CI-WRL-002

All-Source Collection Management

Responsible for identifying intelligence collection authorities and environment; incorporating priority information requirements into intelligence collection management; and developing concepts to meet leadership's intent. Determines capabilities of available intelligence collection assets; constructs and disseminates intelligence collection plans; and monitors execution of intelligence collection tasks to ensure effective execution of collection plans.

Task statements

T0578: Assess performance of collection assets against prescribed specifications
T0645: Determine course of action for addressing changes to objectives, guidance, and operational environment
T0698: Facilitate continuously updated intelligence, surveillance, and visualization input to common operational picture managers
T0723: Identify potential collection disciplines for application against priority information requirements
T0734: Issue requests for information
T0737: Link priority collection requirements to optimal assets and resources
T1020: Determine the operational and safety impacts of cybersecurity lapses
T1031: Implement intelligence collection requirements
T1035: Determine how threat activity groups employ encryption to support their operations
T1036: Integrate leadership priorities
T1038: Integrate organization objectives in intelligence collection
T1055: Determine if priority information requirements are satisfied
T1630: Address identified issues in collection operations and collection plans
T1631: Synchronize collections with operational requirements
T1632: Determine if collection products and services meet requirements
T1634: Determine impacts on collection management operational structure and requirements
T1636: Develop intelligence collection management processes
T1640: Determine effectiveness of intelligence collection operations
T1641: Recommend adjustments to intelligence collection strategies
T1647: Develop priority information requirements
T1659: Compare allocated and available assets to collection demand
T1660: Prepare intelligence collection reports
T1677: Develop intelligence collection plans
T1681: Coordinate resource allocation of collection assets with collection discipline leads
T1682: Prepare collection plan documentation
T1686: Identify intelligence requirements
T1693: Inventory existing collection management webpage databases, libraries, and storehouses
T1695: Determine organizations with collection authority over predefined accessible collection assets
T1696: Develop intelligence collection report analysis processes
T1703: Prepare collections operation instructions
T1706: Allocate collection assets
T1723: Disseminate tasking messages
T1724: Disseminate collection plans
T1737: Develop intelligence collection strategies
T1739: Develop intelligence collection requirements
T1741: Designate priority information requirements
T1742: Select collaboration platforms
T1743: Identify information collection gaps
T1744: Develop coordination requirements and procedures
T1745: Identify gaps in understanding of target technology
T1746: Determine effectiveness of processing, exploitation, and dissemination architecture
T1748: Identify collection management risks
T1749: Mitigate collection management risks
T1769: Determine when reallocated collection efforts are completed
T1771: Determine effectiveness of the processing, exploitation, and dissemination architecture
T1773: Identify collection operational management process risks
T1783: Prioritize collection requirements for collection platforms
T1787: Reassign collection assets and resources in response to dynamic operational situations
T1805: Request discipline-specific processing, exploitation, and dissemination information
T1807: Determine intelligence collection asset capabilities
T1808: Determine accuracy of intelligence collection guidance
T1809: Update collection plans
T1813: Update collection matrices
T1818: Recommend changes to collection plans
T1819: Recommend changes to operational environment
T1820: Specify discipline-specific taskings
T1828: Synchronize the integrated employment of organic and partner intelligence collection assets

Knowledge statements

K0018: Knowledge of encryption algorithms
K0480: Knowledge of malware
K0498: Knowledge of operational planning processes
K0551: Knowledge of targeting cycles
K0674: Knowledge of computer networking protocols
K0675: Knowledge of risk management processes
K0676: Knowledge of cybersecurity laws and regulations
K0677: Knowledge of cybersecurity policies and procedures
K0678: Knowledge of privacy laws and regulations
K0679: Knowledge of privacy policies and procedures
K0680: Knowledge of cybersecurity principles and practices
K0681: Knowledge of privacy principles and practices
K0682: Knowledge of cybersecurity threats
K0683: Knowledge of cybersecurity vulnerabilities
K0684: Knowledge of cybersecurity threat characteristics
K0689: Knowledge of network infrastructure principles and practices
K0697: Knowledge of encryption algorithm capabilities and applications
K0718: Knowledge of network communications principles and practices
K0719: Knowledge of human-computer interaction (HCI) principles and practices
K0721: Knowledge of risk management principles and practices
K0734: Knowledge of Risk Management Framework (RMF) requirements
K0735: Knowledge of risk management models and frameworks
K0751: Knowledge of system threats
K0752: Knowledge of system vulnerabilities
K0773: Knowledge of telecommunications principles and practices
K0776: Knowledge of collaboration tools and techniques
K0786: Knowledge of physical computer components
K0787: Knowledge of computer peripherals
K0792: Knowledge of network configurations
K0806: Knowledge of machine virtualization tools and techniques
K0812: Knowledge of digital communication systems and software
K0815: Knowledge of intelligence collection management processes
K0844: Knowledge of cyber attack stages
K0845: Knowledge of cyber intrusion activity phases
K0857: Knowledge of malware analysis tools and techniques
K0858: Knowledge of virtual machine detection tools and techniques
K0864: Knowledge of knowledge management principles and practices
K0916: Knowledge of malware analysis principles and practices
K0972: Knowledge of intelligence collection tasking tools and techniques
K0976: Knowledge of intelligence collection principles and practices
K0977: Knowledge of intelligence collection management tools and techniques
K0978: Knowledge of intelligence collection planning processes
K0983: Knowledge of computer networking principles and practices
K0986: Knowledge of target selection criticality factors
K0987: Knowledge of target selection vulnerability factors
K0991: Knowledge of database administration principles and practices
K0992: Knowledge of database maintenance principles and practices
K1007: Knowledge of intelligence requirements tasking systems and software
K1011: Knowledge of network addressing principles and practices
K1014: Knowledge of network security principles and practices
K1021: Knowledge of resource and asset readiness reporting policies and procedures
K1023: Knowledge of network exploitation tools and techniques
K1026: Knowledge of requirements submission processes
K1029: Knowledge of production exploitation principles and practices
K1030: Knowledge of operational planning tools and techniques
K1031: Knowledge of risk mitigation tools and techniques
K1042: Knowledge of target selection policies and procedures
K1045: Knowledge of tasking processes
K1048: Knowledge of intelligence collection requirements tools and techniques
K1049: Knowledge of routing protocols
K1052: Knowledge of the Tasking, Collection, Processing, Exploitation and Dissemination (TCPED) process
K1060: Knowledge of intelligence collection authority policies and procedures
K1061: Knowledge of environment preparation tools and techniques
K1062: Knowledge of surveillance tools and techniques
K1064: Knowledge of Request For Information (RFI) processes
K1069: Knowledge of virtual machine tools and technologies
K1085: Knowledge of exploitation tools and techniques
K1088: Knowledge of knowledge management tools and techniques
K1109: Knowledge of virtual collaborative workspace tools and techniques
K1178: Knowledge of operational environment risks
K1195: Knowledge of priority information requirements
K1196: Knowledge of priority intelligence collection requirements

Skill statements

S0335: Skill in identify intelligence gaps
S0430: Skill in collaborating with others
S0431: Skill in applying critical thinking
S0432: Skill in coordinating cybersecurity operations across an organization
S0472: Skill in developing virtual machines
S0473: Skill in maintaining virtual machines
S0494: Skill in performing operational environment analysis
S0495: Skill in determining asset availability, capabilities, and limitations
S0496: Skill in assessing intelligence collection tasking
S0498: Skill in managing an intelligence collection plan
S0500: Skill in creating intelligence collection strategies
S0502: Skill in evaluating intelligence collection products
S0503: Skill in selecting targets
S0504: Skill in identifying vulnerabilities
S0505: Skill in performing intrusion data analysis
S0506: Skill in identifying customer information needs
S0509: Skill in evaluating security products
S0511: Skill in establishing priorities
S0512: Skill in extracting metadata
S0514: Skill in preparing operational environments
S0515: Skill in identifying partner capabilities
S0518: Skill in assessing threat actors
S0520: Skill in determining intelligence collection asset posture and availability
S0525: Skill in managing operations
S0528: Skill in identifying priority information
S0529: Skill in identifying production exploitation needs
S0530: Skill in conducting research
S0535: Skill in performing threat factor analysis
S0538: Skill in managing sensors
S0540: Skill in identifying network threats
S0586: Skill in administering databases
S0673: Skill in translating operational requirements into security controls
S0675: Skill in optimizing system performance
S0721: Skill in prioritizing information
S0728: Skill in preparing briefings
S0760: Skill in navigating databases
S0762: Skill in integrating organization objectives
S0764: Skill in comparing indicators with requirements
S0774: Skill in evaluating feasibility of intelligence collection sources
S0775: Skill in developing intelligence collection plans
S0777: Skill in developing collection strategies
S0778: Skill in evaluating operational environments
S0779: Skill in determining information requirements
S0781: Skill in evaluating collection capabilities
S0786: Skill in interpreting readiness reporting
S0788: Skill in orchestrating planning teams
S0789: Skill in coordinating collection support
S0790: Skill in monitoring status
S0791: Skill in presenting to an audience
S0793: Skill in analyzing performance specifications
S0800: Skill in analyzing organizational patterns and relationships
S0801: Skill in assessing partner operations capabilities
S0869: Skill in performing metadata analysis

Source: Workforce Framework for Cybersecurity (NICE Framework) (NIST SP 800-181 Rev 1) (Version: 1.0.0)