Attention: CISA Learning is now available for External Users! The Federal Virtual Training Environment (FedVTE) has been permanently decommissioned and replaced by CISA Learning. Please reference the CISA Learning page for the latest information. Please note: CISA Users should wait to access CISA Learning until the system is ready for internal use in the coming days.

CI-WRL-003

All-Source Collection Requirements Management

Responsible for evaluating intelligence collection operations and developing effects-based collection requirements strategies using available sources and methods to improve collection. Develops, processes, validates, and coordinates submission of intelligence collection requirements. Evaluates performance of intelligence collection assets and operations.

Task statements

T0565: Analyze incoming collection requests
T0577: Assess efficiency of existing information exchange and management systems
T0578: Assess performance of collection assets against prescribed specifications
T0734: Issue requests for information
T1020: Determine the operational and safety impacts of cybersecurity lapses
T1031: Implement intelligence collection requirements
T1035: Determine how threat activity groups employ encryption to support their operations
T1036: Integrate leadership priorities
T1038: Integrate organization objectives in intelligence collection
T1055: Determine if priority information requirements are satisfied
T1222: Determine security requirements for new information technologies
T1223: Determine security requirements for new operational technologies
T1354: Identify system cybersecurity requirements
T1632: Determine if collection products and services meet requirements
T1634: Determine impacts on collection management operational structure and requirements
T1640: Determine effectiveness of intelligence collection operations
T1641: Recommend adjustments to intelligence collection strategies
T1656: Manage request for information (RFI) processes
T1658: Determine customer requirements
T1660: Prepare intelligence collection reports
T1686: Identify intelligence requirements
T1696: Develop intelligence collection report analysis processes
T1713: Develop feedback procedures
T1725: Assess intelligence collection results
T1726: Document intelligence collection assessment findings
T1729: Synchronize intelligence planning activities with operational planning timelines
T1730: Determine if collection requests meet priority intelligence requirements
T1731: Determine if information collected satisfies intelligence requests
T1733: Determine if collection operations meet operational requirements
T1739: Develop intelligence collection requirements
T1741: Designate priority information requirements
T1742: Select collaboration platforms
T1748: Identify collection management risks
T1749: Mitigate collection management risks
T1753: Inform stakeholders of evaluation results
T1762: Modify collection requirements
T1763: Determine effectiveness of collection requirements
T1788: Promote collection planning as an integrated component of the strategic campaign plans and other adaptive plans
T1807: Determine intelligence collection asset capabilities
T1808: Determine accuracy of intelligence collection guidance
T1821: Submit information requests to collection requirement management section
T1831: Track status of information requests
T1832: Translate collection requests for discipline-specific collection requirements
T1833: Identify opportunities to improve collection management efficiency and effectiveness
T1834: Validate information requests
T1913: Identify system security requirements

Knowledge statements

K0018: Knowledge of encryption algorithms
K0480: Knowledge of malware
K0498: Knowledge of operational planning processes
K0551: Knowledge of targeting cycles
K0674: Knowledge of computer networking protocols
K0675: Knowledge of risk management processes
K0676: Knowledge of cybersecurity laws and regulations
K0677: Knowledge of cybersecurity policies and procedures
K0678: Knowledge of privacy laws and regulations
K0679: Knowledge of privacy policies and procedures
K0680: Knowledge of cybersecurity principles and practices
K0681: Knowledge of privacy principles and practices
K0682: Knowledge of cybersecurity threats
K0683: Knowledge of cybersecurity vulnerabilities
K0684: Knowledge of cybersecurity threat characteristics
K0689: Knowledge of network infrastructure principles and practices
K0697: Knowledge of encryption algorithm capabilities and applications
K0718: Knowledge of network communications principles and practices
K0719: Knowledge of human-computer interaction (HCI) principles and practices
K0721: Knowledge of risk management principles and practices
K0734: Knowledge of Risk Management Framework (RMF) requirements
K0735: Knowledge of risk management models and frameworks
K0751: Knowledge of system threats
K0752: Knowledge of system vulnerabilities
K0773: Knowledge of telecommunications principles and practices
K0776: Knowledge of collaboration tools and techniques
K0786: Knowledge of physical computer components
K0787: Knowledge of computer peripherals
K0792: Knowledge of network configurations
K0806: Knowledge of machine virtualization tools and techniques
K0812: Knowledge of digital communication systems and software
K0815: Knowledge of intelligence collection management processes
K0844: Knowledge of cyber attack stages
K0845: Knowledge of cyber intrusion activity phases
K0858: Knowledge of virtual machine detection tools and techniques
K0864: Knowledge of knowledge management principles and practices
K0972: Knowledge of intelligence collection tasking tools and techniques
K0976: Knowledge of intelligence collection principles and practices
K0977: Knowledge of intelligence collection management tools and techniques
K0978: Knowledge of intelligence collection planning processes
K0983: Knowledge of computer networking principles and practices
K0986: Knowledge of target selection criticality factors
K0987: Knowledge of target selection vulnerability factors
K0991: Knowledge of database administration principles and practices
K0992: Knowledge of database maintenance principles and practices
K1007: Knowledge of intelligence requirements tasking systems and software
K1014: Knowledge of network security principles and practices
K1023: Knowledge of network exploitation tools and techniques
K1026: Knowledge of requirements submission processes
K1031: Knowledge of risk mitigation tools and techniques
K1042: Knowledge of target selection policies and procedures
K1045: Knowledge of tasking processes
K1048: Knowledge of intelligence collection requirements tools and techniques
K1049: Knowledge of routing protocols
K1052: Knowledge of the Tasking, Collection, Processing, Exploitation and Dissemination (TCPED) process
K1060: Knowledge of intelligence collection authority policies and procedures
K1061: Knowledge of environment preparation tools and techniques
K1062: Knowledge of surveillance tools and techniques
K1064: Knowledge of Request For Information (RFI) processes
K1069: Knowledge of virtual machine tools and technologies
K1085: Knowledge of exploitation tools and techniques
K1088: Knowledge of knowledge management tools and techniques
K1109: Knowledge of virtual collaborative workspace tools and techniques
K1196: Knowledge of priority intelligence collection requirements

Skill statements

S0335: Skill in identify intelligence gaps
S0430: Skill in collaborating with others
S0431: Skill in applying critical thinking
S0432: Skill in coordinating cybersecurity operations across an organization
S0472: Skill in developing virtual machines
S0473: Skill in maintaining virtual machines
S0494: Skill in performing operational environment analysis
S0495: Skill in determining asset availability, capabilities, and limitations
S0496: Skill in assessing intelligence collection tasking
S0498: Skill in managing an intelligence collection plan
S0500: Skill in creating intelligence collection strategies
S0502: Skill in evaluating intelligence collection products
S0503: Skill in selecting targets
S0504: Skill in identifying vulnerabilities
S0506: Skill in identifying customer information needs
S0511: Skill in establishing priorities
S0514: Skill in preparing operational environments
S0515: Skill in identifying partner capabilities
S0518: Skill in assessing threat actors
S0520: Skill in determining intelligence collection asset posture and availability
S0525: Skill in managing operations
S0528: Skill in identifying priority information
S0530: Skill in conducting research
S0535: Skill in performing threat factor analysis
S0538: Skill in managing sensors
S0540: Skill in identifying network threats
S0586: Skill in administering databases
S0673: Skill in translating operational requirements into security controls
S0728: Skill in preparing briefings
S0760: Skill in navigating databases
S0764: Skill in comparing indicators with requirements
S0777: Skill in developing collection strategies
S0779: Skill in determining information requirements
S0780: Skill in fulfilling information requests
S0781: Skill in evaluating collection capabilities
S0784: Skill in implementing established procedures
S0786: Skill in interpreting readiness reporting
S0791: Skill in presenting to an audience
S0792: Skill in resolving conflicting intelligence collection requirements
S0793: Skill in analyzing performance specifications
S0794: Skill in establishing timelines
S0795: Skill in tracking intelligence collection requirements
S0800: Skill in analyzing organizational patterns and relationships
S0801: Skill in assessing partner operations capabilities

Source: Workforce Framework for Cybersecurity (NICE Framework) (NIST SP 800-181 Rev 1) (Version: 1.0.0)