit boards, processors, chips, and computer hardware). Show
NICE K0031 Knowledge of enterprise messaging systems and associated software. Show
NICE K0032 Knowledge of resiliency and redundancy. Show
NICE K0033 Knowledge of host/network access control mechanisms (e.g., access control list, capabilities lists). Show
NICE K0034 Knowledge of network services and protocols interactions that provide network communications. Show
NICE K0035 Knowledge of installation, integration, and optimization of system components. Show
NICE K0036 Knowledge of human-computer interaction principles. Show
NICE K0037 Knowledge of Security Assessment and Authorization process. Show
NICE K0038 Knowledge of cybersecurity and privacy principles used to manage risks related to the use, processing, storage, and transmission of information or data. Show
NICE K0039 Knowledge of cybersecurity and privacy principles and methods that apply to software development. Show
NICE K0040 Knowledge of vulnerability information dissemination sources (e.g., alerts, advisories, errata, and bulletins). Show
NICE K0041 Knowledge of incident categories, incident responses, and timelines for responses. Show
NICE K0042 Knowledge of incident response and handling methodologies. Show
NICE K0043 Knowledge of industry-standard and organizationally accepted analysis principles and methods. Show
NICE K0044 Knowledge of cybersecurity and privacy principles and organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation). Show
NICE K0045 Knowledge of information security systems engineering principles (NIST SP 800-160). Show
NICE K0046 Knowledge of intrusion detection methodologies and techniques for detecting host and network-based intrusions. Show
NICE K0047 Knowledge of information technology (IT) architectural concepts and frameworks. Show
NICE K0048 Knowledge of Risk Management Framework (RMF) requirements. Show
NICE K0049 Knowledge of information technology (IT) security principles and methods (e.g., firewalls, demilitarized zones, encryption). Show
NICE K0050 Knowledge of local area and wide area networking principles and concepts including bandwidth management. Show
NICE K0051 Knowledge of low-level computer languages (e.g., assembly languages). Show
NICE K0052 Knowledge of mathematics (e.g. logarithms, trigonometry, linear algebra, calculus, statistics, and operational analysis). Show
NICE K0053 Knowledge of measures or indicators of system performance and availability. Show
NICE K0054 Knowledge of current industry methods for evaluating, implementing, and disseminating information technology (IT) security assessment, monitoring, detection, and remediation tools and procedures utilizing standards-based concepts and capabilities. Show
NICE K0055 Knowledge of microprocessors. Show
NICE K0056 Knowledge of network access, identity, and access management (e.g., public key infrastructure, Oauth, OpenID, SAML, SPML). Show
NICE K0057 Knowledge of network hardware devices and functions. Show
NICE K0058 Knowledge of network traffic analysis methods. Show
NICE K0059 Knowledge of new and emerging information technology (IT) and cybersecurity technologies. Show
NICE K0060 Knowledge of operating systems. Show
NICE K0061 Knowledge of how traffic flows across the network (e.g., Transmission Control Protocol [TCP] and Internet Protocol [IP], Open System Interconnection Model [OSI], Information Technology Infrastructure Library, current version [ITIL]). Show
NICE K0062 Knowledge of packet-level analysis. Show
NICE K0063 Knowledge of parallel and distributed computing concepts. Show
NICE K0064 Knowledge of performance tuning tools and techniques. Show
NICE K0065 Knowledge of policy-based and risk adaptive access controls. Show
NICE K0066 Knowledge of Privacy Impact Assessments. Show
NICE K0067 Knowledge of process engineering concepts. Show
NICE K0068 Knowledge of programming language structures and logic. Show
NICE K0069 Knowledge of query languages such as SQL (structured query language). Show
NICE K0070 Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, Procedural Language/Structured Query Language [PL/SQL] and injections, race conditions, covert channel, replay, return-oriented attacks, malicious code). Show
NICE K0071 Knowledge of remote access technology concepts. Show
NICE K0072 Knowledge of resource management principles and techniques. Show
NICE K0073 Knowledge of secure configuration management techniques. (e.g., Security Technical Implementation Guides (STIGs), cybersecurity best practices on cisecurity.org). Show
NICE K0074 Knowledge of key concepts in security management (e.g., Release Management, Patch Management). Show
NICE K0075 Knowledge of security system design tools, methods, and techniques. Show
NICE K0076 Knowledge of server administration and systems engineering theories, concepts, and methods. Show
NICE K0077 Knowledge of server and client operating systems. Show
NICE K0078 Knowledge of server diagnostic tools and fault identification techniques. Show
NICE K0079 Knowledge of software debugging principles. Show
NICE K0080 Knowledge of software design tools, methods, and techniques. Show
NICE K0081 Knowledge of software development models (e.g., Waterfall Model, Spiral Model). Show
NICE K0082 Knowledge of software engineering. Show
NICE K0083 Knowledge of sources, characteristics, and uses of the organization’s data assets. Show
NICE K0084 Knowledge of structured analysis principles and methods. Show
NICE K0085 WITHDRAWN: Knowledge of system and application security threats and vulnerabilities. (See K0070) Show
NICE K0086 Knowledge of system design tools, methods, and techniques, including automated systems analysis and design tools. Show
NICE K0087 Knowledge of system software and organizational design standards, policies, and authorized approaches (e.g., International Organization for Standardization [ISO] guidelines) relating to system design. Show
NICE K0088 Knowledge of systems administration concepts. Show
NICE K0089 Knowledge of systems diagnostic tools and fault identification techniques. Show
NICE K0090 Knowledge of system life cycle management principles, including software security and usability. Show
NICE K0091 Knowledge of systems testing and evaluation methods. Show
NICE K0092 Knowledge of technology integration processes. Show
NICE K0093 Knowledge of telecommunications concepts (e.g., Communications channel, Systems Link Budgeting, Spectral efficiency, Multiplexing). Show
NICE K0094 Knowledge of the capabilities and functionality associated with content creation technologies (e.g., wikis, social networking, content management systems, blogs). Show
NICE K0095 Knowledge of the capabilities and functionality associated with various technologies for organizing and managing information (e.g., databases, bookmarking engines). Show
NICE K0096 Knowledge of the capabilities and functionality of various collaborative technologies (e.g., groupware, SharePoint). Show
NICE K0097 Knowledge of the characteristics of physical and virtual data storage media. Show
NICE K0098 Knowledge of the cyber defense Service Provider reporting structure and processes within one’s own organization. Show
NICE K0099 WITHDRAWN: Knowledge of the common networking protocols (e.g., TCP/IP), services (e.g., web, mail, Domain Name Server), and how they interact to provide network communications. Show
NICE K0100 Knowledge of the enterprise information technology (IT) architecture. Show
NICE K0101 Knowledge of the organization’s enterprise information technology (IT) goals and objectives. Show
NICE K0102 Knowledge of the systems engineering process. Show
NICE K0103 Knowledge of the type and frequency of routine hardware maintenance. Show
NICE K0104 Knowledge of Virtual Private Network (VPN) security. Show
NICE K0105 Knowledge of web services (e.g., service-oriented architecture, Simple Object Access Protocol, and web service description language). Show
NICE K0106 Knowledge of what constitutes a network attack and a network attack’s relationship to both threats and vulnerabilities. Show
NICE K0107 Knowledge of Insider Threat investigations, reporting, investigative tools and laws/regulations. Show
NICE K0108 Knowledge of concepts, terminology, and operations of a wide range of communications media (computer and telephone networks, satellite, fiber, wireless). Show
NICE K0109 Knowledge of physical computer components and architectures, including the functions of various components and peripherals (e.g., CPUs, Network Interface Cards, data storage). Show
NICE K0110 Knowledge of adversarial tactics, techniques, and procedures. Show
NICE K0111 Knowledge of network tools (e.g., ping, traceroute, nslookup) Show
NICE K0112 Knowledge of defense-in-depth principles and network security architecture. Show
NICE K0113 Knowledge of different types of network communication (e.g., LAN, WAN, MAN, WLAN, WWAN). Show
NICE K0114 Knowledge of electronic devices (e.g., computer systems/components, access control devices, digital cameras, digital scanners, electronic organizers, hard drives, memory cards, modems, network components, networked appliances, networked home control devices, printers, removable storage devices, telephones, copiers, facsimile machines, etc.). Show
NICE K0115 Knowledge that technology that can be exploited. Show
NICE K0116 Knowledge of file extensions (e.g., .dll, .bat, .zip, .pcap, .gzip). Show
NICE K0117 Knowledge of file system implementations (e.g., New Technology File System [NTFS], File Allocation Table [FAT], File Extension [EXT]). Show
NICE K0118 Knowledge of processes for seizing and preserving digital evidence. Show
NICE K0119 Knowledge of hacking methodologies. Show
NICE K0120 Knowledge of how information needs and collection requirements are translated, tracked, and prioritized across the extended enterprise. Show
NICE K0121 Knowledge of information security program management and project management principles and techniques. Show
NICE K0122 Knowledge of investigative implications of hardware, Operating Systems, and network technologies. Show
NICE K0123 Knowledge of legal governance related to admissibility (e.g. Rules of Evidence). Show
NICE K0124 Knowledge of multiple cognitive domains and tools and methods applicable for learning in each domain. Show
NICE K0125 Knowledge of processes for collecting, packaging, transporting, and storing electronic evidence while maintaining chain of custody. Show
NICE K0126 Knowledge of Supply Chain Risk Management Practices (NIST SP 800-161) Show
NICE K0127 Knowledge of the nature and function of the relevant information structure (e.g., National Information Infrastructure). Show
NICE K0128 Knowledge of types and collection of persistent data. Show
NICE K0129 Knowledge of command-line tools (e.g., mkdir, mv, ls, passwd, grep). Show
NICE K0130 Knowledge of virtualization technologies and virtual machine development and maintenance. Show
NICE K0131 Knowledge of web mail collection, searching/analyzing techniques, tools, and cookies. Show
NICE K0132 Knowledge of which system files (e.g., log files, registry files, configuration files) contain relevant information and where to find those system files. Show
NICE K0133 Knowledge of types of digital forensics data and how to recognize them. Show
NICE K0134 Knowledge of deployable forensics. Show
NICE K0135 Knowledge of web filtering technologies. Show
NICE K0136 Knowledge of the capabilities of different electronic communication systems and methods (e.g., e-mail, VOIP, IM, web forums, Direct Video Broadcasts). Show
NICE K0137 Knowledge of the range of existing networks (e.g., PBX, LANs, WANs, WIFI, SCADA). Show
NICE K0138 Knowledge of Wi-Fi. Show
NICE K0139 Knowledge of interpreted and compiled computer languages. Show
NICE K0140 Knowledge of secure coding techniques. Show
NICE K0141 WITHDRAWN: Integrated into K0420 Show
NICE K0142 Knowledge of collection management processes, capabilities, and limitations. Show
NICE K0143 Knowledge of front-end collection systems, including traffic collection, filtering, and selection. Show
NICE K0144 Knowledge of social dynamics of computer attackers in a global context. Show
NICE K0145 Knowledge of security event correlation tools. Show
NICE K0146 Knowledge of the organization's core business/mission processes. Show
NICE K0147 Knowledge of emerging security issues, risks, and vulnerabilities. Show
NICE K0148 Knowledge of import/export control regulations and responsible agencies for the purposes of reducing supply chain risk. Show
NICE K0149 Knowledge of organization's risk tolerance and/or risk management approach. Show
NICE K0150 Knowledge of enterprise incident response program, roles, and responsibilities. Show
NICE K0151 Knowledge of current and emerging threats/threat vectors. Show
NICE K0152 Knowledge of software related information technology (IT) security principles and methods (e.g., modularization, layering, abstraction, data hiding, simplicity/minimization). Show
NICE K0153 Knowledge of software quality assurance process. Show
NICE K0154 Knowledge of supply chain risk management standards, processes, and practices. Show
NICE K0155 Knowledge of electronic evidence law. Show
NICE K0156 Knowledge of legal rules of evidence and court procedure. Show
NICE K0157 Knowledge of cyber defense and information security policies, procedures, and regulations. Show
NICE K0158 Knowledge of organizational information technology (IT) user security policies (e.g., account creation, password rules, access control). Show
NICE K0159 Knowledge of Voice over IP (VoIP). Show
NICE K0160 Knowledge of the common attack vectors on the network layer. Show
NICE K0161 Knowledge of different classes of attacks (e.g., passive, active, insider, close-in, distribution attacks). Show
NICE K0162 Knowledge of cyber attackers (e.g., script kiddies, insider threat, non-nation state sponsored, and nation sponsored). Show
NICE K0163 Knowledge of critical information technology (IT) procurement requirements. Show
NICE K0164 Knowledge of functionality, quality, and security requirements and how these will apply to specific items of supply (i.e., elements and processes). Show
NICE K0165 Knowledge of risk/threat assessment. Show
NICE K0166 WITHDRAWN: Knowledge of the nature and function of the relevant information structure. (See K0127) Show
NICE K0167 Knowledge of system administration, network, and operating system hardening techniques. Show
NICE K0168 Knowledge of applicable laws, statutes (e.g., in Titles 10, 18, 32, 50 in U.S. Code), Presidential Directives, executive branch guidelines, and/or administrative/criminal legal guidelines and procedures. Show
NICE K0169 Knowledge of information technology (IT) supply chain security and supply chain risk management policies, requirements, and procedures. Show
NICE K0170 Knowledge of critical infrastructure systems with information communication technology that were designed without system security considerations. Show
NICE K0171 Knowledge of hardware reverse engineering techniques. Show
NICE K0172 Knowledge of middleware (e.g., enterprise service bus and message queuing). Show
NICE K0173 WITHDRAWN: Integrated into K0499 (prior to draft SP 800-181) Show
NICE K0174 Knowledge of networking protocols. Show
NICE K0175 Knowledge of software reverse engineering techniques. Show
NICE K0176 Knowledge of Extensible Markup Language (XML) schemas. Show
NICE K0177 Knowledge of cyber attack stages (e.g., reconnaissance, scanning, enumeration, gaining access, escalation of privileges, maintaining access, network exploitation, covering tracks). Show
NICE K0178 Knowledge of secure software deployment methodologies, tools, and practices. Show
NICE K0179 Knowledge of network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth). Show
NICE K0180 Knowledge of network systems management principles, models, methods (e.g., end-to-end systems performance monitoring), and tools. Show
NICE K0181 WITHDRAWN: Knowledge of transmission records (e.g., Bluetooth, Radio Frequency Identification [RFID], Infrared Networking [IR], Wireless Fidelity [Wi-Fi]. paging, cellular, satellite dishes), and jamming techniques that enable transmission of undesirable information, or prevent installed systems from operating correctly. (See K0274) Show
NICE K0182 Knowledge of data carving tools and techniques (e.g., Foremost). Show
NICE K0183 Knowledge of reverse engineering concepts. Show
NICE K0184 Knowledge of anti-forensics tactics, techniques, and procedures. Show
NICE K0185 Knowledge of forensics lab design configuration and support applications (e.g., VMWare, Wireshark). Show
NICE K0186 Knowledge of debugging procedures and tools. Show
NICE K0187 Knowledge of file type abuse by adversaries for anomalous behavior. Show
NICE K0188 Knowledge of malware analysis tools (e.g., Oily Debug, Ida Pro). Show
NICE K0189 Knowledge of malware with virtual machine detection (e.g. virtual aware malware, debugger aware malware, and unpacked malware that looks for VM-related strings in your computer’s display device). Show
NICE K0190 Knowledge of encryption methodologies. Show
NICE K0191 Knowledge of signature implementation impact for viruses, malware, and attacks. Show
NICE K0192 Knowledge of Windows/Unix ports and services. Show
NICE K0193 Knowledge of advanced data remediation security features in databases. Show
NICE K0194 Knowledge of Cloud-based knowledge management technologies and concepts related to security, governance, procurement, and administration. Show
NICE K0195 Knowledge of data classification standards and methodologies based on sensitivity and other risk factors. Show
NICE K0196 Knowledge of Import/Export Regulations related to cryptography and other security technologies. Show
NICE K0197 Knowledge of database access application programming interfaces (e.g., Java Database Connectivity [JDBC]). Show
NICE K0198 Knowledge of organizational process improvement concepts and process maturity models (e.g., Capability Maturity Model Integration (CMMI) for Development, CMMI for Services, and CMMI for Acquisitions). Show
NICE K0199 Knowledge of security architecture concepts and enterprise architecture reference models (e.g., Zachman, Federal Enterprise Architecture [FEA]). Show
NICE K0200 Knowledge of service management concepts for networks and related standards (e.g., Information Technology Infrastructure Library, current version [ITIL]). Show
NICE K0201 Knowledge of symmetric key rotation techniques and concepts. Show
NICE K0202 Knowledge of the application firewall concepts and functions (e.g., Single point of authentication/audit/policy enforcement, message scanning for malicious content, data anonymization for PCI and PII compliance, data loss protection scanning, accelerated cryptographic operations, SSL security, REST/JSON processing). Show
NICE K0203 Knowledge of security models (e.g., Bell-LaPadula model, Biba integrity model, Clark-Wilson integrity model). Show
NICE K0204 Knowledge of learning assessment techniques (rubrics, evaluation plans, tests, quizzes). Show
NICE K0205 Knowledge of basic system, network, and OS hardening techniques. Show
NICE K0206 Knowledge of ethical hacking principles and techniques. Show
NICE K0207 Knowledge of circuit analysis. Show
NICE K0208 Knowledge of computer based training and e-learning services. Show
NICE K0209 Knowledge of covert communication techniques. Show
NICE K0210 Knowledge of data backup and restoration concepts. Show
NICE K0211 Knowledge of confidentiality, integrity, and availability requirements. Show
NICE K0212 Knowledge of cybersecurity-enabled software products. Show
NICE K0213 Knowledge of instructional design and evaluation models (e.g., ADDIE, Smith/Ragan model, Gagne’s Events of Instruction, Kirkpatrick’s model of evaluation). Show
NICE K0214 Knowledge of the Risk Management Framework Assessment Methodology. Show
NICE K0215 Knowledge of organizational training policies. Show
NICE K0216 Knowledge of learning levels (i.e., Bloom’s Taxonomy of learning). Show
NICE K0217 Knowledge of Learning Management Systems and their use in managing learning. Show
NICE K0218 Knowledge of learning styles (e.g., assimilator, auditory, kinesthetic). Show
NICE K0219 WITHDRAWN: Knowledge of local area network (LAN) and wide area network (WAN) principles. (See K0050) Show
NICE K0220 Knowledge of modes of learning (e.g., rote learning, observation). Show
NICE K0221 Knowledge of OSI model and underlying network protocols (e.g., TCP/IP). Show
NICE K0222 Knowledge of relevant laws, legal authorities, restrictions, and regulations pertaining to cyber defense activities. Show
NICE K0223 WITHDRAWN: Integrated into K0073 Show
NICE K0224 Knowledge of system administration concepts for operating systems such as but not limited to Unix/Linux, IOS, Android, and Windows operating systems. Show
NICE K0225 WITHDRAWN: Knowledge of the common networking protocol and services deployed at CC/S/A. (See K0565) Show
NICE K0226 Knowledge of organizational training systems. Show
NICE K0227 Knowledge of various types of computer architectures. Show
NICE K0228 Knowledge of taxonomy and semantic ontology theory. Show
NICE K0229 Knowledge of applications that can log errors, exceptions, and application faults and logging. Show
NICE K0230 Knowledge of cloud service models and how those models can limit incident response. Show
NICE K0231 Knowledge of crisis management protocols, processes, and techniques. Show
NICE K0232 WITHDRAWN: Knowledge of critical protocols (e.g., IPSEC, AES, GRE, IKE). Show
NICE K0233 Knowledge of the National Cybersecurity Workforce Framework, work roles, and associated tasks, knowledge, skills, and abilities. Show
NICE K0234 Knowledge of full spectrum cyber capabilities (e.g., defense, attack, exploitation). Show
NICE K0235 Knowledge of how to leverage research and development centers, think tanks, academic research, and industry systems. Show
NICE K0236 Knowledge of how to utilize Hadoop, Java, Python, SQL, Hive, and Pig to explore data. Show
NICE K0237 Knowledge of industry best practices for service desk. Show
NICE K0238 Knowledge of machine learning theory and principles. Show
NICE K0239 Knowledge of media production, communication, and dissemination techniques and methods, including alternative ways to inform via written, oral, and visual media. Show
NICE K0240 Knowledge of multi-level security systems and cross domain solutions. Show
NICE K0241 Knowledge of organizational human resource policies, processes, and procedures. Show
NICE K0242 Knowledge of organizational security policies. Show
NICE K0243 Knowledge of organizational training and education policies, processes, and procedures. Show
NICE K0244 Knowledge of physical and physiological behaviors that may indicate suspicious or abnormal activity. Show
NICE K0245 Knowledge of principles and processes for conducting training and education needs assessment. Show
NICE K0246 Knowledge of relevant concepts, procedures, software, equipment, and technology applications. Show
NICE K0247 Knowledge of remote access processes, tools, and capabilities related to customer support. Show
NICE K0248 Knowledge of strategic theory and practice. Show
NICE K0249 Knowledge of sustainment technologies, processes and strategies. Show
NICE K0250 Knowledge of Test & Evaluation processes for learners. Show
NICE K0251 Knowledge of the judicial process, including the presentation of facts and evidence. Show
NICE K0252 Knowledge of training and education principles and methods for curriculum design, teaching and instruction for individuals and groups, and the measurement of training and education effects. Show
NICE K0253 WITHDRAWN: Integrated into K0227 Show
NICE K0254 Knowledge of binary analysis. Show
NICE K0255 Knowledge of network architecture concepts including topology, protocols, and components. Show
NICE K0256 WITHDRAWN: Integrated into K0224 Show
NICE K0257 Knowledge of information technology (IT) acquisition/procurement requirements. Show
NICE K0258 Knowledge of test procedures, principles, and methodologies (e.g., Capabilities and Maturity Model Integration (CMMI)). Show
NICE K0259 Knowledge of malware analysis concepts and methodologies. Show
NICE K0260 Knowledge of Personally Identifiable Information (PII) data security standards. Show
NICE K0261 Knowledge of Payment Card Industry (PCI) data security standards. Show
NICE K0262 Knowledge of Personal Health Information (PHI) data security standards. Show
NICE K0263 Knowledge of information technology (IT) risk management policies, requirements, and procedures. Show
NICE K0264 Knowledge of program protection planning (e.g. information technology (IT) supply chain security/risk management policies, anti-tampering techniques, and requirements). Show
NICE K0265 Knowledge of infrastructure supporting information technology (IT) for safety, performance, and reliability. Show
NICE K0266 Knowledge of how to evaluate the trustworthiness of the supplier and/or product. Show
NICE K0267 Knowledge of laws, policies, procedures, or governance relevant to cybersecurity for critical infrastructures. Show
NICE K0268 Knowledge of forensic footprint identification. Show
NICE K0269 Knowledge of mobile communications architecture. Show
NICE K0270 Knowledge of the acquisition/procurement life cycle process. Show
NICE K0271 Knowledge of operating system structures and internals (e.g., process management, directory structure, installed applications). Show
NICE K0272 Knowledge of network analysis tools used to identify software communications vulnerabilities. Show
NICE K0273 WITHDRAWN: Knowledge of general kill chain (e.g., footprinting and scanning, enumeration, gaining access, escalation of privileges, maintaining access, network exploitation, covering tracks). Show
NICE K0274 Knowledge of transmission records (e.g., Bluetooth, Radio Frequency Identification (RFID), Infrared Networking (IR), Wireless Fidelity (Wi-Fi). paging, cellular, satellite dishes, Voice over Internet Protocol (VoIP)), and jamming techniques that enable transmission of undesirable information, or prevent installed systems from operating correctly. Show
NICE K0275 Knowledge of configuration management techniques. Show
NICE K0276 Knowledge of security management. Show
NICE K0277 Knowledge of current and emerging data encryption (e.g., Column and Tablespace Encryption, file and disk encryption) security features in databases (e.g. built-in cryptographic key management features). Show
NICE K0278 Knowledge of current and emerging data remediation security features in databases. Show
NICE K0279 WITHDRAWN: Knowledge of database access application programming interfaces (APIs) (e.g., Java Database Connectivity [JDBC]). Show
NICE K0280 Knowledge of systems engineering theories, concepts, and methods. Show
NICE K0281 Knowledge of information technology (IT) service catalogues. Show
NICE K0282 WITHDRAWN: Integrated into K0200 Show
NICE K0283 Knowledge of use cases related to collaboration and content synchronization across platforms (e.g., Mobile, PC, Cloud). Show
NICE K0284 Knowledge of developing and applying user credential management system. Show
NICE K0285 Knowledge of implementing enterprise key escrow systems to support data-at-rest encryption. Show
NICE K0286 Knowledge of N-tiered typologies (e.g. including server and client operating systems). Show
NICE K0287 Knowledge of an organization's information classification program and procedures for information compromise. Show
NICE K0288 Knowledge of industry standard security models. Show
NICE K0289 Knowledge of system/server diagnostic tools and fault identification techniques. Show
NICE K0290 Knowledge of systems security testing and evaluation methods. Show
NICE K0291 Knowledge of the enterprise information technology (IT) architectural concepts and patterns (e.g., baseline, validated design, and target architectures.) Show
NICE K0292 Knowledge of the operations and processes for incident, problem, and event management. Show
NICE K0293 Knowledge of integrating the organization’s goals and objectives into the architecture. Show
NICE K0294 Knowledge of IT system operation, maintenance, and security needed to keep equipment functioning properly. Show
NICE K0295 Knowledge of confidentiality, integrity, and availability principles. Show
NICE K0296 Knowledge of capabilities, applications, and potential vulnerabilities of network equipment including hubs, routers, switches, bridges, servers, transmission media, and related hardware. Show
NICE K0297 Knowledge of countermeasure design for identified security risks. Show
NICE K0298 Knowledge of countermeasures for identified security risks. Show
NICE K0299 Knowledge in determining how a security system should work (including its resilience and dependability capabilities) and how changes in conditions, operations, or the environment will affect these outcomes. Show
NICE K0300 Knowledge of network mapping and recreating network topologies. Show
NICE K0301 Knowledge of packet-level analysis using appropriate tools (e.g., Wireshark, tcpdump). Show
NICE K0302 Knowledge of the basic operation of computers. Show
NICE K0303 Knowledge of the use of sub-netting tools. Show
NICE K0304 Knowledge of concepts and practices of processing digital forensic data. Show
NICE K0305 Knowledge of data concealment (e.g. encryption algorithms and steganography). Show
NICE K0306 WITHDRAWN: Knowledge of basic physical computer components and architectures Show
NICE K0307 WITHDRAWN: Knowledge of common network tools (e.g., ping, traceroute, nslookup). (See K0111) Show
NICE K0308 Knowledge of cryptology. Show
NICE K0309 Knowledge of emerging technologies that have potential for exploitation. Show
NICE K0310 Knowledge of hacking methodologies. Show
NICE K0311 Knowledge of industry indicators useful for identifying technology trends. Show
NICE K0312 Knowledge of intelligence gathering principles, policies, and procedures including legal authorities and restrictions. Show
NICE K0313 Knowledge of external organizations and academic institutions with cyber focus (e.g., cyber curriculum/training and Research & Development). Show
NICE K0314 Knowledge of industry technologies’ potential cybersecurity vulnerabilities. Show
NICE K0315 Knowledge of the principal methods, procedures, and techniques of gathering information and producing, reporting, and sharing information. Show
NICE K0316 Knowledge of business or military operation plans, concept operation plans, orders, policies, and standing rules of engagement. Show
NICE K0317 Knowledge of procedures used for documenting and querying reported incidents, problems, and events. Show
NICE K0318 Knowledge of operating system command-line tools. Show
NICE K0319 Knowledge of technical delivery capabilities and their limitations. Show
NICE K0320 Knowledge of organization's evaluation and validation criteria. Show
NICE K0321 Knowledge of engineering concepts as applied to computer architecture and associated computer hardware/software. Show
NICE K0322 Knowledge of embedded systems. Show
NICE K0323 Knowledge of system fault tolerance methodologies. Show
NICE K0324 Knowledge of Intrusion Detection System (IDS)/Intrusion Prevention System (IPS) tools and applications. Show
NICE K0325 Knowledge of Information Theory (e.g., source coding, channel coding, algorithm complexity theory, and data compression). Show
NICE K0326 Knowledge of demilitarized zones. Show
NICE K0327 WITHDRAWN: Knowledge of local area network (LAN), wide area network (WAN) and enterprise principles and concepts, including bandwidth management. (See K0050) Show
NICE K0328 WITHDRAWN: Knowledge of mathematics, including logarithms, trigonometry, linear algebra, calculus, statistics, and operational analysis. Show
NICE K0329 WITHDRAWN: Knowledge of statistics. Show
NICE K0330 Knowledge of successful capabilities to identify the solutions to less common and more complex system problems. Show
NICE K0331 WITHDRAWN: Knowledge of network protocols (e.g., Transmission Control Protocol (TCP), Internet Protocol (IP), Dynamic Host Configuration Protocol (DHCP)), and directory services (e.g., Domain Name System (DNS)). (See K0332) Show
NICE K0332 Knowledge of network protocols such as TCP/IP, Dynamic Host Configuration, Domain Name System (DNS), and directory services. Show
NICE K0333 Knowledge of network design processes, to include understanding of security objectives, operational objectives, and trade-offs. Show
NICE K0334 Knowledge of network traffic analysis (tools, methodologies, processes). Show
NICE K0335 Knowledge of current and emerging cyber technologies. Show
NICE K0336 Knowledge of access authentication methods. Show
NICE K0337 WITHDRAWN: Integrated into K0007 Show
NICE K0338 Knowledge of data mining techniques. Show
NICE K0339 Knowledge of how to use network analysis tools to identify vulnerabilities. Show
NICE K0340 WITHDRAWN: Knowledge of how traffic flows across the network (e.g., Transmission Control Protocol (TCP), Internet Protocol (IP), Open System Interconnection Model (OSI)). Show
NICE K0341 Knowledge of foreign disclosure policies and import/export control regulations as related to cybersecurity. Show
NICE K0342 Knowledge of penetration testing principles, tools, and techniques. Show
NICE K0343 Knowledge of root cause analysis techniques. Show
NICE K0344 Knowledge of an organization’s threat environment. Show
NICE K0345 WITHDRAWN: Knowledge of cyber attackers (e.g., script kiddies, insider threat, non-nation state sponsored, and nation sponsored). Show
NICE K0346 Knowledge of principles and methods for integrating system components. Show
NICE K0347 Knowledge and understanding of operational design. Show
NICE K0348 WITHDRAWN: Knowledge of a wide range of basic communications media concepts and terminology (e.g., computer and telephone networks, satellite, cable, wireless). Show
NICE K0349 Knowledge of website types, administration, functions, and content management system (CMS). Show
NICE K0350 Knowledge of accepted organization planning systems. Show
NICE K0351 Knowledge of applicable statutes, laws, regulations and policies governing cyber targeting and exploitation. Show
NICE K0352 Knowledge of forms of intelligence support needs, topics, and focus areas. Show
NICE K0353 Knowledge of possible circumstances that would result in changing collection management authorities. Show
NICE K0354 Knowledge of relevant reporting and dissemination procedures. Show
NICE K0355 Knowledge of all-source reporting and dissemination procedures. Show
NICE K0356 Knowledge of analytic tools and techniques for language, voice and/or graphic material. Show
NICE K0357 WITHDRAWN: Knowledge of analytical constructs and their use in assessing the operational environment. (See K0224) Show
NICE K0358 Knowledge of analytical standards and the purpose of intelligence confidence levels. Show
NICE K0359 Knowledge of approved intelligence dissemination processes. Show
NICE K0360 WITHDRAWN: Knowledge of assembly code. Show
NICE K0361 Knowledge of asset availability, capabilities and limitations. Show
NICE K0362 Knowledge of attack methods and techniques (DDoS, brute force, spoofing, etc.). Show
NICE K0363 Knowledge of auditing and logging procedures (including server-based logging). Show
NICE K0364 Knowledge of available databases and tools necessary to assess appropriate collection tasking. Show
NICE K0365 WITHDRAWN: Knowledge of basic back-up and recovery procedures including different types of backups (e.g., full, incremental). Show
NICE K0366 WITHDRAWN: Knowledge of basic computer components and architectures, including the functions of various peripherals. Show
NICE K0367 Knowledge of penetration testing. Show
NICE K0368 Knowledge of implants that enable cyber collection and/or preparation activities. Show
NICE K0369 WITHDRAWN: Knowledge of basic malicious activity concepts (e.g., footprinting, scanning and enumeration). Show
NICE K0370 WITHDRAWN: Knowledge of basic physical computer components and architecture, including the functions of various components and peripherals (e.g., CPUs, Network Interface Cards, data storage). (See K0109) Show
NICE K0371 Knowledge of principles of the collection development processes (e.g., Dialed Number Recognition, Social Network Analysis). Show
NICE K0372 Knowledge of programming concepts (e.g., levels, structures, compiled vs. interpreted languages). Show
NICE K0373 Knowledge of basic software applications (e.g., data storage and backup, database applications) and the types of vulnerabilities that have been found in those applications. Show
NICE K0374 WITHDRAWN: Knowledge of basic structure, architecture, and design of modern digital and telephony networks. (See K0599) Show
NICE K0375 Knowledge of wireless applications vulnerabilities. Show
NICE K0376 Knowledge of internal and external customers and partner organizations, including information needs, objectives, structure, capabilities, etc. Show
NICE K0377 Knowledge of classification and control markings standards, policies and procedures. Show
NICE K0378 WITHDRAWN: Knowledge of classification and control markings standards. (See K0377) Show
NICE K0379 Knowledge of client organizations, including information needs, objectives, structure, capabilities, etc. Show
NICE K0380 Knowledge of collaborative tools and environments. Show
NICE K0381 Knowledge of collateral damage and estimating impact(s). Show
NICE K0382 Knowledge of collection capabilities and limitations. Show
NICE K0383 Knowledge of collection capabilities, accesses, performance specifications, and constraints utilized to satisfy collection plan. Show
NICE K0384 Knowledge of collection management functionality (e.g., positions, functions, responsibilities, products, reporting requirements). Show
NICE K0385 WITHDRAWN: Integrated into K0142 Show
NICE K0386 Knowledge of collection management tools. Show
NICE K0387 Knowledge of collection planning process and collection plan. Show
NICE K0388 Knowledge of collection searching/analyzing techniques and tools for chat/buddy list, emerging technologies, VOIP, Media Over IP, VPN, VSAT/wireless, web mail and cookies. Show
NICE K0389 Knowledge of collection sources including conventional and non-conventional sources. Show
NICE K0390 Knowledge of collection strategies. Show
NICE K0391 Knowledge of collection systems, capabilities, and processes. Show
NICE K0392 Knowledge of common computer/network infections (virus, Trojan, etc.) and methods of infection (ports, attachments, etc.). Show
NICE K0393 Knowledge of common networking devices and their configurations. Show
NICE K0394 Knowledge of common reporting databases and tools. Show
NICE K0395 Knowledge of computer networking fundamentals (i.e., basic computer components of a network, types of networks, etc.). Show
NICE K0396 Knowledge of computer programming concepts, including computer languages, programming, testing, debugging, and file types. Show
NICE K0397 Knowledge of security concepts in operating systems (e.g., Linux, Unix.) Show
NICE K0398 Knowledge of concepts related to websites (e.g., web servers/pages, hosting, DNS, registration, web languages such as HTML). Show
NICE K0399 Knowledge of crisis action planning and time sensitive planning procedures. Show
NICE K0400 Knowledge of crisis action planning for cyber operations. Show
NICE K0401 Knowledge of criteria for evaluating collection products. Show
NICE K0402 Knowledge of criticality and vulnerability factors (e.g., value, recuperation, cushion, countermeasures) for target selection and applicability to the cyber domain. Show
NICE K0403 Knowledge of cryptologic capabilities, limitations, and contributions to cyber operations. Show
NICE K0404 Knowledge of current collection requirements. Show
NICE K0405 Knowledge of current computer-based intrusion sets. Show
NICE K0406 Knowledge of current software and methodologies for active defense and system hardening. Show
NICE K0407 Knowledge of customer information needs. Show
NICE K0408 Knowledge of cyber actions (i.e. cyber defense, information gathering, environment preparation, cyber-attack) principles, capabilities, limitations, and effects. Show
NICE K0409 Knowledge of cyber intelligence/information collection capabilities and repositories. Show
NICE K0410 Knowledge of cyber laws and their effect on Cyber planning. Show
NICE K0411 Knowledge of cyber laws and legal considerations and their effect on cyber planning. Show
NICE K0412 Knowledge of cyber lexicon/terminology Show
NICE K0413 Knowledge of cyber operation objectives, policies, and legalities. Show
NICE K0414 Knowledge of cyber operations support or enabling processes. Show
NICE K0415 Knowledge of cyber operations terminology/lexicon. Show
NICE K0416 Knowledge of cyber operations. Show
NICE K0417 Knowledge of data communications terminology (e.g., networking protocols, Ethernet, IP, encryption, optical devices, removable media). Show
NICE K0418 Knowledge of data flow process for terminal or environment collection. Show
NICE K0419 Knowledge of database administration and maintenance. Show
NICE K0420 Knowledge of database theory. Show
NICE K0421 Knowledge of databases, portals and associated dissemination vehicles. Show
NICE K0422 Knowledge of deconfliction processes and procedures. Show
NICE K0423 Knowledge of deconfliction reporting to include external organization interaction. Show
NICE K0424 Knowledge of denial and deception techniques. Show
NICE K0425 Knowledge of different organization objectives at all levels, including subordinate, lateral and higher. Show
NICE K0426 Knowledge of dynamic and deliberate targeting. Show
NICE K0427 Knowledge of encryption algorithms and cyber capabilities/tools (e.g., SSL, PGP). Show
NICE K0428 Knowledge of encryption algorithms and tools for wireless local area networks (WLANs). Show
NICE K0429 Knowledge of enterprise-wide information management. Show
NICE K0430 Knowledge of evasion strategies and techniques. Show
NICE K0431 Knowledge of evolving/emerging communications technologies. Show
NICE K0432 Knowledge of existing, emerging, and long-range issues related to cyber operations strategy, policy, and organization. Show
NICE K0433 Knowledge of forensic implications of operating system structure and operations. Show
NICE K0434 WITHDRAWN: Knowledge of front-end collection systems, including traffic collection, filtering, and selection. Show
NICE K0435 Knowledge of fundamental cyber concepts, principles, limitations, and effects. Show
NICE K0436 Knowledge of fundamental cyber operations concepts, terminology/lexicon (i.e., environment preparation, cyber-attack, cyber defense), principles, capabilities, limitations, and effects. Show
NICE K0437 Knowledge of general Supervisory control and data acquisition (SCADA) system components. Show
NICE K0438 Knowledge of mobile cellular communications architecture (e.g., LTE, CDMA, GSM/EDGE and UMTS/HSPA). Show
NICE K0439 Knowledge of governing authorities for targeting. Show
NICE K0440 Knowledge of host-based security products and how those products affect exploitation and reduce vulnerability. Show
NICE K0441 WITHDRAWN: Knowledge of how collection requirements and information needs are translated, tracked, and prioritized across the extended enterprise. Show
NICE K0442 Knowledge of how converged technologies impact cyber operations (e.g., digital, telephony, wireless). Show
NICE K0443 WITHDRAWN: Knowledge of how hubs, switches, routers work together in the design of a network. (See K0143) Show
NICE K0444 Knowledge of how Internet applications work (SMTP email, web-based email, chat clients, VOIP). Show
NICE K0445 Knowledge of how modern digital and telephony networks impact cyber operations. Show
NICE K0446 Knowledge of how modern wireless communications systems impact cyber operations. Show
NICE K0447 Knowledge of how to collect, view, and identify essential information on targets of interest from metadata (e.g., email, http). Show
NICE K0448 Knowledge of how to establish priorities for resources. Show
NICE K0449 Knowledge of how to extract, analyze, and use metadata. Show
NICE K0450 WITHDRAWN: Integrated into K0036 Show
NICE K0451 Knowledge of identification and reporting processes. Show
NICE K0452 Knowledge of implementing Unix and Windows systems that provide radius authentication and logging, DNS, mail, web service, FTP server, DHCP, firewall, and SNMP. Show
NICE K0453 Knowledge of indications and warning. Show
NICE K0454 Knowledge of information needs. Show
NICE K0455 Knowledge of information security concepts, facilitating technologies and methods. Show
NICE K0456 Knowledge of intelligence capabilities and limitations. Show
NICE K0457 Knowledge of intelligence confidence levels. Show
NICE K0458 Knowledge of intelligence disciplines. Show
NICE K0459 Knowledge of intelligence employment requirements (i.e., logistical, communications support, maneuverability, legal restrictions, etc.). Show
NICE K0460 Knowledge of intelligence preparation of the environment and similar processes. Show
NICE K0461 Knowledge of intelligence production processes. Show
NICE K0462 Knowledge of intelligence reporting principles, policies, procedures, and vehicles, including report formats, reportability criteria (requirements and priorities), dissemination practices, and legal authorities and restrictions. Show
NICE K0463 Knowledge of intelligence requirements tasking systems. Show
NICE K0464 Knowledge of intelligence support to planning, execution, and assessment. Show
NICE K0465 Knowledge of internal and external partner cyber operations capabilities and tools. Show
NICE K0466 Knowledge of internal and external partner intelligence processes and the development of information requirements and essential information. Show
NICE K0467 Knowledge of internal and external partner organization capabilities and limitations (those with tasking, collection, processing, exploitation and dissemination responsibilities). Show
NICE K0468 Knowledge of internal and external partner reporting. Show
NICE K0469 Knowledge of internal tactics to anticipate and/or emulate threat capabilities and actions. Show
NICE K0470 Knowledge of Internet and routing protocols. Show
NICE K0471 Knowledge of Internet network addressing (IP addresses, classless inter-domain routing, TCP/UDP port numbering). Show
NICE K0472 Knowledge of intrusion detection systems and signature development. Show
NICE K0473 Knowledge of intrusion sets. Show
NICE K0474 Knowledge of key cyber threat actors and their equities. Show
NICE K0475 Knowledge of key factors of the operational environment and threat. Show
NICE K0476 Knowledge of language processing tools and techniques. Show
NICE K0477 Knowledge of leadership's Intent and objectives. Show
NICE K0478 Knowledge of legal considerations in targeting. Show
NICE K0479 Knowledge of malware analysis and characteristics. Show
NICE K0480 Knowledge of malware. Show
NICE K0481 Knowledge of methods and techniques used to detect various exploitation activities. Show
NICE K0482 Knowledge of methods for ascertaining collection asset posture and availability. Show
NICE K0483 Knowledge of methods to integrate and summarize information from any potential sources. Show
NICE K0484 Knowledge of midpoint collection (process, objectives, organization, targets, etc.). Show
NICE K0485 Knowledge of network administration. Show
NICE K0486 Knowledge of network construction and topology. Show
NICE K0487 Knowledge of network security (e.g., encryption, firewalls, authentication, honey pots, perimeter protection). Show
NICE K0488 Knowledge of network security implementations (e.g., host-based IDS, IPS, access control lists), including their function and placement in a network. Show
NICE K0489 Knowledge of network topology. Show
NICE K0490 WITHDRAWN: Integrated into K0058 Show
NICE K0491 Knowledge of networking and Internet communications fundamentals (i.e. devices, device configuration, hardware, software, applications, ports/protocols, addressing, network architecture and infrastructure, routing, operating systems, etc.). Show
NICE K0492 Knowledge of non-traditional collection methodologies. Show
NICE K0493 Knowledge of obfuscation techniques (e.g., TOR/Onion/anonymizers, VPN/VPS, encryption). Show
NICE K0494 Knowledge of objectives, situation, operational environment, and the status and disposition of internal and external partner collection capabilities available to support planning. Show
NICE K0495 Knowledge of ongoing and future operations. Show
NICE K0496 Knowledge of operational asset constraints. Show
NICE K0497 Knowledge of operational effectiveness assessment. Show
NICE K0498 Knowledge of operational planning processes. Show
NICE K0499 Knowledge of operations security. Show
NICE K0500 Knowledge of organization and/or partner collection systems, capabilities, and processes (e.g., collection and protocol processors). Show
NICE K0501 Knowledge of organization cyber operations programs, strategies, and resources. Show
NICE K0502 Knowledge of organization decision support tools and/or methods. Show
NICE K0503 Knowledge of organization formats of resource and asset readiness reporting, its operational relevance and intelligence collection impact. Show
NICE K0504 Knowledge of organization issues, objectives, and operations in cyber as well as regulations and policy directives governing cyber operations. Show
NICE K0505 Knowledge of organization objectives and associated demand on collection management. Show
NICE K0506 Knowledge of organization objectives, leadership priorities, and decision-making risks. Show
NICE K0507 Knowledge of organization or partner exploitation of digital networks. Show
NICE K0508 Knowledge of organization policies and planning concepts for partnering with internal and/or external organizations. Show
NICE K0509 Knowledge of organizational and partner authorities, responsibilities, and contributions to achieving objectives. Show
NICE K0510 Knowledge of organizational and partner policies, tools, capabilities, and procedures. Show
NICE K0511 Knowledge of organizational hierarchy and cyber decision-making processes. Show
NICE K0512 Knowledge of organizational planning concepts. Show
NICE K0513 Knowledge of organizational priorities, legal authorities and requirements submission processes. Show
NICE K0514 Knowledge of organizational structures and associated intelligence capabilities. Show
NICE K0515 WITHDRAWN: Knowledge of OSI model and underlying networking protocols (e.g., TCP/IP). Show
NICE K0516 Knowledge of physical and logical network devices and infrastructure to include hubs, switches, routers, firewalls, etc. Show
NICE K0517 Knowledge of post implementation review (PIR) approval process. Show
NICE K0518 Knowledge of planning activity initiation. Show
NICE K0519 Knowledge of planning timelines adaptive, crisis action, and time-sensitive planning. Show
NICE K0520 Knowledge of principles and practices related to target development such as target knowledge, associations, communication systems, and infrastructure. Show
NICE K0521 Knowledge of priority information, how it is derived, where it is published, how to access, etc. Show
NICE K0522 Knowledge of production exploitation and dissemination needs and architectures. Show
NICE K0523 Knowledge of products and nomenclature of major vendors (e.g., security suites - Trend Micro, Symantec, McAfee, Outpost, and Panda) and how those products affect exploitation and reduce vulnerabilities. Show
NICE K0524 Knowledge of relevant laws, regulations, and policies. Show
NICE K0525 Knowledge of required intelligence planning products associated with cyber operational planning. Show
NICE K0526 Knowledge of research strategies and knowledge management. Show
NICE K0527 Knowledge of risk management and mitigation strategies. Show
NICE K0528 Knowledge of satellite-based communication systems. Show
NICE K0529 Knowledge of scripting Show
NICE K0530 Knowledge of security hardware and software options, including the network artifacts they induce and their effects on exploitation. Show
NICE K0531 Knowledge of security implications of software configurations. Show
NICE K0532 Knowledge of specialized target language (e.g., acronyms, jargon, technical terminology, code words). Show
NICE K0533 Knowledge of specific target identifiers, and their usage. Show
NICE K0534 Knowledge of staff management, assignment, and allocation processes. Show
NICE K0535 Knowledge of strategies and tools for target research. Show
NICE K0536 Knowledge of structure, approach, and strategy of exploitation tools (e.g., sniffers, keyloggers) and techniques (e.g., gaining backdoor access, collecting/exfiltrating data, conducting vulnerability analysis of other systems in the network). Show
NICE K0537 Knowledge of system administration concepts for the Unix/Linux and Windows operating systems (e.g., process management, directory structure, installed applications, Access Controls). Show
NICE K0538 Knowledge of target and threat organization structures, critical capabilities, and critical vulnerabilities Show
NICE K0539 Knowledge of target communication profiles and their key elements (e.g., target associations, activities, communication infrastructure). Show
NICE K0540 Knowledge of target communication tools and techniques. Show
NICE K0541 Knowledge of target cultural references, dialects, expressions, idioms, and abbreviations. Show
NICE K0542 Knowledge of target development (i.e., concepts, roles, responsibilities, products, etc.). Show
NICE K0543 Knowledge of target estimated repair and recuperation times. Show
NICE K0544 Knowledge of target intelligence gathering and operational preparation techniques and life cycles. Show
NICE K0545 Knowledge of target language(s). Show
NICE K0546 Knowledge of target list development (i.e. Restricted, Joint, Candidate, etc.). Show
NICE K0547 Knowledge of target methods and procedures. Show
NICE K0548 Knowledge of target or threat cyber actors and procedures. Show
NICE K0549 Knowledge of target vetting and validation procedures. Show
NICE K0550 Knowledge of target, including related current events, communication profile, actors, and history (language, culture) and/or frame of reference. Show
NICE K0551 Knowledge of targeting cycles. Show
NICE K0552 Knowledge of tasking mechanisms. Show
NICE K0553 Knowledge of tasking processes for organic and subordinate collection assets. Show
NICE K0554 Knowledge of tasking, collection, processing, exploitation and dissemination. Show
NICE K0555 Knowledge of TCP/IP networking protocols. Show
NICE K0556 Knowledge of telecommunications fundamentals. Show
NICE K0557 Knowledge of terminal or environmental collection (process, objectives, organization, targets, etc.). Show
NICE K0558 Knowledge of the available tools and applications associated with collection requirements and collection management. Show
NICE K0559 Knowledge of the basic structure, architecture, and design of converged applications. Show
NICE K0560 Knowledge of the basic structure, architecture, and design of modern communication networks. Show
NICE K0561 Knowledge of the basics of network security (e.g., encryption, firewalls, authentication, honey pots, perimeter protection). Show
NICE K0562 Knowledge of the capabilities and limitations of new and emerging collection capabilities, accesses and/or processes. Show
NICE K0563 Knowledge of the capabilities, limitations and tasking methodologies of internal and external collections as they apply to planned cyber activities. Show
NICE K0564 Knowledge of the characteristics of targeted communication networks (e.g., capacity, functionality, paths, critical nodes). Show
NICE K0565 Knowledge of the common networking and routing protocols (e.g. TCP/IP), services (e.g., web, mail, DNS), and how they interact to provide network communications. Show
NICE K0566 Knowledge of the critical information requirements and how they're used in planning. Show
NICE K0567 Knowledge of the data flow from collection origin to repositories and tools. Show
NICE K0568 Knowledge of the definition of collection management and collection management authority. Show
NICE K0569 Knowledge of the existent tasking, collection, processing, exploitation and dissemination architecture. Show
NICE K0570 Knowledge of the factors of threat that could impact collection operations. Show
NICE K0571 Knowledge of the feedback cycle in collection processes. Show
NICE K0572 Knowledge of the functions and capabilities of internal teams that emulate threat activities to benefit the organization. Show
NICE K0573 Knowledge of the fundamentals of digital forensics to extract actionable intelligence. Show
NICE K0574 Knowledge of the impact of language analysis on on-net operator functions. Show
NICE K0575 Knowledge of the impacts of internal and external partner staffing estimates. Show
NICE K0576 Knowledge of the information environment. Show
NICE K0577 Knowledge of the intelligence frameworks, processes, and related systems. Show
NICE K0578 Knowledge of the intelligence requirements development and request for information processes. Show
NICE K0579 Knowledge of the organization, roles and responsibilities of higher, lower and adjacent sub-elements. Show
NICE K0580 Knowledge of the organization’s established format for collection plan. Show
NICE K0581 Knowledge of the organization’s planning, operations and targeting cycles. Show
NICE K0582 Knowledge of the organizational planning and staffing process. Show
NICE K0583 Knowledge of the organizational plans/directives/guidance that describe objectives. Show
NICE K0584 Knowledge of the organizational policies/procedures for temporary transfer of collection authority. Show
NICE K0585 Knowledge of the organizational structure as it pertains to full spectrum cyber operations, including the functions, responsibilities, and interrelationships among distinct internal elements. Show
NICE K0586 Knowledge of the outputs of course of action and exercise analysis. Show
NICE K0587 Knowledge of the POC’s, databases, tools and applications necessary to establish environment preparation and surveillance products. Show
NICE K0588 Knowledge of the priority information requirements from subordinate, lateral and higher levels of the organization. Show
NICE K0589 Knowledge of the process used to assess the performance and impact of operations. Show
NICE K0590 Knowledge of the processes to synchronize operational assessment procedures with the critical information requirement process. Show
NICE K0591 Knowledge of the production responsibilities and organic analysis and production capabilities. Show
NICE K0592 Knowledge of the purpose and contribution of target templates. Show
NICE K0593 Knowledge of the range of cyber operations and their underlying intelligence support needs, topics, and focus areas. Show
NICE K0594 Knowledge of the relationships between end states, objectives, effects, lines of operation, etc. Show
NICE K0595 Knowledge of the relationships of operational objectives, intelligence requirements, and intelligence production tasks. Show
NICE K0596 Knowledge of the request for information process. Show
NICE K0597 Knowledge of the role of network operations in supporting and facilitating other organization operations. Show
NICE K0598 Knowledge of the structure and intent of organization specific plans, guidance and authorizations. Show
NICE K0599 Knowledge of the structure, architecture, and design of modern digital and telephony networks. Show
NICE K0600 Knowledge of the structure, architecture, and design of modern wireless communications systems. Show
NICE K0601 Knowledge of the systems/architecture/communications used for coordination. Show
NICE K0602 Knowledge of collection disciplines and capabilities. Show
NICE K0603 Knowledge of the ways in which targets or threats use the Internet. Show
NICE K0604 Knowledge of threat and/or target systems. Show
NICE K0605 Knowledge of tipping, cueing, mixing, and redundancy. Show
NICE K0606 Knowledge of transcript development processes and techniques (e.g., verbatim, gist, summaries). Show
NICE K0607 Knowledge of translation processes and techniques. Show
NICE K0608 Knowledge of Unix/Linux and Windows operating systems structures and internals (e.g., process management, directory structure, installed applications). Show
NICE K0609 Knowledge of virtual machine technologies. Show
NICE K0610 Knowledge of virtualization products (VMware, Virtual PC). Show
NICE K0611 WITHDRAWN: Integrated into K0131 Show
NICE K0612 Knowledge of what constitutes a “threat” to a network. Show
NICE K0613 Knowledge of who the organization’s operational planners are, how and where they can be contacted, and what are their expectations. Show
NICE K0614 Knowledge of wireless technologies (e.g., cellular, satellite, GSM) to include the basic structure, architecture, and design of modern wireless communications systems. Show
NICE K0615 Knowledge of privacy disclosure statements based on current laws. Show
NICE K0616 Knowledge of continuous monitoring, its processes, and Continuous Diagnostics and Mitigation (CDM) program activities. Show
NICE K0617 Knowledge of Automated security control assessments Show
NICE K0618 Knowledge of hardware asset management and the value of tracking the location and configuration of networked devices and software across departments, locations, facilities and, potentially, supporting business functions. Show
NICE K0619 Knowledge of software asset management and the value of tracking the location and configuration of networked devices and software across departments, locations, facilities and, potentially, supporting business functions. Show
NICE K0620 Knowledge of continuous monitoring technologies and tools. Show
NICE K0621 Knowledge of risk scoring. Show
NICE K0622 Knowledge of controls related to the use, processing, storage, and transmission of data. Show
NICE K0623 Knowledge of risk assessment methodologies. Show
NICE K0624 Knowledge of Application Security Risks (e.g. Open Web Application Security Project Top 10 list) Show
NICE K0625 Knowledge that patching and software updates are impractical for some networked devices. Show
NICE K0626 Knowledge of secure update mechanisms. Show
NICE K0627 Knowledge of the importance of ingress filtering to protect against automated threats that rely on spoofed network addresses. Show
NICE K0628 Knowledge of cyber competitions as a way of developing skills by providing hands-on experience in simulated, real-world situations. Show
NICE K0629 Knowledge of white/black listing Show
NICE K0630 Knowledge of the latest intrusion techniques, methods and documented intrusions external to the organization. Show