Oversight and Governance
OG-WRL-001
Communications Security (COMSEC) Management
Responsible for managing the Communications Security (COMSEC) resources of an organization.
- T1015: Identify roles and responsibilities for appointed Communications Security (COMSEC) personnel
- T1016: Identify Communications Security (COMSEC) incidents
- T1017: Report Communications Security (COMSEC) incidents
- T1018: Identify in-process accounting requirements for Communications Security (COMSEC)
- T1020: Determine the operational and safety impacts of cybersecurity lapses
- T1022: Review enterprise information technology (IT) goals and objectives
- T1023: Identify critical technology procurement requirements
- T1058: Advise senior management on risk levels and security posture
- T1059: Perform cost/benefit analyses of cybersecurity programs, policies, processes, systems, and elements
- T1060: Advise senior management on organizational cybersecurity efforts
- T1088: Communicate the value of cybersecurity to organizational stakeholders
- T1113: Develop the enterprise continuity of operations strategy
- T1114: Establish the enterprise continuity of operations program
- T1178: Determine if security improvement actions are evaluated, validated, and implemented as required
- T1186: Establish enterprise information security architecture
- T1300: Report cybersecurity incidents
- T1310: Implement protective or corrective measures when a cybersecurity incident or vulnerability is discovered
- K0018: Knowledge of encryption algorithms
- K0671: Knowledge of Communications Security (COMSEC) policies and procedures
- K0672: Knowledge of the Communications Security (COMSEC) Material Control System (CMCS)
- K0673: Knowledge of types of Communications Security (COMSEC) incidents
- K0674: Knowledge of computer networking protocols
- K0675: Knowledge of risk management processes
- K0676: Knowledge of cybersecurity laws and regulations
- K0677: Knowledge of cybersecurity policies and procedures
- K0678: Knowledge of privacy laws and regulations
- K0679: Knowledge of privacy policies and procedures
- K0680: Knowledge of cybersecurity principles and practices
- K0681: Knowledge of privacy principles and practices
- K0682: Knowledge of cybersecurity threats
- K0683: Knowledge of cybersecurity vulnerabilities
- K0684: Knowledge of cybersecurity threat characteristics
- K0709: Knowledge of business continuity and disaster recovery (BCDR) policies and procedures
- K0721: Knowledge of risk management principles and practices
- K0724: Knowledge of incident response principles and practices
- K0725: Knowledge of incident response tools and techniques
- K0726: Knowledge of incident handling tools and techniques
- K0731: Knowledge of systems security engineering (SSE) principles and practices
- K0746: Knowledge of policy-based access controls
- K0747: Knowledge of Risk Adaptive (Adaptable) Access Controls (RAdAC)
- K0749: Knowledge of process engineering principles and practices
- K0751: Knowledge of system threats
- K0752: Knowledge of system vulnerabilities
- K0758: Knowledge of server administration principles and practices
- K0765: Knowledge of software engineering principles and practices
- K0771: Knowledge of system life cycle management principles and practices
- K0779: Knowledge of systems engineering processes
- K0798: Knowledge of program management principles and practices
- K0799: Knowledge of project management principles and practices
- K0803: Knowledge of supply chain risk management principles and practices
- K0834: Knowledge of technology procurement principles and practices
- K0840: Knowledge of hardware reverse engineering tools and techniques
- K0842: Knowledge of software reverse engineering tools and techniques
- K0851: Knowledge of reverse engineering principles and practices
- K0865: Knowledge of data classification standards and best practices
- K0866: Knowledge of data classification tools and techniques
- K0928: Knowledge of systems engineering principles and practices
- K0931: Knowledge of data-at-rest encryption (DARE) standards and best practices
- K0932: Knowledge of cryptographic key storage systems and software
- K0934: Knowledge of data classification policies and procedures
- K0947: Knowledge of computer engineering principles and practices
- K0983: Knowledge of computer networking principles and practices
- K1014: Knowledge of network security principles and practices
- K1050: Knowledge of critical information requirements
- K1077: Knowledge of data security controls
- K1084: Knowledge of data privacy controls
- K1171: Knowledge of mission assurance practices and principles
- K1179: Knowledge of organization's security strategy
- S0486: Skill in implementing enterprise key escrow systems
- S0574: Skill in developing security system controls
- S0578: Skill in evaluating security designs
- S0596: Skill in encrypting network communications
- S0619: Skill in auditing technical systems
- S0657: Skill in implementing Public Key Infrastructure (PKI) encryption
- S0658: Skill in implementing digital signatures
- S0841: Skill in identifying possible security violations
- S0850: Skill in performing cost/benefit analysis
- S0858: Skill in performing economic analysis
- S0878: Skill in performing risk analysis
Source: Workforce Framework for Cybersecurity (NICE Framework) (NIST SP 800-181 Rev 1) (Version: 1.0.0)