Cyberspace Intelligence
CI-WRL-003
All-Source Collection Requirements Management
Responsible for evaluating intelligence collection operations and developing effects-based collection requirements strategies using available sources and methods to improve collection. Develops, processes, validates, and coordinates submission of intelligence collection requirements. Evaluates performance of intelligence collection assets and operations.
- T0565: Analyze incoming collection requests
- T0577: Assess efficiency of existing information exchange and management systems
- T0578: Assess performance of collection assets against prescribed specifications
- T0734: Issue requests for information
- T1020: Determine the operational and safety impacts of cybersecurity lapses
- T1031: Implement intelligence collection requirements
- T1035: Determine how threat activity groups employ encryption to support their operations
- T1036: Integrate leadership priorities
- T1038: Integrate organization objectives in intelligence collection
- T1055: Determine if priority information requirements are satisfied
- T1222: Determine security requirements for new information technologies
- T1223: Determine security requirements for new operational technologies
- T1354: Identify system cybersecurity requirements
- T1632: Determine if collection products and services meet requirements
- T1634: Determine impacts on collection management operational structure and requirements
- T1640: Determine effectiveness of intelligence collection operations
- T1641: Recommend adjustments to intelligence collection strategies
- T1656: Manage request for information (RFI) processes
- T1658: Determine customer requirements
- T1660: Prepare intelligence collection reports
- T1686: Identify intelligence requirements
- T1696: Develop intelligence collection report analysis processes
- T1713: Develop feedback procedures
- T1725: Assess intelligence collection results
- T1726: Document intelligence collection assessment findings
- T1729: Synchronize intelligence planning activities with operational planning timelines
- T1730: Determine if collection requests meet priority intelligence requirements
- T1731: Determine if information collected satisfies intelligence requests
- T1733: Determine if collection operations meet operational requirements
- T1739: Develop intelligence collection requirements
- T1741: Designate priority information requirements
- T1742: Select collaboration platforms
- T1748: Identify collection management risks
- T1749: Mitigate collection management risks
- T1753: Inform stakeholders of evaluation results
- T1762: Modify collection requirements
- T1763: Determine effectiveness of collection requirements
- T1788: Promote collection planning as an integrated component of the strategic campaign plans and other adaptive plans
- T1807: Determine intelligence collection asset capabilities
- T1808: Determine accuracy of intelligence collection guidance
- T1821: Submit information requests to collection requirement management section
- T1831: Track status of information requests
- T1832: Translate collection requests for discipline-specific collection requirements
- T1833: Identify opportunities to improve collection management efficiency and effectiveness
- T1834: Validate information requests
- T1913: Identify system security requirements
- K0018: Knowledge of encryption algorithms
- K0480: Knowledge of malware
- K0498: Knowledge of operational planning processes
- K0551: Knowledge of targeting cycles
- K0674: Knowledge of computer networking protocols
- K0675: Knowledge of risk management processes
- K0676: Knowledge of cybersecurity laws and regulations
- K0677: Knowledge of cybersecurity policies and procedures
- K0678: Knowledge of privacy laws and regulations
- K0679: Knowledge of privacy policies and procedures
- K0680: Knowledge of cybersecurity principles and practices
- K0681: Knowledge of privacy principles and practices
- K0682: Knowledge of cybersecurity threats
- K0683: Knowledge of cybersecurity vulnerabilities
- K0684: Knowledge of cybersecurity threat characteristics
- K0689: Knowledge of network infrastructure principles and practices
- K0697: Knowledge of encryption algorithm capabilities and applications
- K0718: Knowledge of network communications principles and practices
- K0719: Knowledge of human-computer interaction (HCI) principles and practices
- K0721: Knowledge of risk management principles and practices
- K0734: Knowledge of Risk Management Framework (RMF) requirements
- K0735: Knowledge of risk management models and frameworks
- K0751: Knowledge of system threats
- K0752: Knowledge of system vulnerabilities
- K0773: Knowledge of telecommunications principles and practices
- K0776: Knowledge of collaboration tools and techniques
- K0786: Knowledge of physical computer components
- K0787: Knowledge of computer peripherals
- K0792: Knowledge of network configurations
- K0806: Knowledge of machine virtualization tools and techniques
- K0812: Knowledge of digital communication systems and software
- K0815: Knowledge of intelligence collection management processes
- K0844: Knowledge of cyber attack stages
- K0845: Knowledge of cyber intrusion activity phases
- K0858: Knowledge of virtual machine detection tools and techniques
- K0864: Knowledge of knowledge management principles and practices
- K0972: Knowledge of intelligence collection tasking tools and techniques
- K0976: Knowledge of intelligence collection principles and practices
- K0977: Knowledge of intelligence collection management tools and techniques
- K0978: Knowledge of intelligence collection planning processes
- K0983: Knowledge of computer networking principles and practices
- K0986: Knowledge of target selection criticality factors
- K0987: Knowledge of target selection vulnerability factors
- K0991: Knowledge of database administration principles and practices
- K0992: Knowledge of database maintenance principles and practices
- K1007: Knowledge of intelligence requirements tasking systems and software
- K1014: Knowledge of network security principles and practices
- K1023: Knowledge of network exploitation tools and techniques
- K1026: Knowledge of requirements submission processes
- K1031: Knowledge of risk mitigation tools and techniques
- K1042: Knowledge of target selection policies and procedures
- K1045: Knowledge of tasking processes
- K1048: Knowledge of intelligence collection requirements tools and techniques
- K1049: Knowledge of routing protocols
- K1052: Knowledge of the Tasking, Collection, Processing, Exploitation and Dissemination (TCPED) process
- K1060: Knowledge of intelligence collection authority policies and procedures
- K1061: Knowledge of environment preparation tools and techniques
- K1062: Knowledge of surveillance tools and techniques
- K1064: Knowledge of Request For Information (RFI) processes
- K1069: Knowledge of virtual machine tools and technologies
- K1085: Knowledge of exploitation tools and techniques
- K1088: Knowledge of knowledge management tools and techniques
- K1109: Knowledge of virtual collaborative workspace tools and techniques
- K1196: Knowledge of priority intelligence collection requirements
- S0335: Skill in identify intelligence gaps
- S0430: Skill in collaborating with others
- S0431: Skill in applying critical thinking
- S0432: Skill in coordinating cybersecurity operations across an organization
- S0472: Skill in developing virtual machines
- S0473: Skill in maintaining virtual machines
- S0494: Skill in performing operational environment analysis
- S0495: Skill in determining asset availability, capabilities, and limitations
- S0496: Skill in assessing intelligence collection tasking
- S0498: Skill in managing an intelligence collection plan
- S0500: Skill in creating intelligence collection strategies
- S0502: Skill in evaluating intelligence collection products
- S0503: Skill in selecting targets
- S0504: Skill in identifying vulnerabilities
- S0506: Skill in identifying customer information needs
- S0511: Skill in establishing priorities
- S0514: Skill in preparing operational environments
- S0515: Skill in identifying partner capabilities
- S0518: Skill in assessing threat actors
- S0520: Skill in determining intelligence collection asset posture and availability
- S0525: Skill in managing operations
- S0528: Skill in identifying priority information
- S0530: Skill in conducting research
- S0535: Skill in performing threat factor analysis
- S0538: Skill in managing sensors
- S0540: Skill in identifying network threats
- S0586: Skill in administering databases
- S0673: Skill in translating operational requirements into security controls
- S0728: Skill in preparing briefings
- S0760: Skill in navigating databases
- S0764: Skill in comparing indicators with requirements
- S0777: Skill in developing collection strategies
- S0779: Skill in determining information requirements
- S0780: Skill in fulfilling information requests
- S0781: Skill in evaluating collection capabilities
- S0784: Skill in implementing established procedures
- S0786: Skill in interpreting readiness reporting
- S0791: Skill in presenting to an audience
- S0792: Skill in resolving conflicting intelligence collection requirements
- S0793: Skill in analyzing performance specifications
- S0794: Skill in establishing timelines
- S0795: Skill in tracking intelligence collection requirements
- S0800: Skill in analyzing organizational patterns and relationships
- S0801: Skill in assessing partner operations capabilities
Source: Workforce Framework for Cybersecurity (NICE Framework) (NIST SP 800-181 Rev 1) (Version: 1.0.0)