Select Knowledge ID K0001 K0002 K0003 K0004 K0005 K0006 K0007 K0008 K0009 K0010 K0011 K0012 K0013 K0014 K0015 K0016 K0017 K0018 K0019 K0020 K0021 K0022 K0023 K0024 K0025 K0026 K0027 K0028 K0029 K0030 K0031 K0032 K0033 K0034 K0035 K0036 K0037 K0038 K0039 K0040 K0041 K0042 K0043 K0044 K0045 K0046 K0047 K0048 K0049 K0050 K0051 K0052 K0053 K0054 K0055 K0056 K0057 K0058 K0059 K0060 K0061 K0062 K0063 K0064 K0065 K0066 K0067 K0068 K0069 K0070 K0071 K0072 K0073 K0074 K0075 K0076 K0077 K0078 K0079 K0080 K0081 K0082 K0083 K0084 K0086 K0087 K0088 K0089 K0090 K0091 K0092 K0093 K0094 K0095 K0096 K0097 K0098 K0100 K0101 K0102 K0103 K0104 K0105 K0106 K0107 K0108 K0109 K0110 K0111 K0112 K0113 K0114 K0115 K0116 K0117 K0118 K0119 K0120 K0121 K0122 K0123 K0124 K0125 K0126 K0127 K0128 K0129 K0130 K0131 K0132 K0133 K0134 K0135 K0136 K0137 K0138 K0139 K0140 K0142 K0143 K0144 K0145 K0146 K0147 K0148 K0149 K0150 K0151 K0152 K0153 K0154 K0155 K0156 K0157 K0158 K0159 K0160 K0161 K0162 K0163 K0164 K0165 K0167 K0168 K0169 K0170 K0171 K0172 K0174 K0175 K0176 K0177 K0178 K0179 K0180 K0182 K0183 K0184 K0185 K0186 K0187 K0188 K0189 K0190 K0191 K0192 K0193 K0194 K0195 K0196 K0197 K0198 K0199 K0200 K0201 K0202 K0203 K0204 K0205 K0206 K0207 K0208 K0209 K0210 K0211 K0212 K0213 K0214 K0215 K0216 K0217 K0218 K0220 K0221 K0222 K0224 K0226 K0227 K0228 K0229 K0230 K0231 K0233 K0234 K0235 K0236 K0237 K0238 K0239 K0240 K0241 K0242 K0243 K0244 K0245 K0246 K0247 K0248 K0249 K0250 K0251 K0252 K0254 K0255 K0257 K0258 K0259 K0260 K0261 K0262 K0263 K0264 K0265 K0266 K0267 K0268 K0269 K0270 K0271 K0272 K0274 K0275 K0276 K0277 K0278 K0280 K0281 K0283 K0284 K0285 K0286 K0287 K0288 K0289 K0290 K0291 K0292 K0293 K0294 K0295 K0296 K0297 K0299 K0300 K0301 K0302 K0303 K0304 K0305 K0308 K0309 K0310 K0311 K0312 K0313 K0314 K0315 K0316 K0317 K0318 K0319 K0320 K0321 K0322 K0323 K0324 K0325 K0326 K0330 K0332 K0333 K0334 K0335 K0336 K0338 K0339 K0341 K0342 K0343 K0344 K0346 K0347 K0349 K0350 K0351 K0352 K0353 K0354 K0355 K0356 K0357 K0358 K0359 K0361 K0362 K0363 K0364 K0368 K0371 K0372 K0373 K0375 K0376 K0377 K0379 K0380 K0381 K0382 K0383 K0384 K0386 K0387 K0388 K0389 K0390 K0391 K0392 K0393 K0394 K0395 K0396 K0397 K0398 K0399 K0400 K0401 K0402 K0403 K0404 K0405 K0406 K0407 K0408 K0409 K0410 K0411 K0412 K0413 K0414 K0415 K0416 K0417 K0418 K0419 K0420 K0421 K0422 K0423 K0424 K0425 K0426 K0427 K0428 K0429 K0430 K0431 K0432 K0433 K0435 K0436 K0437 K0438 K0439 K0440 K0442 K0443 K0444 K0445 K0446 K0447 K0448 K0449 K0451 K0452 K0453 K0454 K0455 K0456 K0457 K0458 K0459 K0460 K0461 K0462 K0463 K0464 K0465 K0466 K0467 K0468 K0469 K0470 K0471 K0472 K0473 K0474 K0475 K0476 K0477 K0478 K0479 K0480 K0481 K0482 K0483 K0484 K0485 K0486 K0487 K0488 K0489 K0491 K0492 K0493 K0494 K0495 K0496 K0497 K0498 K0499 K0500 K0501 K0502 K0503 K0504 K0505 K0506 K0507 K0508 K0509 K0510 K0511 K0512 K0513 K0514 K0516 K0517 K0518 K0519 K0520 K0521 K0522 K0523 K0524 K0525 K0526 K0527 K0528 K0529 K0530 K0531 K0532 K0533 K0534 K0535 K0536 K0538 K0539 K0540 K0541 K0542 K0543 K0544 K0545 K0546 K0547 K0548 K0549 K0550 K0551 K0552 K0553 K0554 K0555 K0556 K0557 K0558 K0559 K0560 K0561 K0562 K0563 K0564 K0565 K0566 K0567 K0568 K0569 K0570 K0571 K0572 K0573 K0574 K0575 K0576 K0577 K0578 K0579 K0580 K0581 K0582 K0583 K0584 K0585 K0586 K0587 K0588 K0589 K0590 K0591 K0592 K0593 K0594 K0595 K0596 K0597 K0598 K0599 K0600 K0601 K0602 K0603 K0604 K0605 K0606 K0607 K0608 K0609 K0610 K0612 K0613 K0614 K0615 K0622 K0624 K0628
Select Knowledge Description Knowledge of computer networking concepts and protocols, and network security methodologies. Knowledge of risk management processes (e.g., methods for assessing and mitigating risk). Knowledge of laws, regulations, policies, and ethics as they relate to cybersecurity and privacy. Knowledge of cybersecurity and privacy principles. Knowledge of cyber threats and vulnerabilities. Knowledge of specific operational impacts of cybersecurity lapses. Knowledge of authentication, authorization, and access control methods. Knowledge of applicable business processes and operations of customer organizations. Knowledge of application vulnerabilities. Knowledge of communication methods, principles, and concepts that support the network infrastructure. Knowledge of capabilities and applications of network equipment including routers, switches, bridges, servers, transmission media, and related hardware. Knowledge of capabilities and requirements analysis. Knowledge of cyber defense and vulnerability assessment tools and their capabilities. Knowledge of complex data structures. Knowledge of computer algorithms. Knowledge of computer programming principles Knowledge of concepts and practices of processing digital forensic data. Knowledge of encryption algorithms Knowledge of cryptography and cryptographic key management concepts Knowledge of data administration and data standardization policies. Knowledge of data backup and recovery. Knowledge of data mining and data warehousing principles. Knowledge of database management systems, query languages, table relationships, and views. Knowledge of database systems. Knowledge of digital rights management. Knowledge of business continuity and disaster recovery continuity of operations plans. Knowledge of organization's enterprise information security architecture. Knowledge of organization's evaluation and validation requirements. Knowledge of organization's Local and Wide Area Network connections. Knowledge of electrical engineering as applied to computer architecture (e.g., circuit boards, processors, chips, and computer hardware). Knowledge of enterprise messaging systems and associated software. Knowledge of resiliency and redundancy. Knowledge of host/network access control mechanisms (e.g., access control list, capabilities lists). Knowledge of network services and protocols interactions that provide network communications. Knowledge of installation, integration, and optimization of system components. Knowledge of human-computer interaction principles. Knowledge of Security Assessment and Authorization process. Knowledge of cybersecurity and privacy principles used to manage risks related to the use, processing, storage, and transmission of information or data. Knowledge of cybersecurity and privacy principles and methods that apply to software development. Knowledge of vulnerability information dissemination sources (e.g., alerts, advisories, errata, and bulletins). Knowledge of incident categories, incident responses, and timelines for responses. Knowledge of incident response and handling methodologies. Knowledge of industry-standard and organizationally accepted analysis principles and methods. Knowledge of cybersecurity and privacy principles and organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation). Knowledge of information security systems engineering principles (NIST SP 800-160). Knowledge of intrusion detection methodologies and techniques for detecting host and network-based intrusions. Knowledge of information technology (IT) architectural concepts and frameworks. Knowledge of Risk Management Framework (RMF) requirements. Knowledge of information technology (IT) security principles and methods (e.g., firewalls, demilitarized zones, encryption). Knowledge of local area and wide area networking principles and concepts including bandwidth management. Knowledge of low-level computer languages (e.g., assembly languages). Knowledge of mathematics (e.g. logarithms, trigonometry, linear algebra, calculus, statistics, and operational analysis). Knowledge of measures or indicators of system performance and availability. Knowledge of current industry methods for evaluating, implementing, and disseminating information technology (IT) security assessment, monitoring, detection, and remediation tools and procedures utilizing standards-based concepts and capabilities. Knowledge of microprocessors. Knowledge of network access, identity, and access management (e.g., public key infrastructure, Oauth, OpenID, SAML, SPML). Knowledge of network hardware devices and functions. Knowledge of network traffic analysis methods. Knowledge of new and emerging information technology (IT) and cybersecurity technologies. Knowledge of operating systems. Knowledge of how traffic flows across the network (e.g., Transmission Control Protocol [TCP] and Internet Protocol [IP], Open System Interconnection Model [OSI], Information Technology Infrastructure Library, current version [ITIL]). Knowledge of packet-level analysis. Knowledge of parallel and distributed computing concepts. Knowledge of performance tuning tools and techniques. Knowledge of policy-based and risk adaptive access controls. Knowledge of Privacy Impact Assessments. Knowledge of process engineering concepts. Knowledge of programming language structures and logic. Knowledge of query languages such as SQL (structured query language). Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, Procedural Language/Structured Query Language [PL/SQL] and injections, race conditions, covert channel, replay, return-oriented attacks, malicious code). Knowledge of remote access technology concepts. Knowledge of resource management principles and techniques. Knowledge of secure configuration management techniques. Knowledge of key concepts in security management (e.g., Release Management, Patch Management). Knowledge of security system design tools, methods, and techniques. Knowledge of server administration and systems engineering theories, concepts, and methods. Knowledge of server and client operating systems. Knowledge of server diagnostic tools and fault identification techniques. Knowledge of software debugging principles. Knowledge of software design tools, methods, and techniques. Knowledge of software development models (e.g., Waterfall Model, Spiral Model). Knowledge of software engineering. Knowledge of sources, characteristics, and uses of the organization’s data assets. Knowledge of structured analysis principles and methods. Knowledge of system design tools, methods, and techniques, including automated systems analysis and design tools. Knowledge of system software and organizational design standards, policies, and authorized approaches (e.g., International Organization for Standardization [ISO] guidelines) relating to system design. Knowledge of systems administration concepts. Knowledge of systems diagnostic tools and fault identification techniques. Knowledge of system life cycle management principles, including software security and usability. Knowledge of systems testing and evaluation methods. Knowledge of technology integration processes. Knowledge of telecommunications concepts (e.g., Communications channel, Systems Link Budgeting, Spectral efficiency, Multiplexing). Knowledge of the capabilities and functionality associated with content creation technologies (e.g., wikis, social networking, content management systems, blogs). Knowledge of the capabilities and functionality associated with various technologies for organizing and managing information (e.g., databases, bookmarking engines). Knowledge of the capabilities and functionality of various collaborative technologies (e.g., groupware, SharePoint). Knowledge of the characteristics of physical and virtual data storage media. Knowledge of the cyber defense Service Provider reporting structure and processes within one’s own organization. Knowledge of the enterprise information technology (IT) architecture. Knowledge of the organization’s enterprise information technology (IT) goals and objectives. Knowledge of the systems engineering process. Knowledge of the type and frequency of routine hardware maintenance. Knowledge of Virtual Private Network (VPN) security. Knowledge of web services (e.g., service-oriented architecture, Simple Object Access Protocol, and web service description language). Knowledge of what constitutes a network attack and a network attack’s relationship to both threats and vulnerabilities. Knowledge of Insider Threat investigations, reporting, investigative tools and laws/regulations. Knowledge of concepts, terminology, and operations of a wide range of communications media (computer and telephone networks, satellite, fiber, wireless). Knowledge of physical computer components and architectures, including the functions of various components and peripherals (e.g., CPUs, Network Interface Cards, data storage). Knowledge of adversarial tactics, techniques, and procedures. Knowledge of network tools (e.g., ping, traceroute, nslookup) Knowledge of defense-in-depth principles and network security architecture. Knowledge of different types of network communication (e.g., LAN, WAN, MAN, WLAN, WWAN). Knowledge of electronic devices (e.g., computer systems/components, access control devices, digital cameras, digital scanners, electronic organizers, hard drives, memory cards, modems, network components, networked appliances, networked home control devices, printers, removable storage devices, telephones, copiers, facsimile machines, etc.). Knowledge that technology that can be exploited. Knowledge of file extensions (e.g., .dll, .bat, .zip, .pcap, .gzip). Knowledge of file system implementations (e.g., New Technology File System [NTFS], File Allocation Table [FAT], File Extension [EXT]). Knowledge of processes for seizing and preserving digital evidence. Knowledge of hacking methodologies. Knowledge of how information needs and collection requirements are translated, tracked, and prioritized across the extended enterprise. Knowledge of information security program management and project management principles and techniques. Knowledge of investigative implications of hardware, Operating Systems, and network technologies. Knowledge of legal governance related to admissibility (e.g. Rules of Evidence). Knowledge of multiple cognitive domains and tools and methods applicable for learning in each domain. Knowledge of processes for collecting, packaging, transporting, and storing electronic evidence while maintaining chain of custody. Knowledge of Supply Chain Risk Management Practices (NIST SP 800-161) Knowledge of the nature and function of the relevant information structure (e.g., National Information Infrastructure). Knowledge of types and collection of persistent data. Knowledge of command-line tools (e.g., mkdir, mv, ls, passwd, grep). Knowledge of virtualization technologies and virtual machine development and maintenance. Knowledge of web mail collection, searching/analyzing techniques, tools, and cookies. Knowledge of which system files (e.g., log files, registry files, configuration files) contain relevant information and where to find those system files. Knowledge of types of digital forensics data and how to recognize them. Knowledge of deployable forensics. Knowledge of web filtering technologies. Knowledge of the capabilities of different electronic communication systems and methods (e.g., e-mail, VOIP, IM, web forums, Direct Video Broadcasts). Knowledge of the range of existing networks (e.g., PBX, LANs, WANs, WIFI, SCADA). Knowledge of Wi-Fi. Knowledge of interpreted and compiled computer languages. Knowledge of secure coding techniques. Knowledge of collection management processes, capabilities, and limitations. Knowledge of front-end collection systems, including traffic collection, filtering, and selection. Knowledge of social dynamics of computer attackers in a global context. Knowledge of security event correlation tools. Knowledge of the organization's core business/mission processes. Knowledge of emerging security issues, risks, and vulnerabilities. Knowledge of import/export control regulations and responsible agencies for the purposes of reducing supply chain risk. Knowledge of organization's risk tolerance and/or risk management approach. Knowledge of enterprise incident response program, roles, and responsibilities. Knowledge of current and emerging threats/threat vectors. Knowledge of software related information technology (IT) security principles and methods (e.g., modularization, layering, abstraction, data hiding, simplicity/minimization). Knowledge of software quality assurance process. Knowledge of supply chain risk management standards, processes, and practices. Knowledge of electronic evidence law. Knowledge of legal rules of evidence and court procedure. Knowledge of cyber defense and information security policies, procedures, and regulations. Knowledge of organizational information technology (IT) user security policies (e.g., account creation, password rules, access control). Knowledge of Voice over IP (VoIP). Knowledge of the common attack vectors on the network layer. Knowledge of different classes of attacks (e.g., passive, active, insider, close-in, distribution attacks). Knowledge of cyber attackers (e.g., script kiddies, insider threat, non-nation state sponsored, and nation sponsored). Knowledge of critical information technology (IT) procurement requirements. Knowledge of functionality, quality, and security requirements and how these will apply to specific items of supply (i.e., elements and processes). Knowledge of risk threat assessment. Knowledge of system administration, network, and operating system hardening techniques. Knowledge of applicable laws, statutes (e.g., in Titles 10, 18, 32, 50 in U.S. Code), Presidential Directives, executive branch guidelines, and/or administrative/criminal legal guidelines and procedures. Knowledge of information technology (IT) supply chain security and supply chain risk management policies, requirements, and procedures. Knowledge of critical infrastructure systems with information communication technology that were designed without system security considerations. Knowledge of hardware reverse engineering techniques. Knowledge of middleware (e.g., enterprise service bus and message queuing). Knowledge of networking protocols. Knowledge of software reverse engineering techniques. Knowledge of Extensible Markup Language (XML) schemas. Knowledge of cyber attack stages (e.g., reconnaissance, scanning, enumeration, gaining access, escalation of privileges, maintaining access, network exploitation, covering tracks). Knowledge of secure software deployment methodologies, tools, and practices. Knowledge of network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth). Knowledge of network systems management principles, models, methods (e.g., end-to-end systems performance monitoring), and tools. Knowledge of data carving tools and techniques (e.g., Foremost). Knowledge of reverse engineering concepts. Knowledge of anti-forensics tactics, techniques, and procedures. Knowledge of forensics lab design configuration and support applications (e.g., VMWare, Wireshark). Knowledge of debugging procedures and tools. Knowledge of file type abuse by adversaries for anomalous behavior. Knowledge of malware analysis tools (e.g., Oily Debug, Ida Pro). Knowledge of malware with virtual machine detection (e.g. virtual aware malware, debugger aware malware, and unpacked malware that looks for VM-related strings in your computer’s display device). Knowledge of encryption methodologies. Signature implementation impact for viruses, malware, and attacks. Knowledge of Windows/Unix ports and services. Knowledge of advanced data remediation security features in databases. Knowledge of Cloud-based knowledge management technologies and concepts related to security, governance, procurement, and administration. Knowledge of data classification standards and methodologies based on sensitivity and other risk factors. Knowledge of Import/Export Regulations related to cryptography and other security technologies. Knowledge of database access application programming interfaces (e.g., Java Database Connectivity [JDBC]). Knowledge of organizational process improvement concepts and process maturity models (e.g., Capability Maturity Model Integration (CMMI) for Development, CMMI for Services, and CMMI for Acquisitions). Knowledge of security architecture concepts and enterprise architecture reference models (e.g., Zachman, Federal Enterprise Architecture [FEA]). Knowledge of service management concepts for networks and related standards (e.g., Information Technology Infrastructure Library, current version [ITIL]). Knowledge of symmetric key rotation techniques and concepts. Knowledge of the application firewall concepts and functions (e.g., Single point of authentication/audit/policy enforcement, message scanning for malicious content, data anonymization for PCI and PII compliance, data loss protection scanning, accelerated cryptographic operations, SSL security, REST/JSON processing). Knowledge of security models (e.g., Bell-LaPadula model, Biba integrity model, Clark-Wilson integrity model). Knowledge of learning assessment techniques (rubrics, evaluation plans, tests, quizzes). Knowledge of basic system, network, and OS hardening techniques. Knowledge of ethical hacking principles and techniques. Knowledge of circuit analysis. Knowledge of computer based training and e-learning services. Knowledge of covert communication techniques. Knowledge of data backup and restoration concepts. Knowledge of confidentiality, integrity, and availability requirements. Knowledge of cybersecurity-enabled software products. Knowledge of instructional design and evaluation models (e.g., ADDIE, Smith/Ragan model, Gagne’s Events of Instruction, Kirkpatrick’s model of evaluation). Knowledge of the Risk Management Framework Assessment Methodology. Knowledge of organizational training policies. Knowledge of learning levels (i.e., Bloom’s Taxonomy of learning). Knowledge of Learning Management Systems and their use in managing learning. Knowledge of learning styles (e.g., assimilator, auditory, kinesthetic). Knowledge of modes of learning (e.g., rote learning, observation). Knowledge of OSI model and underlying network protocols (e.g., TCP/IP). Knowledge of relevant laws, legal authorities, restrictions, and regulations pertaining to cyber defense activities. Knowledge of system administration concepts for operating systems such as but not limited to Unix/Linux, IOS, Android, and Windows operating systems. Knowledge of organizational training systems. Knowledge of various types of computer architectures. Knowledge of taxonomy and semantic ontology theory. Knowledge of applications that can log errors, exceptions, and application faults and logging. Knowledge of cloud service models and how those models can limit incident response. Knowledge of crisis management protocols, processes, and techniques. Knowledge of the National Cybersecurity Workforce Framework, work roles, and associated tasks, knowledge, skills, and abilities. Knowledge of full spectrum cyber capabilities (e.g., defense, attack, exploitation). Knowledge of how to leverage research and development centers, think tanks, academic research, and industry systems. Knowledge of how to utilize Hadoop, Java, Python, SQL, Hive, and PIG to explore data. Knowledge of industry best practices for service desk. Knowledge of machine learning theory and principles. Knowledge of media production, communication, and dissemination techniques and methods, including alternative ways to inform via written, oral, and visual media. Knowledge of multi-level security systems and cross domain solutions. Knowledge of organizational human resource policies, processes, and procedures. Knowledge of organizational security policies. Knowledge of organizational training and education policies, processes, and procedures. Knowledge of physical and physiological behaviors that may indicate suspicious or abnormal activity. Knowledge of principles and processes for conducting training and education needs assessment. Knowledge of relevant concepts, procedures, software, equipment, and technology applications. Knowledge of remote access processes, tools, and capabilities related to customer support. Knowledge of strategic theory and practice. Knowledge of sustainment technologies, processes and strategies. Knowledge of Test & Evaluation processes for learners. Knowledge of the judicial process, including the presentation of facts and evidence. Knowledge of training and education principles and methods for curriculum design, teaching and instruction for individuals and groups, and the measurement of training and education effects. Knowledge of binary analysis. Knowledge of network architecture concepts including topology, protocols, and components. Knowledge of information technology (IT) acquisition/procurement requirements. Knowledge of test procedures, principles, and methodologies (e.g., Capabilities and Maturity Model Integration (CMMI)). Knowledge of malware analysis concepts and methodologies. Knowledge of Personally Identifiable Information (PII) data security standards. Knowledge of Payment Card Industry (PCI) data security standards. Knowledge of Personal Health Information (PHI) data security standards. Knowledge of information technology (IT) risk management policies, requirements, and procedures. Knowledge of program protection planning (e.g. information technology (IT) supply chain security/risk management policies, anti-tampering techniques, and requirements). Knowledge of infrastructure supporting information technology (IT) for safety, performance, and reliability. Knowledge of how to evaluate the trustworthiness of the supplier and/or product. Knowledge of laws, policies, procedures, or governance relevant to cybersecurity for critical infrastructures. Knowledge of forensic footprint identification. Knowledge of mobile communications architecture. Knowledge of the acquisition/procurement life cycle process. Knowledge of operating system structures and internals (e.g., process management, directory structure, installed applications). Knowledge of network analysis tools used to identify software communications vulnerabilities. Knowledge of transmission records (e.g., Bluetooth, Radio Frequency Identification (RFID), Infrared Networking (IR), Wireless Fidelity (Wi-Fi). paging, cellular, satellite dishes, Voice over Internet Protocol (VoIP)), and jamming techniques that enable transmission of undesirable information, or prevent installed systems from operating correctly. Knowledge of configuration management techniques. Knowledge of security management. Knowledge of current and emerging data encryption (e.g., Column and Tablespace Encryption, file and disk encryption) security features in databases (e.g. built-in cryptographic key management features). Knowledge of current and emerging data remediation security features in databases. Knowledge of systems engineering theories, concepts, and methods. Knowledge of information technology (IT) service catalogues. Knowledge of use cases related to collaboration and content synchronization across platforms (e.g., Mobile, PC, Cloud). Knowledge of developing and applying user credential management system. Knowledge of implementing enterprise key escrow systems to support data-at-rest encryption. Knowledge of N-tiered typologies (e.g. including server and client operating systems). Knowledge of an organization's information classification program and procedures for information compromise. Knowledge of industry standard security models. Knowledge of system/server diagnostic tools and fault identification techniques. Knowledge of systems security testing and evaluation methods. Knowledge of the enterprise information technology (IT) architectural concepts and patterns (e.g., baseline, validated design, and target architectures.) Knowledge of the operations and processes for incident, problem, and event management. Knowledge of integrating the organization’s goals and objectives into the architecture. Knowledge of IT system operation, maintenance, and security needed to keep equipment functioning properly. Knowledge of confidentiality, integrity, and availability principles. Knowledge of capabilities, applications, and potential vulnerabilities of network equipment including hubs, routers, switches, bridges, servers, transmission media, and related hardware. Knowledge of countermeasure design for identified security risks. Knowledge in determining how a security system should work (including its resilience and dependability capabilities) and how changes in conditions, operations, or the environment will affect these outcomes. Knowledge of network mapping and recreating network topologies. Knowledge of packet-level analysis using appropriate tools (e.g., Wireshark, tcpdump). Knowledge of the basic operation of computers. Knowledge of the use of sub-netting tools. Knowledge of concepts and practices of processing digital forensic data. Knowledge of encryption algorithms, stenography, and other forms of data concealment. Knowledge of cryptology. Knowledge of emerging technologies that have potential for exploitation. Knowledge of hacking methodologies. Knowledge of industry indicators useful for identifying technology trends. Knowledge of intelligence gathering principles, policies, and procedures including legal authorities and restrictions. Knowledge of external organizations and academic institutions with cyber focus (e.g., cyber curriculum/training and Research & Development). Knowledge of industry technologies’ potential cybersecurity vulnerabilities. Knowledge of the principal methods, procedures, and techniques of gathering information and producing, reporting, and sharing information. Knowledge of business or military operation plans, concept operation plans, orders, policies, and standing rules of engagement. Knowledge of procedures used for documenting and querying reported incidents, problems, and events. Knowledge of operating system command-line tools. Knowledge of technical delivery capabilities and their limitations. Knowledge of organization's evaluation and validation criteria. Knowledge of engineering concepts as applied to computer architecture and associated computer hardware/software. Knowledge of embedded systems. Knowledge of system fault tolerance methodologies. Knowledge of Intrusion Detection System (IDS)/Intrusion Prevention System (IPS) tools and applications. Knowledge of Information Theory (e.g., source coding, channel coding, algorithm complexity theory, and data compression). Knowledge of demilitarized zones. Knowledge of successful capabilities to identify the solutions to less common and more complex system problems. Knowledge of network protocols such as TCP/IP, Dynamic Host Configuration, Domain Name System (DNS), and directory services. Knowledge of network design processes, to include understanding of security objectives, operational objectives, and trade-offs. Knowledge of network traffic analysis (tools, methodologies, processes). Knowledge of current and emerging cyber technologies. Knowledge of access authentication methods. Knowledge of data mining techniques. Knowledge of how to use network analysis tools to identify vulnerabilities. Knowledge of foreign disclosure policies and import/export control regulations as related to cybersecurity. Knowledge of penetration testing principles, tools, and techniques. Knowledge of root cause analysis techniques. Knowledge of an organization’s threat environment. Knowledge of principles and methods for integrating system components. Knowledge and understanding of operational design. Knowledge of website types, administration, functions, and content management system (CMS). Knowledge of accepted organization planning systems. Knowledge of applicable statutes, laws, regulations and policies governing cyber targeting and exploitation. Knowledge of forms of intelligence support needs, topics, and focus areas. Knowledge of possible circumstances that would result in changing collection management authorities. Knowledge of relevant reporting and dissemination procedures. Knowledge of all-source reporting and dissemination procedures. Knowledge of analytic tools and techniques. Knowledge of analytical constructs and their use in assessing the operational environment. Knowledge of analytical standards and the purpose of intelligence confidence levels. Knowledge of approved intelligence dissemination processes. Knowledge of asset availability, capabilities and limitations. Knowledge of attack methods and techniques (DDoS, brute force, spoofing, etc.). Knowledge of auditing and logging procedures (including server-based logging). Knowledge of available databases and tools necessary to assess appropriate collection tasking. Knowledge of implants that enable cyber collection and/or preparation activities. Knowledge of principles of the collection development processes (e.g., Dialed Number Recognition, Social Network Analysis). Knowledge of programming concepts (e.g., levels, structures, compiled vs. interpreted languages). Knowledge of basic software applications (e.g., data storage and backup, database applications) and the types of vulnerabilities that have been found in those applications. Knowledge of wireless applications vulnerabilities. Knowledge of internal and external customers and partner organizations, including information needs, objectives, structure, capabilities, etc. Knowledge of classification and control markings standards, policies and procedures. Knowledge of client organizations, including information needs, objectives, structure, capabilities, etc. Knowledge of collaborative tools and environments. Knowledge of collateral damage and estimating impact(s). Knowledge of collection capabilities and limitations. Knowledge of collection capabilities, accesses, performance specifications, and constraints utilized to satisfy collection plan. Knowledge of collection management functionality (e.g., positions, functions, responsibilities, products, reporting requirements). Knowledge of collection management tools. Knowledge of collection planning process and collection plan. Knowledge of collection searching/analyzing techniques and tools for chat/buddy list, emerging technologies, VOIP, Media Over IP, VPN, VSAT/wireless, web mail and cookies. Knowledge of collection sources including conventional and non-conventional sources. Knowledge of collection strategies. Knowledge of collection systems, capabilities, and processes. Knowledge of common computer/network infections (virus, Trojan, etc.) and methods of infection (ports, attachments, etc.). Knowledge of common networking devices and their configurations. Knowledge of common reporting databases and tools. Knowledge of computer networking fundamentals (i.e., basic computer components of a network, types of networks, etc.). Knowledge of computer programming concepts, including computer languages, programming, testing, debugging, and file types. Knowledge of concepts for operating systems (e.g., Linux, Unix.) Knowledge of concepts related to websites (e.g., web servers/pages, hosting, DNS, registration, web languages such as HTML). Knowledge of crisis action planning and time sensitive planning procedures. Knowledge of crisis action planning for cyber operations. Knowledge of criteria for evaluating collection products. Knowledge of criticality and vulnerability factors (e.g., value, recuperation, cushion, countermeasures) for target selection and applicability to the cyber domain. Knowledge of cryptologic capabilities, limitations, and contributions to cyber operations. Knowledge of current collection requirements. Knowledge of current computer-based intrusion sets. Knowledge of current software and methodologies for active defense and system hardening. Knowledge of customer information needs. Knowledge of cyber actions (i.e. cyber defense, information gathering, environment preparation, cyber-attack) principles, capabilities, limitations, and effects. Knowledge of cyber intelligence/information collection capabilities and repositories. Knowledge of cyber laws and their effect on Cyber planning. Knowledge of cyber laws and legal considerations and their effect on cyber planning. Knowledge of cyber lexicon/terminology Knowledge of cyber operation objectives, policies, and legalities. Knowledge of cyber operations support or enabling processes. Knowledge of cyber operations terminology/lexicon. Knowledge of cyber operations. Knowledge of data communications terminology (e.g., networking protocols, Ethernet, IP, encryption, optical devices, removable media). Knowledge of data flow process for terminal or environment collection. Knowledge of database administration and maintenance. Knowledge of database theory. Knowledge of databases, portals and associated dissemination vehicles. Knowledge of deconfliction processes and procedures. Knowledge of deconfliction reporting to include external organization interaction. Knowledge of denial and deception techniques. Knowledge of different organization objectives at all levels, including subordinate, lateral and higher. Knowledge of dynamic and deliberate targeting. Knowledge of encryption algorithms and cyber capabilities/tools (e.g., SSL, PGP). Knowledge of encryption algorithms and tools for wireless local area networks (WLANs). Knowledge of enterprise-wide information management. Knowledge of evasion strategies and techniques. Knowledge of evolving/emerging communications technologies. Knowledge of existing, emerging, and long-range issues related to cyber operations strategy, policy, and organization. Knowledge of forensic implications of operating system structure and operations. Knowledge of fundamental cyber concepts, principles, limitations, and effects. Knowledge of fundamental cyber operations concepts, terminology/lexicon (i.e., environment preparation, cyber-attack, cyber defense), principles, capabilities, limitations, and effects. Knowledge of general Supervisory control and data acquisition (SCADA) system components. Knowledge of Global Systems for Mobile Communications (GSM) architecture. Knowledge of governing authorities for targeting. Knowledge of host-based security products and how those products affect exploitation and reduce vulnerability. Knowledge of how converged technologies impact cyber operations (e.g., digital, telephony, wireless). Knowledge of how hubs, switches, routers work together in the design of a network. Knowledge of how Internet applications work (SMTP email, web-based email, chat clients, VOIP). Knowledge of how modern digital and telephony networks impact cyber operations. Knowledge of how modern wireless communications systems impact cyber operations. Knowledge of how to collect, view, and identify essential information on targets of interest from metadata (e.g., email, http). Knowledge of how to establish priorities for resources. Knowledge of how to extract, analyze, and use metadata. Knowledge of identification and reporting processes. Knowledge of implementing Unix and Windows systems that provide radius authentication and logging, DNS, mail, web service, FTP server, DHCP, firewall, and SNMP. Knowledge of indications and warning. Knowledge of information needs. Knowledge of information security concepts, facilitating technologies and methods. Knowledge of intelligence capabilities and limitations. Knowledge of intelligence confidence levels. Knowledge of intelligence disciplines. Knowledge of intelligence employment requirements (i.e., logistical, communications support, maneuverability, legal restrictions, etc.). Knowledge of intelligence preparation of the environment and similar processes. Knowledge of intelligence production processes. Knowledge of intelligence reporting principles, policies, procedures, and vehicles, including report formats, reportability criteria (requirements and priorities), dissemination practices, and legal authorities and restrictions. Knowledge of intelligence requirements tasking systems. Knowledge of intelligence support to planning, execution, and assessment. Knowledge of internal and external partner cyber operations capabilities and tools. Knowledge of internal and external partner intelligence processes and the development of information requirements and essential information. Knowledge of internal and external partner organization capabilities and limitations (those with tasking, collection, processing, exploitation and dissemination responsibilities). Knowledge of internal and external partner reporting. Knowledge of internal tactics to anticipate and/or emulate threat capabilities and actions. Knowledge of Internet and routing protocols. Knowledge of Internet network addressing (IP addresses, classless inter-domain routing, TCP/UDP port numbering). Knowledge of intrusion detection systems and signature development. Knowledge of intrusion sets. Knowledge of key cyber threat actors and their equities. Knowledge of key factors of the operational environment and threat. Knowledge of language processing tools and techniques. Knowledge of leadership's Intent and objectives. Knowledge of legal considerations in targeting. Knowledge of malware analysis and characteristics. Knowledge of malware. Knowledge of methods and techniques used to detect various exploitation activities. Knowledge of methods for ascertaining collection asset posture and availability. Knowledge of methods to integrate and summarize information from any potential sources. Knowledge of midpoint collection (process, objectives, organization, targets, etc.). Knowledge of network administration. Knowledge of network construction and topology. Knowledge of network security (e.g., encryption, firewalls, authentication, honey pots, perimeter protection). Knowledge of network security implementations (e.g., host-based IDS, IPS, access control lists), including their function and placement in a network. Knowledge of network topology. Knowledge of networking and Internet communications fundamentals (i.e. devices, device configuration, hardware, software, applications, ports/protocols, addressing, network architecture and infrastructure, routing, operating systems, etc.). Knowledge of non-traditional collection methodologies. Knowledge of obfuscation techniques (e.g., TOR/Onion/anonymizers, VPN/VPS, encryption). Knowledge of objectives, situation, operational environment, and the status and disposition of internal and external partner collection capabilities available to support planning. Knowledge of ongoing and future operations. Knowledge of operational asset constraints. Knowledge of operational effectiveness assessment. Knowledge of operational planning processes. Knowledge of operations security. Knowledge of organization and/or partner collection systems, capabilities, and processes (e.g., collection and protocol processors). Knowledge of organization cyber operations programs, strategies, and resources. Knowledge of organization decision support tools and/or methods. Knowledge of organization formats of resource and asset readiness reporting, its operational relevance and intelligence collection impact. Knowledge of organization issues, objectives, and operations in cyber as well as regulations and policy directives governing cyber operations. Knowledge of organization objectives and associated demand on collection management. Knowledge of organization objectives, leadership priorities, and decision-making risks. Knowledge of organization or partner exploitation of digital networks. Knowledge of organization policies and planning concepts for partnering with internal and/or external organizations. Knowledge of organizational and partner authorities, responsibilities, and contributions to achieving objectives. Knowledge of organizational and partner policies, tools, capabilities, and procedures. Knowledge of organizational hierarchy and cyber decision-making processes. Knowledge of organizational planning concepts. Knowledge of organizational priorities, legal authorities and requirements submission processes. Knowledge of organizational structures and associated intelligence capabilities. Knowledge of physical and logical network devices and infrastructure to include hubs, switches, routers, firewalls, etc. Knowledge of post implementation review (PIR) approval process. Knowledge of planning activity initiation. Knowledge of planning timelines adaptive, crisis action, and time-sensitive planning. Knowledge of principles and practices related to target development such as target knowledge, associations, communication systems, and infrastructure. Knowledge of priority information, how it is derived, where it is published, how to access, etc. Knowledge of production exploitation and dissemination needs and architectures. Knowledge of products and nomenclature of major vendors (e.g., security suites - Trend Micro, Symantec, McAfee, Outpost, and Panda) and how those products affect exploitation and reduce vulnerabilities. Knowledge of relevant laws, regulations, and policies. Knowledge of required intelligence planning products associated with cyber operational planning. Knowledge of research strategies and knowledge management. Knowledge of risk management and mitigation strategies. Knowledge of satellite-based communication systems. Knowledge of scripting Knowledge of security hardware and software options, including the network artifacts they induce and their effects on exploitation. Knowledge of security implications of software configurations. Knowledge of specialized target language (e.g., acronyms, jargon, technical terminology, code words). Knowledge of specific target identifiers, and their usage. Knowledge of staff management, assignment, and allocation processes. Knowledge of strategies and tools for target research. Knowledge of structure, approach, and strategy of exploitation tools (e.g., sniffers, keyloggers) and techniques (e.g., gaining backdoor access, collecting/exfiltrating data, conducting vulnerability analysis of other systems in the network). Knowledge of target and threat organization structures, critical capabilities, and critical vulnerabilities Knowledge of target communication profiles and their key elements (e.g., target associations, activities, communication infrastructure). Knowledge of target communication tools and techniques. Knowledge of target cultural references, dialects, expressions, idioms, and abbreviations. Knowledge of target development (i.e., concepts, roles, responsibilities, products, etc.). Knowledge of target estimated repair and recuperation times. Knowledge of target intelligence gathering and operational preparation techniques and life cycles. Knowledge of target language(s). Knowledge of target list development (i.e. Restricted, Joint, Candidate, etc.). Knowledge of target methods and procedures. Knowledge of target or threat cyber actors and procedures. Knowledge of target vetting and validation procedures. Knowledge of target, including related current events, communication profile, actors, and history (language, culture) and/or frame of reference. Knowledge of targeting cycles. Knowledge of tasking mechanisms. Knowledge of tasking processes for organic and subordinate collection assets. Knowledge of tasking, collection, processing, exploitation and dissemination. Knowledge of TCP/IP networking protocols. Knowledge of telecommunications fundamentals. Knowledge of terminal or environmental collection (process, objectives, organization, targets, etc.). Knowledge of the available tools and applications associated with collection requirements and collection management. Knowledge of the basic structure, architecture, and design of converged applications. Knowledge of the basic structure, architecture, and design of modern communication networks. Knowledge of the basics of network security (e.g., encryption, firewalls, authentication, honey pots, perimeter protection). Knowledge of the capabilities and limitations of new and emerging collection capabilities, accesses and/or processes. Knowledge of the capabilities, limitations and tasking methodologies of internal and external collections as they apply to planned cyber activities. Knowledge of the characteristics of targeted communication networks (e.g., capacity, functionality, paths, critical nodes). Knowledge of the common networking and routing protocols (e.g. TCP/IP), services (e.g., web, mail, DNS), and how they interact to provide network communications. Knowledge of the critical information requirements and how they're used in planning. Knowledge of the data flow from collection origin to repositories and tools. Knowledge of the definition of collection management and collection management authority. Knowledge of the existent tasking, collection, processing, exploitation and dissemination architecture. Knowledge of the factors of threat that could impact collection operations. Knowledge of the feedback cycle in collection processes. Knowledge of the functions and capabilities of internal teams that emulate threat activities to benefit the organization. Knowledge of the fundamentals of digital forensics to extract actionable intelligence. Knowledge of the impact of language analysis on on-net operator functions. Knowledge of the impacts of internal and external partner staffing estimates. Knowledge of the information environment. Knowledge of the intelligence frameworks, processes, and related systems. Knowledge of the intelligence requirements development and request for information processes. Knowledge of the organization, roles and responsibilities of higher, lower and adjacent sub-elements. Knowledge of the organization’s established format for collection plan. Knowledge of the organization’s planning, operations and targeting cycles. Knowledge of the organizational planning and staffing process. Knowledge of the organizational plans/directives/guidance that describe objectives. Knowledge of the organizational policies/procedures for temporary transfer of collection authority. Knowledge of the organizational structure as it pertains to full spectrum cyber operations, including the functions, responsibilities, and interrelationships among distinct internal elements. Knowledge of the outputs of course of action and exercise analysis. Knowledge of the POC’s, databases, tools and applications necessary to establish environment preparation and surveillance products. Knowledge of the priority information requirements from subordinate, lateral and higher levels of the organization. Knowledge of the process used to assess the performance and impact of operations. Knowledge of the processes to synchronize operational assessment procedures with the critical information requirement process. Knowledge of the production responsibilities and organic analysis and production capabilities. Knowledge of the purpose and contribution of target templates. Knowledge of the range of cyber operations and their underlying intelligence support needs, topics, and focus areas. Knowledge of the relationships between end states, objectives, effects, lines of operation, etc. Knowledge of the relationships of operational objectives, intelligence requirements, and intelligence production tasks. Knowledge of the request for information process. Knowledge of the role of network operations in supporting and facilitating other organization operations. Knowledge of the structure and intent of organization specific plans, guidance and authorizations. Knowledge of the structure, architecture, and design of modern digital and telephony networks. Knowledge of the structure, architecture, and design of modern wireless communications systems. Knowledge of the systems/architecture/communications used for coordination. Knowledge of collection disciplines and capabilities. Knowledge of the ways in which targets or threats use the Internet. Knowledge of threat and/or target systems. Knowledge of tipping, cueing, mixing, and redundancy. Knowledge of transcript development processes and techniques (e.g., verbatim, gist, summaries). Knowledge of translation processes and techniques. Knowledge of Unix/Linux and Windows operating systems structures and internals (e.g., process management, directory structure, installed applications). Knowledge of virtual machine technologies. Knowledge of virtualization products (VMware, Virtual PC). Knowledge of what constitutes a “threat” to a network. Knowledge of who the organization’s operational planners are, how and where they can be contacted, and what are their expectations. Knowledge of wireless technologies (e.g., cellular, satellite, GSM) to include the basic structure, architecture, and design of modern wireless communications systems. Knowledge of privacy disclosure statements based on current laws. Knowledge of controls related to the use, processing, storage, and transmission of data. Knowledge of Application Security Risks (e.g. Open Web Application Security Project Top 10 list) Knowledge of cyber competitions as a way of developing skills by providing hands-on experience in simulated, real-world situations.