Oversight and Governance
OG-WRL-006

Cybersecurity Legal Advice

Responsible for providing cybersecurity legal advice and recommendations, including monitoring related legislation and regulations.

  • T0006: Advocate organization's official position in legal and legislative proceedings
  • T0220: Resolve conflicts in laws, regulations, policies, standards, or procedures
  • T1020: Determine the operational and safety impacts of cybersecurity lapses
  • T1023: Identify critical technology procurement requirements
  • T1069: Evaluate organizational cybersecurity policy regulatory compliance
  • T1070: Evaluate organizational cybersecurity policy alignment with organizational directives
  • T1189: Determine if contracts comply with funding, legal, and program requirements
  • T1511: Identify alleged violations of law, regulations, policy, or guidance
  • T1535: Develop implementation guidelines
  • T1546: Provide inspectors general, privacy officers, and oversight and compliance with legal analysis and decisions
  • T1549: Evaluate the impact of legal, regulatory, policy, standard, or procedural changes
  • T1599: Prepare legal documents
  • K0674: Knowledge of computer networking protocols
  • K0675: Knowledge of risk management processes
  • K0676: Knowledge of cybersecurity laws and regulations
  • K0677: Knowledge of cybersecurity policies and procedures
  • K0678: Knowledge of privacy laws and regulations
  • K0679: Knowledge of privacy policies and procedures
  • K0680: Knowledge of cybersecurity principles and practices
  • K0681: Knowledge of privacy principles and practices
  • K0682: Knowledge of cybersecurity threats
  • K0683: Knowledge of cybersecurity vulnerabilities
  • K0684: Knowledge of cybersecurity threat characteristics
  • K0685: Knowledge of access control principles and practices
  • K0686: Knowledge of authentication and authorization tools and techniques
  • K0696: Knowledge of digital forensic data principles and practices
  • K0736: Knowledge of information technology (IT) security principles and practices
  • K0743: Knowledge of new and emerging technologies
  • K0746: Knowledge of policy-based access controls
  • K0747: Knowledge of Risk Adaptive (Adaptable) Access Controls (RAdAC)
  • K0751: Knowledge of system threats
  • K0752: Knowledge of system vulnerabilities
  • K0784: Knowledge of insider threat laws and regulations
  • K0785: Knowledge of insider threat tools and techniques
  • K0800: Knowledge of evidence admissibility laws and regulations
  • K0819: Knowledge of import and export control laws and regulations
  • K0820: Knowledge of supply chain risks
  • K0821: Knowledge of federal agency roles and responsibilities
  • K0829: Knowledge of account creation policies and procedures
  • K0830: Knowledge of password policies and procedures
  • K0834: Knowledge of technology procurement principles and practices
  • K0892: Knowledge of cyber defense laws and regulations
  • K0918: Knowledge of Payment Card Industry (PCI) data security standards and best practices
  • K0919: Knowledge of Personal Health Information (PHI) data security standards and best practices
  • K0944: Knowledge of intelligence data gathering principles and practices
  • K0945: Knowledge of intelligence data gathering policies and procedures
  • K0954: Knowledge of foreign disclosure policies and procedures
  • K0983: Knowledge of computer networking principles and practices
  • K0990: Knowledge of cyber operations principles and practices
  • K1014: Knowledge of network security principles and practices
  • K1050: Knowledge of critical information requirements
  • K1070: Knowledge of privacy disclosure statement laws and regulations
  • K1138: Knowledge of cybersecurity standards and best practices
  • K1182: Knowledge of organizational cybersecurity policies and configurations
  • S0414: Skill in evaluating laws
  • S0415: Skill in evaluating regulations
  • S0416: Skill in evaluating policies
  • S0610: Skill in communicating effectively
  • S0686: Skill in performing risk assessments