- T0067: Develop architectures or system components consistent with technical specifications
- T1069: Evaluate organizational cybersecurity policy regulatory compliance
- T1070: Evaluate organizational cybersecurity policy alignment with organizational directives
- T1124: Restore essential system capabilities and business functions after catastrophic failure events
- T1163: Develop cybersecurity countermeasures for systems and applications
- T1164: Develop risk mitigation strategies for systems and applications
- T1185: Maintain stakeholder communication channels
- T1187: Establish internal and external cross-team relationships
- T1243: Oversee configuration management
- T1244: Develop configuration management recommendations
- T1338: Develop cybersecurity capability strategies for custom hardware and software development
- T1345: Recommend improvements to procurement activities to address cybersecurity requirements
- T1527: Define baseline system security requirements
- T1619: Perform risk and vulnerability assessments
- T2028: Develop OT inventory model for cybersecurity
- T2029: Serve as OT engineering subject matter expert during development of change management policies and procedures
- T2030: Determine if implementation of security measures and controls meets regulatory standards and is in compliance with legal or policy requirements
- T2031: Identify gaps in OT network architecture
- T2032: Assign security level targets to network zones for control systems
- T2033: Create a change management plan
- T2034: Design cybersecurity tools for OT systems
- T2035: Perform a process hazard analysis (PHA)
- T2036: Review policies, standards, and regulations for conflicts that may create control system vulnerabilities
- T2037: Create cybersecurity inspection and test policies and procedures for OT systems
- T2038: Develop system procurement specifications
- T2039: Determine the impact of cybersecurity requirements on costs and budgeting
- T2040: Conduct cybersecurity reviews of OT system engineering plans and documentation
- T2041: Participate in safety system design processes to counteract potential cybersecurity sabotage
- T2042: Generate cyberattack scenarios of serious physical consequence
- T2043: Oversee implementation of system controls
- T2044: Develop system upgrade specifications
- T2045: Assign networked engineering assets to security zones
- T2046: Communicate implication of new and upgraded technologies to cybersecurity program stakeholders
- T2047: Inventory OT assets
- T2048: Recommend cybersecurity requirements for integration in continuity planning
- T2049: Serve as OT engineering subject matter expert for cybersecurity standards, policies, and procedures development
- T2050: Serve as OT engineering subject matter expert for development of organizational cybersecurity risk management plan
- T2051: Train cybersecurity defense technicians on OT system processes and procedures
- K0663: Knowledge of industry standards and best practices
- K0675: Knowledge of risk management processes
- K0676: Knowledge of cybersecurity laws and regulations
- K0677: Knowledge of cybersecurity policies and procedures
- K0678: Knowledge of privacy laws and regulations
- K0679: Knowledge of privacy policies and procedures
- K0680: Knowledge of cybersecurity principles and practices
- K0681: Knowledge of privacy principles and practices
- K0721: Knowledge of risk management principles and practices
- K0728: Knowledge of Confidentiality, Integrity and Availability (CIA) principles and practices
- K0729: Knowledge of non-repudiation principles and practices
- K0730: Knowledge of cyber safety principles and practices
- K0734: Knowledge of Risk Management Framework (RMF) requirements
- K0735: Knowledge of risk management models and frameworks
- K0822: Knowledge of risk tolerance principles and practices
- K0835: Knowledge of risk assessment principles and practices
- K1076: Knowledge of risk scoring principles and practices
- K1122: Knowledge of configuration management principles and practices
- K1180: Knowledge of organizational cybersecurity goals and objectives
- K1182: Knowledge of organizational cybersecurity policies and configurations
- K1285: Knowledge of assessment remediation requirements
- K1286: Knowledge of Business Impact Analysis (BIA)
- K1287: Knowledge of change management processes
- K1288: Knowledge of OT cybersecurity compliance requirements and best practices
- K1289: Knowledge of control system environment risks, threats, and vulnerabilities
- K1290: Knowledge of the Active Cyber Defense Cycle (ACDC)
- K1291: Knowledge of active defense principles and practices
- K1292: Knowledge of OT cybersecurity risk tolerance levels
- K1293: Knowledge of Purdue Model levels
- K1294: Knowledge of change management policies and procedures
- K1295: Knowledge of OT cybersecurity inspection and testing policies and procedures
- K1296: Knowledge of control system policies and procedures
- K1297: Knowledge of OT safety systems
- K1298: Knowledge of anomaly detection tools and techniques
- K1299: Knowledge of change management processes
- K1300: Knowledge of control system network architectures
- K1301: Knowledge of cyber incidents impacting OT
- K1302: Knowledge of industry hazards
- K1303: Knowledge of life cycle management principles and practices
- K1304: Knowledge of operational priorities
- K1305: Knowledge of OT asset management tools and techniques
- K1306: Knowledge of OT assets
- K1307: Knowledge of OT inventory principles and practices
- K1308: Knowledge of OT network detection tools and techniques
- K1309: Knowledge of OT protocols
- K1310: Knowledge of process hazard analysis (PHA) assessments
- K1311: Knowledge of system assets and boundaries
- S0141: Skill in assessing security systems designs
- S0385: Skill in communicating complex concepts
- S0386: Skill in communicating verbally
- S0387: Skill in communicating in writing
- S0391: Skill in creating technical documentation
- S0430: Skill in collaborating with others
- S0459: Skill in creating security assessment reports
- S0461: Skill in integrating security requirements and contracts
- S0531: Skill in assessing security hardware and software
- S0673: Skill in translating operational requirements into security controls
- S0686: Skill in performing risk assessments
- S0806: Skill in performing incident responses
- S0939: Skill in performing event analysis
- S0940: Skill in performing risk-based gap analysis
- S0941: Skill in identifying gaps in control system network and connectivity architecture
- S0942: Skill in performing system recovery for control system environments
- S0943: Skill in connecting to OT assets
- S0944: Skill in designing and specifying OT systems
- S0945: Skill in evaluating OT vendor products
- S0946: Skill in interpreting OT network drawings
- S0947: Skill in interpreting risk assessments
- S0948: Skill in performing zone conduit requirement analysis
- S0949: Skill in recognizing and acknowledging unique contributions from varying skillsets
- S0950: Skill in reviewing access control lists and firewall rules
- S0951: Skill in securing control system communication protocols and media
Source: Workforce Framework for Cybersecurity (NICE Framework) (NIST SP 800-181 Rev 1) (Version: 2.0.0)