Oversight and Governance
OG-WRL-001

Communications Security (COMSEC) Management

Responsible for managing the Communications Security (COMSEC) resources of an organization.

  • T1015: Identify roles and responsibilities for appointed Communications Security (COMSEC) personnel
  • T1016: Identify Communications Security (COMSEC) incidents
  • T1017: Report Communications Security (COMSEC) incidents
  • T1018: Identify in-process accounting requirements for Communications Security (COMSEC)
  • T1020: Determine the operational and safety impacts of cybersecurity lapses
  • T1022: Review enterprise information technology (IT) goals and objectives
  • T1023: Identify critical technology procurement requirements
  • T1058: Advise senior management on risk levels and security posture
  • T1059: Perform cost/benefit analyses of cybersecurity programs, policies, processes, systems, and elements
  • T1060: Advise senior management on organizational cybersecurity efforts
  • T1088: Communicate the value of cybersecurity to organizational stakeholders
  • T1113: Develop the enterprise continuity of operations strategy
  • T1114: Establish the enterprise continuity of operations program
  • T1178: Determine if security improvement actions are evaluated, validated, and implemented as required
  • T1186: Establish enterprise information security architecture
  • T1300: Report cybersecurity incidents
  • T1310: Implement protective or corrective measures when a cybersecurity incident or vulnerability is discovered
  • K0018: Knowledge of encryption algorithms
  • K0671: Knowledge of Communications Security (COMSEC) policies and procedures
  • K0672: Knowledge of the Communications Security (COMSEC) Material Control System (CMCS)
  • K0673: Knowledge of types of Communications Security (COMSEC) incidents
  • K0674: Knowledge of computer networking protocols
  • K0675: Knowledge of risk management processes
  • K0676: Knowledge of cybersecurity laws and regulations
  • K0677: Knowledge of cybersecurity policies and procedures
  • K0678: Knowledge of privacy laws and regulations
  • K0679: Knowledge of privacy policies and procedures
  • K0680: Knowledge of cybersecurity principles and practices
  • K0681: Knowledge of privacy principles and practices
  • K0682: Knowledge of cybersecurity threats
  • K0683: Knowledge of cybersecurity vulnerabilities
  • K0684: Knowledge of cybersecurity threat characteristics
  • K0709: Knowledge of business continuity and disaster recovery (BCDR) policies and procedures
  • K0721: Knowledge of risk management principles and practices
  • K0724: Knowledge of incident response principles and practices
  • K0725: Knowledge of incident response tools and techniques
  • K0726: Knowledge of incident handling tools and techniques
  • K0731: Knowledge of systems security engineering (SSE) principles and practices
  • K0746: Knowledge of policy-based access controls
  • K0747: Knowledge of Risk Adaptive (Adaptable) Access Controls (RAdAC)
  • K0749: Knowledge of process engineering principles and practices
  • K0751: Knowledge of system threats
  • K0752: Knowledge of system vulnerabilities
  • K0758: Knowledge of server administration principles and practices
  • K0765: Knowledge of software engineering principles and practices
  • K0771: Knowledge of system life cycle management principles and practices
  • K0779: Knowledge of systems engineering processes
  • K0798: Knowledge of program management principles and practices
  • K0799: Knowledge of project management principles and practices
  • K0803: Knowledge of supply chain risk management principles and practices
  • K0834: Knowledge of technology procurement principles and practices
  • K0840: Knowledge of hardware reverse engineering tools and techniques
  • K0842: Knowledge of software reverse engineering tools and techniques
  • K0851: Knowledge of reverse engineering principles and practices
  • K0865: Knowledge of data classification standards and best practices
  • K0866: Knowledge of data classification tools and techniques
  • K0928: Knowledge of systems engineering principles and practices
  • K0931: Knowledge of data-at-rest encryption (DARE) standards and best practices
  • K0932: Knowledge of cryptographic key storage systems and software
  • K0934: Knowledge of data classification policies and procedures
  • K0947: Knowledge of computer engineering principles and practices
  • K0983: Knowledge of computer networking principles and practices
  • K1014: Knowledge of network security principles and practices
  • K1050: Knowledge of critical information requirements
  • K1077: Knowledge of data security controls
  • K1084: Knowledge of data privacy controls
  • K1171: Knowledge of mission assurance practices and principles
  • K1179: Knowledge of organization's security strategy
  • S0486: Skill in implementing enterprise key escrow systems
  • S0574: Skill in developing security system controls
  • S0578: Skill in evaluating security designs
  • S0596: Skill in encrypting network communications
  • S0619: Skill in auditing technical systems
  • S0657: Skill in implementing Public Key Infrastructure (PKI) encryption
  • S0658: Skill in implementing digital signatures
  • S0841: Skill in identifying possible security violations
  • S0850: Skill in performing cost/benefit analysis
  • S0858: Skill in performing economic analysis
  • S0878: Skill in performing risk analysis