Oversight and Governance
OG-WRL-006
Cybersecurity Legal Advice
Responsible for providing cybersecurity legal advice and recommendations, including monitoring related legislation and regulations.
- T0006: Advocate organization's official position in legal and legislative proceedings
- T0220: Resolve conflicts in laws, regulations, policies, standards, or procedures
- T1020: Determine the operational and safety impacts of cybersecurity lapses
- T1023: Identify critical technology procurement requirements
- T1069: Evaluate organizational cybersecurity policy regulatory compliance
- T1070: Evaluate organizational cybersecurity policy alignment with organizational directives
- T1189: Determine if contracts comply with funding, legal, and program requirements
- T1511: Identify alleged violations of law, regulations, policy, or guidance
- T1535: Develop implementation guidelines
- T1546: Provide inspectors general, privacy officers, and oversight and compliance with legal analysis and decisions
- T1549: Evaluate the impact of legal, regulatory, policy, standard, or procedural changes
- T1599: Prepare legal documents
- K0674: Knowledge of computer networking protocols
- K0675: Knowledge of risk management processes
- K0676: Knowledge of cybersecurity laws and regulations
- K0677: Knowledge of cybersecurity policies and procedures
- K0678: Knowledge of privacy laws and regulations
- K0679: Knowledge of privacy policies and procedures
- K0680: Knowledge of cybersecurity principles and practices
- K0681: Knowledge of privacy principles and practices
- K0682: Knowledge of cybersecurity threats
- K0683: Knowledge of cybersecurity vulnerabilities
- K0684: Knowledge of cybersecurity threat characteristics
- K0685: Knowledge of access control principles and practices
- K0686: Knowledge of authentication and authorization tools and techniques
- K0696: Knowledge of digital forensic data principles and practices
- K0736: Knowledge of information technology (IT) security principles and practices
- K0743: Knowledge of new and emerging technologies
- K0746: Knowledge of policy-based access controls
- K0747: Knowledge of Risk Adaptive (Adaptable) Access Controls (RAdAC)
- K0751: Knowledge of system threats
- K0752: Knowledge of system vulnerabilities
- K0784: Knowledge of insider threat laws and regulations
- K0785: Knowledge of insider threat tools and techniques
- K0800: Knowledge of evidence admissibility laws and regulations
- K0819: Knowledge of import and export control laws and regulations
- K0820: Knowledge of supply chain risks
- K0821: Knowledge of federal agency roles and responsibilities
- K0829: Knowledge of account creation policies and procedures
- K0830: Knowledge of password policies and procedures
- K0834: Knowledge of technology procurement principles and practices
- K0892: Knowledge of cyber defense laws and regulations
- K0918: Knowledge of Payment Card Industry (PCI) data security standards and best practices
- K0919: Knowledge of Personal Health Information (PHI) data security standards and best practices
- K0944: Knowledge of intelligence data gathering principles and practices
- K0945: Knowledge of intelligence data gathering policies and procedures
- K0954: Knowledge of foreign disclosure policies and procedures
- K0983: Knowledge of computer networking principles and practices
- K0990: Knowledge of cyber operations principles and practices
- K1014: Knowledge of network security principles and practices
- K1050: Knowledge of critical information requirements
- K1070: Knowledge of privacy disclosure statement laws and regulations
- K1138: Knowledge of cybersecurity standards and best practices
- K1182: Knowledge of organizational cybersecurity policies and configurations
- S0414: Skill in evaluating laws
- S0415: Skill in evaluating regulations
- S0416: Skill in evaluating policies
- S0610: Skill in communicating effectively
- S0686: Skill in performing risk assessments
Source: Workforce Framework for Cybersecurity (NICE Framework) (NIST SP 800-181 Rev 1) (Version: 1.0.0)