Attention: CISA Learning is now available! If you are an EXTERNAL (non-CISA) user access the new system using this url: CISA Learning. The Federal Virtual Training Environment (FedVTE) has been permanently decommissioned and replaced by CISA Learning. Please reference the CISA Learning page for the latest information. Please note: CISA Users (staff and contractors) should access CISA Learning through the internal site. You should have received an email on December 4, 2024, titled “CISA Learning is LIVE!” with more information.

CE-WRL-002

Cyber Operations Planning

Responsible for developing cybersecurity operations plans; participating in targeting selection, validation, and synchronization; and enabling integration during the execution of cyber actions.

Task statements

T0630: Incorporate intelligence equities into the overall design of cyber operations plans
T0704: Incorporate cyber operations and communications security support plans into organization objectives
T0718: Identify intelligence gaps and shortfalls
T0734: Issue requests for information
T0741: Maintain situational awareness of cyber-related intelligence requirements and associated tasking
T0742: Maintain situational awareness of partner capabilities and activities
T1020: Determine the operational and safety impacts of cybersecurity lapses
T1023: Identify critical technology procurement requirements
T1033: Support cyber operations
T1036: Integrate leadership priorities
T1037: Develop operations strategies
T1038: Integrate organization objectives in intelligence collection
T1043: Determine staffing needs
T1044: Review course of action analysis results
T1045: Review exercise analysis results
T1046: Assess operation performance
T1047: Assess operation impact
T1048: Synchronize operational assessment procedures and critical information requirement processes
T1054: Scope analysis reports to various audiences that accounts for data sharing classification restrictions
T1055: Determine if priority information requirements are satisfied
T1456: Determine the impact of threats on cybersecurity
T1457: Implement threat countermeasures
T1639: Assess target vulnerabilities and operational capabilities
T1644: Develop cyber operations indicators
T1650: Develop cybersecurity success metrics
T1678: Develop cyber operations crisis action plans
T1679: Develop organizational decision support tools
T1688: Identify strategies to counter potential target actions
T1699: Develop crisis plans
T1700: Maintain crisis plans
T1701: Integrate cyber operations guidance into broader planning activities
T1704: Develop intelligence operations plans
T1710: Develop policies for providing and obtaining cyber operations support from external partners
T1712: Recommend potential courses of action
T1717: Recommend changes to planning policies and procedures
T1718: Implement changes to planning policies and procedures
T1722: Prepare cyber operation strategy and planning documents
T1728: Implement collection operation plans
T1729: Synchronize intelligence planning activities with operational planning timelines
T1735: Facilitate interactions between internal and external partner decision makers to synchronize and integrate courses of action
T1752: Develop courses of action based on threat factors
T1755: Integrate cyber planning and targeting efforts
T1756: Interpret environment preparation assessments
T1761: Determine if changes to the operating environment require review of the plan
T1764: Assess effectiveness of integrated cyber operations
T1779: Coordinate strategic planning efforts with internal and external partners
T1794: Develop cyber operations strategies
T1797: Advise stakeholders on administrative and logistical elements of operational support plans
T1800: Recommend changes to operational plans
T1810: Approve operational requirements for research, development, and acquisition of cyber capabilities
T1811: Prioritize operational requirements for research, development, and acquisition of cyber capabilities
T1812: Submit operational requirements for research, development, and acquisition of cyber capabilities
T1822: Submit requests for deconfliction of cyber operations
T1823: Respond to requests for deconfliction of cyber operations
T1835: Determine if intelligence requirements and collection plans are accurate and up-to-date
T1836: Document lessons learned during events and exercises

Knowledge statements

K0480: Knowledge of malware
K0498: Knowledge of operational planning processes
K0644: Knowledge of cybersecurity operation policies and procedures
K0674: Knowledge of computer networking protocols
K0675: Knowledge of risk management processes
K0676: Knowledge of cybersecurity laws and regulations
K0677: Knowledge of cybersecurity policies and procedures
K0678: Knowledge of privacy laws and regulations
K0679: Knowledge of privacy policies and procedures
K0680: Knowledge of cybersecurity principles and practices
K0681: Knowledge of privacy principles and practices
K0682: Knowledge of cybersecurity threats
K0683: Knowledge of cybersecurity vulnerabilities
K0684: Knowledge of cybersecurity threat characteristics
K0689: Knowledge of network infrastructure principles and practices
K0698: Knowledge of cryptographic key management principles and practices
K0718: Knowledge of network communications principles and practices
K0719: Knowledge of human-computer interaction (HCI) principles and practices
K0751: Knowledge of system threats
K0752: Knowledge of system vulnerabilities
K0766: Knowledge of data asset management principles and practices
K0773: Knowledge of telecommunications principles and practices
K0784: Knowledge of insider threat laws and regulations
K0785: Knowledge of insider threat tools and techniques
K0786: Knowledge of physical computer components
K0787: Knowledge of computer peripherals
K0792: Knowledge of network configurations
K0799: Knowledge of project management principles and practices
K0800: Knowledge of evidence admissibility laws and regulations
K0806: Knowledge of machine virtualization tools and techniques
K0812: Knowledge of digital communication systems and software
K0818: Knowledge of new and emerging cybersecurity risks
K0819: Knowledge of import and export control laws and regulations
K0820: Knowledge of supply chain risks
K0821: Knowledge of federal agency roles and responsibilities
K0825: Knowledge of threat vector characteristics
K0831: Knowledge of network attack vectors
K0834: Knowledge of technology procurement principles and practices
K0857: Knowledge of malware analysis tools and techniques
K0858: Knowledge of virtual machine detection tools and techniques
K0865: Knowledge of data classification standards and best practices
K0866: Knowledge of data classification tools and techniques
K0892: Knowledge of cyber defense laws and regulations
K0899: Knowledge of crisis management protocols
K0900: Knowledge of crisis management processes
K0901: Knowledge of crisis management tools and techniques
K0915: Knowledge of network architecture principles and practices
K0916: Knowledge of malware analysis principles and practices
K0925: Knowledge of wireless communication tools and techniques
K0926: Knowledge of signal jamming tools and techniques
K0934: Knowledge of data classification policies and procedures
K0942: Knowledge of cryptology principles and practices
K0959: Knowledge of operational design principles and practices
K0960: Knowledge of content management system (CMS) capabilities and applications
K0961: Knowledge of planning systems and software
K0969: Knowledge of cyber-attack tools and techniques
K0978: Knowledge of intelligence collection planning processes
K0983: Knowledge of computer networking principles and practices
K0984: Knowledge of web security principles and practices
K0985: Knowledge of crisis action plan models and frameworks
K0990: Knowledge of cyber operations principles and practices
K0993: Knowledge of deconfliction processes
K1008: Knowledge of intelligence support activities
K1009: Knowledge of threat intelligence principles and practices
K1011: Knowledge of network addressing principles and practices
K1014: Knowledge of network security principles and practices
K1017: Knowledge of operational effectiveness assessment principles and practices
K1019: Knowledge of operations security (OPSEC) principles and practices
K1020: Knowledge of organization decision support tools and techniques
K1023: Knowledge of network exploitation tools and techniques
K1024: Knowledge of partnership policies and procedures
K1025: Knowledge of decision-making policies and procedures
K1028: Knowledge of target development principles and practices
K1030: Knowledge of operational planning tools and techniques
K1035: Knowledge of target research tools and techniques
K1036: Knowledge of target organization structures
K1037: Knowledge of target critical capabilities
K1038: Knowledge of target critical vulnerabilities
K1049: Knowledge of routing protocols
K1050: Knowledge of critical information requirements
K1054: Knowledge of red team functions and capabilities
K1063: Knowledge of operation assessment processes
K1065: Knowledge of network operations principles and practices
K1066: Knowledge of threat behaviors
K1067: Knowledge of target behaviors
K1069: Knowledge of virtual machine tools and technologies
K1100: Knowledge of analytical tools and techniques
K1101: Knowledge of analytics
K1109: Knowledge of virtual collaborative workspace tools and techniques

Skill statements

S0186: Skill in applying crisis planning procedures
S0385: Skill in communicating complex concepts
S0414: Skill in evaluating laws
S0415: Skill in evaluating regulations
S0416: Skill in evaluating policies
S0430: Skill in collaborating with others
S0431: Skill in applying critical thinking
S0432: Skill in coordinating cybersecurity operations across an organization
S0438: Skill in functioning effectively in a dynamic, fast-paced environment
S0439: Skill in identifying external partners
S0472: Skill in developing virtual machines
S0473: Skill in maintaining virtual machines
S0493: Skill in determining intelligence support requirements
S0497: Skill in developing client organization profiles
S0498: Skill in managing an intelligence collection plan
S0501: Skill in developing crisis action plans
S0515: Skill in identifying partner capabilities
S0526: Skill in initiating planning activities
S0527: Skill in developing crisis action timelines
S0537: Skill in designing wireless communications systems
S0540: Skill in identifying network threats
S0579: Skill in preparing reports
S0600: Skill in collecting relevant data from a variety of sources
S0610: Skill in communicating effectively
S0686: Skill in performing risk assessments
S0687: Skill in performing administrative planning activities
S0707: Skill in developing comprehensive cyber operations assessment programs
S0708: Skill in executing comprehensive cyber operations assessment programs
S0709: Skill in developing analytics
S0712: Skill in evaluating data source quality
S0713: Skill in evaluating information quality
S0728: Skill in preparing briefings
S0729: Skill in preparing plans
S0756: Skill in incorporating feedback
S0763: Skill in assessing cyber operations
S0769: Skill in defining progress indicators
S0770: Skill in defining success indicators
S0776: Skill in distinguishing between notional and actual resources
S0779: Skill in determining information requirements
S0782: Skill in determining capability estimates
S0783: Skill in creating decision support materials
S0784: Skill in implementing established procedures
S0785: Skill in interpreting planning guidance
S0788: Skill in orchestrating planning teams
S0789: Skill in coordinating collection support
S0790: Skill in monitoring status
S0791: Skill in presenting to an audience
S0800: Skill in analyzing organizational patterns and relationships
S0801: Skill in assessing partner operations capabilities
S0817: Skill in building internal and external relationships

Source: Workforce Framework for Cybersecurity (NICE Framework) (NIST SP 800-181 Rev 1) (Version: 1.0.0)