Attention: CISA Learning is now available for External Users! The Federal Virtual Training Environment (FedVTE) has been permanently decommissioned and replaced by CISA Learning. Please reference the CISA Learning page for the latest information. Please note: CISA Users should wait to access CISA Learning until the system is ready for internal use in the coming days.

CI-WRL-002

All-Source Collection Management

Responsible for identifying intelligence collection authorities and environment; incorporating priority information requirements into intelligence collection management; and developing concepts to meet leadership's intent. Determines capabilities of available intelligence collection assets; constructs and disseminates intelligence collection plans; and monitors execution of intelligence collection tasks to ensure effective execution of collection plans.

Task statements

T0578: Assess performance of collection assets against prescribed specifications
T0645: Determine course of action for addressing changes to objectives, guidance, and operational environment
T0698: Facilitate continuously updated intelligence, surveillance, and visualization input to common operational picture managers
T0723: Identify potential collection disciplines for application against priority information requirements
T0734: Issue requests for information
T0737: Link priority collection requirements to optimal assets and resources
T1020: Determine the operational and safety impacts of cybersecurity lapses
T1031: Implement intelligence collection requirements
T1035: Determine how threat activity groups employ encryption to support their operations
T1036: Integrate leadership priorities
T1038: Integrate organization objectives in intelligence collection
T1055: Determine if priority information requirements are satisfied
T1630: Address identified issues in collection operations and collection plans
T1631: Synchronize collections with operational requirements
T1632: Determine if collection products and services meet requirements
T1634: Determine impacts on collection management operational structure and requirements
T1636: Develop intelligence collection management processes
T1640: Determine effectiveness of intelligence collection operations
T1641: Recommend adjustments to intelligence collection strategies
T1647: Develop priority information requirements
T1659: Compare allocated and available assets to collection demand
T1660: Prepare intelligence collection reports
T1677: Develop intelligence collection plans
T1681: Coordinate resource allocation of collection assets with collection discipline leads
T1682: Prepare collection plan documentation
T1686: Identify intelligence requirements
T1693: Inventory existing collection management webpage databases, libraries, and storehouses
T1695: Determine organizations with collection authority over predefined accessible collection assets
T1696: Develop intelligence collection report analysis processes
T1703: Prepare collections operation instructions
T1706: Allocate collection assets
T1723: Disseminate tasking messages
T1724: Disseminate collection plans
T1737: Develop intelligence collection strategies
T1739: Develop intelligence collection requirements
T1741: Designate priority information requirements
T1742: Select collaboration platforms
T1743: Identify information collection gaps
T1744: Develop coordination requirements and procedures
T1745: Identify gaps in understanding of target technology
T1746: Determine effectiveness of processing, exploitation, and dissemination architecture
T1748: Identify collection management risks
T1749: Mitigate collection management risks
T1769: Determine when reallocated collection efforts are completed
T1771: Determine effectiveness of the processing, exploitation, and dissemination architecture
T1773: Identify collection operational management process risks
T1783: Prioritize collection requirements for collection platforms
T1787: Reassign collection assets and resources in response to dynamic operational situations
T1805: Request discipline-specific processing, exploitation, and dissemination information
T1807: Determine intelligence collection asset capabilities
T1808: Determine accuracy of intelligence collection guidance
T1809: Update collection plans
T1813: Update collection matrices
T1818: Recommend changes to collection plans
T1819: Recommend changes to operational environment
T1820: Specify discipline-specific taskings
T1828: Synchronize the integrated employment of organic and partner intelligence collection assets

Knowledge statements

K0018: Knowledge of encryption algorithms
K0480: Knowledge of malware
K0498: Knowledge of operational planning processes
K0551: Knowledge of targeting cycles
K0674: Knowledge of computer networking protocols
K0675: Knowledge of risk management processes
K0676: Knowledge of cybersecurity laws and regulations
K0677: Knowledge of cybersecurity policies and procedures
K0678: Knowledge of privacy laws and regulations
K0679: Knowledge of privacy policies and procedures
K0680: Knowledge of cybersecurity principles and practices
K0681: Knowledge of privacy principles and practices
K0682: Knowledge of cybersecurity threats
K0683: Knowledge of cybersecurity vulnerabilities
K0684: Knowledge of cybersecurity threat characteristics
K0689: Knowledge of network infrastructure principles and practices
K0697: Knowledge of encryption algorithm capabilities and applications
K0718: Knowledge of network communications principles and practices
K0719: Knowledge of human-computer interaction (HCI) principles and practices
K0721: Knowledge of risk management principles and practices
K0734: Knowledge of Risk Management Framework (RMF) requirements
K0735: Knowledge of risk management models and frameworks
K0751: Knowledge of system threats
K0752: Knowledge of system vulnerabilities
K0773: Knowledge of telecommunications principles and practices
K0776: Knowledge of collaboration tools and techniques
K0786: Knowledge of physical computer components
K0787: Knowledge of computer peripherals
K0792: Knowledge of network configurations
K0806: Knowledge of machine virtualization tools and techniques
K0812: Knowledge of digital communication systems and software
K0815: Knowledge of intelligence collection management processes
K0844: Knowledge of cyber attack stages
K0845: Knowledge of cyber intrusion activity phases
K0857: Knowledge of malware analysis tools and techniques
K0858: Knowledge of virtual machine detection tools and techniques
K0864: Knowledge of knowledge management principles and practices
K0916: Knowledge of malware analysis principles and practices
K0972: Knowledge of intelligence collection tasking tools and techniques
K0976: Knowledge of intelligence collection principles and practices
K0977: Knowledge of intelligence collection management tools and techniques
K0978: Knowledge of intelligence collection planning processes
K0983: Knowledge of computer networking principles and practices
K0986: Knowledge of target selection criticality factors
K0987: Knowledge of target selection vulnerability factors
K0991: Knowledge of database administration principles and practices
K0992: Knowledge of database maintenance principles and practices
K1007: Knowledge of intelligence requirements tasking systems and software
K1011: Knowledge of network addressing principles and practices
K1014: Knowledge of network security principles and practices
K1021: Knowledge of resource and asset readiness reporting policies and procedures
K1023: Knowledge of network exploitation tools and techniques
K1026: Knowledge of requirements submission processes
K1029: Knowledge of production exploitation principles and practices
K1030: Knowledge of operational planning tools and techniques
K1031: Knowledge of risk mitigation tools and techniques
K1042: Knowledge of target selection policies and procedures
K1045: Knowledge of tasking processes
K1048: Knowledge of intelligence collection requirements tools and techniques
K1049: Knowledge of routing protocols
K1052: Knowledge of the Tasking, Collection, Processing, Exploitation and Dissemination (TCPED) process
K1060: Knowledge of intelligence collection authority policies and procedures
K1061: Knowledge of environment preparation tools and techniques
K1062: Knowledge of surveillance tools and techniques
K1064: Knowledge of Request For Information (RFI) processes
K1069: Knowledge of virtual machine tools and technologies
K1085: Knowledge of exploitation tools and techniques
K1088: Knowledge of knowledge management tools and techniques
K1109: Knowledge of virtual collaborative workspace tools and techniques
K1178: Knowledge of operational environment risks
K1195: Knowledge of priority information requirements
K1196: Knowledge of priority intelligence collection requirements

Skill statements

S0335: Skill in identify intelligence gaps
S0430: Skill in collaborating with others
S0431: Skill in applying critical thinking
S0432: Skill in coordinating cybersecurity operations across an organization
S0472: Skill in developing virtual machines
S0473: Skill in maintaining virtual machines
S0494: Skill in performing operational environment analysis
S0495: Skill in determining asset availability, capabilities, and limitations
S0496: Skill in assessing intelligence collection tasking
S0498: Skill in managing an intelligence collection plan
S0500: Skill in creating intelligence collection strategies
S0502: Skill in evaluating intelligence collection products
S0503: Skill in selecting targets
S0504: Skill in identifying vulnerabilities
S0505: Skill in performing intrusion data analysis
S0506: Skill in identifying customer information needs
S0509: Skill in evaluating security products
S0511: Skill in establishing priorities
S0512: Skill in extracting metadata
S0514: Skill in preparing operational environments
S0515: Skill in identifying partner capabilities
S0518: Skill in assessing threat actors
S0520: Skill in determining intelligence collection asset posture and availability
S0525: Skill in managing operations
S0528: Skill in identifying priority information
S0529: Skill in identifying production exploitation needs
S0530: Skill in conducting research
S0535: Skill in performing threat factor analysis
S0538: Skill in managing sensors
S0540: Skill in identifying network threats
S0586: Skill in administering databases
S0673: Skill in translating operational requirements into security controls
S0675: Skill in optimizing system performance
S0721: Skill in prioritizing information
S0728: Skill in preparing briefings
S0760: Skill in navigating databases
S0762: Skill in integrating organization objectives
S0764: Skill in comparing indicators with requirements
S0774: Skill in evaluating feasibility of intelligence collection sources
S0775: Skill in developing intelligence collection plans
S0777: Skill in developing collection strategies
S0778: Skill in evaluating operational environments
S0779: Skill in determining information requirements
S0781: Skill in evaluating collection capabilities
S0786: Skill in interpreting readiness reporting
S0788: Skill in orchestrating planning teams
S0789: Skill in coordinating collection support
S0790: Skill in monitoring status
S0791: Skill in presenting to an audience
S0793: Skill in analyzing performance specifications
S0800: Skill in analyzing organizational patterns and relationships
S0801: Skill in assessing partner operations capabilities
S0869: Skill in performing metadata analysis

Source: Workforce Framework for Cybersecurity (NICE Framework) (NIST SP 800-181 Rev 1) (Version: 1.0.0)