Attention: CISA Learning is now available! If you are an EXTERNAL (non-CISA) user access the new system using this url: CISA Learning. The Federal Virtual Training Environment (FedVTE) has been permanently decommissioned and replaced by CISA Learning. Please reference the CISA Learning page for the latest information. Please note: CISA Users (staff and contractors) should access CISA Learning through the internal site. You should have received an email on December 4, 2024, titled “CISA Learning is LIVE!” with more information.

OG-WRL-005

Cybersecurity Instruction

Responsible for developing and conducting cybersecurity awareness, training, or education.

Task statements

T0101: Evaluate the effectiveness and comprehensiveness of existing training programs
T1008: Prepare and deliver education and awareness briefings
T1009: Create a cybersecurity awareness program
T1020: Determine the operational and safety impacts of cybersecurity lapses
T1025: Implement organizational training and education policies and procedures
T1036: Integrate leadership priorities
T1038: Integrate organization objectives in intelligence collection
T1054: Scope analysis reports to various audiences that accounts for data sharing classification restrictions
T1093: Conduct interactive training exercises
T1156: Develop awareness and training materials
T1157: Identify pertinent awareness and training materials
T1311: Design and execute exercise scenarios
T1334: Produce cybersecurity instructional materials
T1411: Develop technical training curriculum and resources
T1412: Deliver technical training to customers
T1413: Develop training modules and classes
T1414: Develop training assignments
T1415: Develop training evaluations
T1416: Develop grading and proficiency standards
T1417: Create learner development, training, and remediation plans
T1418: Develop learning objectives and goals
T1419: Develop organizational training materials
T1421: Develop proficiency assessments
T1446: Conduct learning needs assessments
T1447: Identify training requirements
T1462: Develop cybersecurity training policies and procedures
T1463: Develop cybersecurity curriculum goals and objectives
T1485: Prepare after action reviews (AARs)
T1517: Deliver training courses
T1537: Determine if cybersecurity training, education, and awareness meet established goals
T1594: Plan classroom learning sessions
T1595: Coordinate training and education
T1596: Plan delivery of non-classroom learning
T1609: Recommend revisions to learning materials and curriculum
T1870: Create privacy training materials
T1871: Prepare privacy awareness communications
T1873: Deliver privacy awareness trainings

Knowledge statements

K0638: Knowledge of security awareness programs
K0643: Knowledge of virtual learning environments
K0654: Knowledge of target audience requirements
K0659: Knowledge of information privacy technologies
K0674: Knowledge of computer networking protocols
K0675: Knowledge of risk management processes
K0676: Knowledge of cybersecurity laws and regulations
K0677: Knowledge of cybersecurity policies and procedures
K0678: Knowledge of privacy laws and regulations
K0679: Knowledge of privacy policies and procedures
K0680: Knowledge of cybersecurity principles and practices
K0681: Knowledge of privacy principles and practices
K0682: Knowledge of cybersecurity threats
K0683: Knowledge of cybersecurity vulnerabilities
K0684: Knowledge of cybersecurity threat characteristics
K0685: Knowledge of access control principles and practices
K0686: Knowledge of authentication and authorization tools and techniques
K0689: Knowledge of network infrastructure principles and practices
K0718: Knowledge of network communications principles and practices
K0728: Knowledge of Confidentiality, Integrity and Availability (CIA) principles and practices
K0729: Knowledge of non-repudiation principles and practices
K0730: Knowledge of cyber safety principles and practices
K0736: Knowledge of information technology (IT) security principles and practices
K0743: Knowledge of new and emerging technologies
K0744: Knowledge of operating system (OS) systems and software
K0751: Knowledge of system threats
K0752: Knowledge of system vulnerabilities
K0759: Knowledge of client and server architecture
K0766: Knowledge of data asset management principles and practices
K0770: Knowledge of system administration principles and practices
K0773: Knowledge of telecommunications principles and practices
K0792: Knowledge of network configurations
K0801: Knowledge of cognitive domain models and frameworks
K0805: Knowledge of command-line tools and techniques
K0806: Knowledge of machine virtualization tools and techniques
K0810: Knowledge of deployable forensics principles and practices
K0812: Knowledge of digital communication systems and software
K0818: Knowledge of new and emerging cybersecurity risks
K0825: Knowledge of threat vector characteristics
K0831: Knowledge of network attack vectors
K0837: Knowledge of hardening tools and techniques
K0839: Knowledge of critical infrastructure systems and software
K0858: Knowledge of virtual machine detection tools and techniques
K0863: Knowledge of cloud computing principles and practices
K0864: Knowledge of knowledge management principles and practices
K0865: Knowledge of data classification standards and best practices
K0866: Knowledge of data classification tools and techniques
K0881: Knowledge of learning assessment tools and techniques
K0885: Knowledge of instructional design principles and practices
K0886: Knowledge of instructional design models and frameworks
K0887: Knowledge of training policies and procedures
K0888: Knowledge of Bloom's Taxonomy learning levels
K0889: Knowledge of learning management system (LMS) systems and software
K0890: Knowledge of learning modes
K0893: Knowledge of training systems and software
K0905: Knowledge of media production tool and techniques
K0910: Knowledge of needs assessment principles and practices
K0923: Knowledge of operating system structures and internals
K0924: Knowledge of network analysis tools and techniques
K0934: Knowledge of data classification policies and procedures
K0983: Knowledge of computer networking principles and practices
K1014: Knowledge of network security principles and practices
K1032: Knowledge of satellite-based communication systems and software
K1055: Knowledge of digital forensics principles and practices
K1069: Knowledge of virtual machine tools and technologies
K1083: Knowledge of cybersecurity competitions
K1087: Knowledge of social engineering tools and techniques
K1088: Knowledge of knowledge management tools and techniques
K1089: Knowledge of protocol analyzer tools and techniques

Skill statements

S0097: Skill in applying security controls
S0156: Skill in performing packet-level analysis
S0379: Skill in verifying participation in a security awareness program
S0380: Skill in facilitating cybersecurity awareness briefings
S0381: Skill in developing training programs
S0385: Skill in communicating complex concepts
S0386: Skill in communicating verbally
S0387: Skill in communicating in writing
S0388: Skill in facilitating small group discussions
S0389: Skill in facilitating group discussions
S0390: Skill in assessing learner comprehension
S0391: Skill in creating technical documentation
S0392: Skill in providing training and education feedback to learners
S0393: Skill in developing assessments
S0394: Skill in developing security assessments
S0395: Skill in developing instructional materials
S0424: Skill in executing command line tools
S0430: Skill in collaborating with others
S0431: Skill in applying critical thinking
S0467: Skill in conducting an education needs assessment
S0468: Skill in conducting a training needs assessment
S0472: Skill in developing virtual machines
S0473: Skill in maintaining virtual machines
S0483: Skill in identifying software communications vulnerabilities
S0530: Skill in conducting research
S0543: Skill in scanning for vulnerabilities
S0544: Skill in recognizing vulnerabilities
S0572: Skill in detecting host- and network-based intrusions
S0591: Skill in performing social engineering
S0592: Skill in tuning network sensors
S0597: Skill in writing code in a currently supported programming language
S0600: Skill in collecting relevant data from a variety of sources
S0601: Skill in developing curricula
S0602: Skill in teaching training programs
S0610: Skill in communicating effectively
S0612: Skill in performing digital forensics analysis
S0613: Skill in configuring software-based computer protection tools
S0618: Skill in configuring network protection components
S0628: Skill in developing learning activities
S0629: Skill in applying technologies for instructional purposes
S0643: Skill in applying hardening techniques
S0651: Skill in performing malware analysis
S0686: Skill in performing risk assessments
S0688: Skill in performing network data analysis
S0712: Skill in evaluating data source quality
S0713: Skill in evaluating information quality
S0738: Skill in performing reverse engineering of software
S0739: Skill in analyzing intelligence products
S0744: Skill in performing technical writing
S0754: Skill in establishing persistence
S0756: Skill in incorporating feedback
S0791: Skill in presenting to an audience
S0800: Skill in analyzing organizational patterns and relationships
S0807: Skill in solving problems
S0874: Skill in performing network traffic analysis

Source: Workforce Framework for Cybersecurity (NICE Framework) (NIST SP 800-181 Rev 1) (Version: 1.0.0)