Attention:  CISA Learning is now available!  If you are an EXTERNAL (non-CISA) user access the new system using this url: CISA Learning. The Federal Virtual Training Environment (FedVTE) has been permanently decommissioned and replaced by CISA Learning. Please reference the CISA Learning page for the latest information. Please note: CISA Users (staff and contractors) should access CISA Learning through the internal site. You should have received an email on December 4, 2024, titled “CISA Learning is LIVE!” with more information.

Knowledge ID: K0838

Knowledge of supply chain risk management policies and procedures

Work roles with this Knowledge

  • Cybersecurity Workforce Management

    NICE Framework ID: OG-WRL-003

    Responsible for developing cybersecurity workforce plans, assessments, strategies, and guidance, including cybersecurity-related staff training, education, and hiring processes. Makes adjustments in response to or in anticipation of changes to cybersecurity-related policy, technology, and staffing needs and requirements.Authors mandated workforce planning strategies to maintain compliance with legislation, regulation, and policy.

  • Product Support Management

    NICE Framework ID: OG-WRL-009

    Responsible for planning, estimating costs, budgeting, developing, implementing, and managing product support strategies in order to field and maintain the readiness and operational capability of systems and components.

  • Program Management

    NICE Framework ID: OG-WRL-010

    Responsible for leading, coordinating, and the overall success of a defined program. Includes communicating about the program and ensuring alignment with agency or organizational priorities.

  • Secure Project Management

    NICE Framework ID: OG-WRL-011

    Responsible for overseeing and directly managing technology projects. Ensures cybersecurity is built into projects to protect the organization’s critical infrastructure and assets, reduce risk, and meet organizational goals. Tracks and communicates project status and demonstrates project value to the organization.

  • Security Control Assessment

    NICE Framework ID: OG-WRL-012

    Responsible for conducting independent comprehensive assessments of management, operational, and technical security controls and control enhancements employed within or inherited by a system to determine their overall effectiveness.

  • Systems Authorization

    NICE Framework ID: OG-WRL-013

    Responsible for operating an information system at an acceptable level of risk to organizational operations, organizational assets, individuals, other organizations, and the nation.

  • Systems Security Management

    NICE Framework ID: OG-WRL-014

    Responsible for managing the cybersecurity of a program, organization, system, or enclave.

  • Technology Portfolio Management

    NICE Framework ID: OG-WRL-015

    Responsible for managing a portfolio of technology investments that align with the overall needs of mission and enterprise priorities.

  • Technology Program Auditing

    NICE Framework ID: OG-WRL-016

    Responsible for conducting evaluations of technology programs or their individual components to determine compliance with published standards.

  • Secure Systems Development

    NICE Framework ID: DD-WRL-004

    Responsible for the secure design, development, and testing of systems and the evaluation of system security throughout the systems development life cycle.

  • Systems Requirements Planning

    NICE Framework ID: DD-WRL-006

    Responsible for consulting with internal and external customers to evaluate and translate functional requirements and integrating security policies into technical solutions.

  • Systems Testing and Evaluation

    NICE Framework ID: DD-WRL-007

    Responsible for planning, preparing, and executing system tests; evaluating test results against specifications and requirements; and reporting test results and findings.

  • Technology Research and Development

    NICE Framework ID: DD-WRL-008

    Responsible for conducting software and systems engineering and software systems research to develop new capabilities with fully integrated cybersecurity. Conducts comprehensive technology research to evaluate potential vulnerabilities in cyberspace systems.

  • Exploitation Analysis

    NICE Framework ID: CE-WRL-003

    Responsible for identifying access and intelligence collection gaps that can be satisfied through cyber collection and/or preparation activities. Leverages all authorized resources and analytic techniques to penetrate targeted networks.