This Competency Area describes a learner’s capability related to architecting, designing, developing, implementing, and maintaining the trustworthiness of systems that use or are enabled by cyber resources in order to anticipate, withstand, recover from, and adapt to adverse conditions, stresses, attacks, or compromises.
- K0092: Knowledge of technology integration processes
- K0644: Knowledge of cybersecurity operation policies and procedures
- K0651: Knowledge of trustworthiness principles
- K0653: Knowledge of cybersecurity practices in the acquisition process
- K0677: Knowledge of cybersecurity policies and procedures
- K0680: Knowledge of cybersecurity principles and practices
- K0689: Knowledge of network infrastructure principles and practices
- K0701: Knowledge of data backup and recovery policies and procedures
- K0702: Knowledge of data warehousing principles and practices
- K0709: Knowledge of business continuity and disaster recovery (BCDR) policies and procedures
- K0710: Knowledge of enterprise cybersecurity architecture principles and practices
- K0715: Knowledge of resiliency and redundancy principles and practices
- K0721: Knowledge of risk management principles and practices
- K0724: Knowledge of incident response principles and practices
- K0731: Knowledge of systems security engineering (SSE) principles and practices
- K0733: Knowledge of information technology (IT) architecture models and frameworks
- K0745: Knowledge of parallel and distributed computing principles and practices
- K0749: Knowledge of process engineering principles and practices
- K0751: Knowledge of system threats
- K0756: Knowledge of security management principles and practices
- K0771: Knowledge of system life cycle management principles and practices
- K0778: Knowledge of enterprise information technology (IT) architecture principles and practices
- K0780: Knowledge of hardware maintenance policies and procedures
- K0789: Knowledge of adversarial tactics tools and techniques
- K0791: Knowledge of defense-in-depth principles and practices
- K0798: Knowledge of program management principles and practices
- K0806: Knowledge of machine virtualization tools and techniques
- K0820: Knowledge of supply chain risks
- K0822: Knowledge of risk tolerance principles and practices
- K0834: Knowledge of technology procurement principles and practices
- K0835: Knowledge of risk assessment principles and practices
- K0836: Knowledge of threat assessment principles and practices
- K0848: Knowledge of network systems management principles and practices
- K0870: Knowledge of enterprise architecture (EA) reference models and frameworks
- K0871: Knowledge of enterprise architecture (EA) principles and practices
- K0898: Knowledge of cloud service models and frameworks
- K0912: Knowledge of sustainment principles and practices
- K0920: Knowledge of risk management policies and procedures
- K0928: Knowledge of systems engineering principles and practices
- K0958: Knowledge of system integration principles and practices
- K0994: Knowledge of denial and deception tools and techniques
- K1014: Knowledge of network security principles and practices
- K1017: Knowledge of operational effectiveness assessment principles and practices
- K1021: Knowledge of resource and asset readiness reporting policies and procedures
- K1054: Knowledge of red team functions and capabilities
- K1065: Knowledge of network operations principles and practices
- K1072: Knowledge of automated security control testing tools and techniques
- K1077: Knowledge of data security controls
- K1159: Knowledge of fail-over or alternate site requirements
- K1179: Knowledge of organization's security strategy
- K1209: Knowledge of risk mitigation principles and practices
- K1212: Knowledge of security controls
- K1276: Knowledge of advanced persistent threats (APTs)
- K1277: Knowledge of cyber resiliency goals and objectives
- K1278: Knowledge of data vaulting principles and practices
- K1279: Knowledge of threat-informed defense
- S0136: Skill in network systems management principles, models, methods (e.g., end-to-end systems performance monitoring), and tools
- S0141: Skill in assessing security systems designs
- S0383: Skill in analyzing an organization's enterprise information technology architecture
- S0384: Skill in applying standards
- S0391: Skill in creating technical documentation
- S0396: Skill in forecasting requirements
- S0418: Skill in applying secure network architectures
- S0419: Skill in designing systems
- S0428: Skill in designing architectures
- S0432: Skill in coordinating cybersecurity operations across an organization
- S0438: Skill in functioning effectively in a dynamic, fast-paced environment
- S0449: Skill in maintaining automated security control systems
- S0451: Skill in deploying continuous monitoring technologies
- S0453: Skill in creating a risk management strategy
- S0458: Skill in coordinating efforts between stakeholders
- S0459: Skill in creating security assessment reports
- S0464: Skill in applying stakeholder management within a system development life cycle
- S0495: Skill in determining asset availability, capabilities, and limitations
- S0508: Skill in managing enterprise-wide information
- S0545: Skill in designing data storage solutions
- S0551: Skill in applying information technologies into proposed solutions
- S0564: Skill in creating system security policies
- S0574: Skill in developing security system controls
- S0575: Skill in developing network infrastructure contingency and recovery plans
- S0576: Skill in testing network infrastructure contingency and recovery plans
- S0578: Skill in evaluating security designs
- S0580: Skill in monitoring system performance
- S0583: Skill in implementing established network security practices
- S0619: Skill in auditing technical systems
- S0620: Skill in evaluating the trustworthiness of a supply chain
- S0637: Skill in designing multi-level security solutions
- S0654: Skill in conducting system reviews
- S0664: Skill in applying policies that meet system security objectives
- S0666: Skill in defining performance objectives
- S0671: Skill in implementing network infrastructure contingency and recovery plans
- S0673: Skill in translating operational requirements into security controls
- S0681: Skill in performing design modeling
- S0723: Skill in interpreting vulnerability scanner results
- S0744: Skill in performing technical writing
- S0771: Skill in creating planning documents
- S0772: Skill in maintaining planning documents
- S0804: Skill in assessing an organization's threat environment
- S0808: Skill in assessing an organization’s data assets
- S0818: Skill in building internal and external stakeholder relationships
- S0821: Skill in collaborating with internal and external stakeholders
- S0834: Skill in developing technical reports
- S0839: Skill in identifying exploited system weaknesses
- S0853: Skill in performing cybersecurity architecture analysis
- S0880: Skill in performing security architecture analysis
- S0917: Skill in forecasting likely impacts on mission or business functions resulting from adversity
- S0918: Skill in conducting ongoing monitoring of system properties and behaviors
- S0919: Skill in evaluating threats, events, and courses of action in the context of mission or business functions
- S0920: Skill in establishing segmentation of system assets based on criticality and trustworthiness
- S0921: Skill in performing telemetry analysis
- S0922: Skill in making decisions under conditions of uncertainty
- S0923: Skill in communicating at varying levels of technical detail with stakeholders of various backgrounds
- S0924: Skill in crisis management
- S0925: Skill in developing and analyzing attack paths
- S0926: Skill in designing and maintaining threat catalogs
- S0927: Skill in defining contingency plans
- S0928: Skill in defining loss scenarios
- S0929: Skill in designing air-gapped data vault solutions
- S0930: Skill in defining impact tolerance statements
- S0931: Skill in conducting technical business impact analysis
- S0932: Skill in protecting critical assets
- S0933: Skill in designing enhanced controls for critical assets
- S0934: Skill in performing Fault Tree Analysis (FTA)
Source: Workforce Framework for Cybersecurity (NICE Framework) (NIST SP 800-181 Rev 1) (Version: 2.0.0)