Attention: CISA Learning is now available! If you are an EXTERNAL (non-CISA) user access the new system using this url: CISA Learning. The Federal Virtual Training Environment (FedVTE) has been permanently decommissioned and replaced by CISA Learning. Please reference the CISA Learning page for the latest information. Please note: CISA Users (staff and contractors) should access CISA Learning through the internal site. You should have received an email on December 4, 2024, titled “CISA Learning is LIVE!” with more information.

IO-WRL-002

Database Administration

Responsible for administering databases and data management systems that allow for the secure storage, query, protection, and utilization of data.

Task statements

T0137: Maintain database management systems software
T0330: Maintain assured message delivery systems
T0422: Implement data management standards, requirements, and specifications
T0459: Implement data mining and data warehousing applications
T1020: Determine the operational and safety impacts of cybersecurity lapses
T1065: Determine data capacity requirements
T1066: Plan for anticipated changes in data capacity requirements
T1230: Maintain directory replication services
T1231: Maintain information exchanges through publish, subscribe, and alert functions
T1249: Perform backup and recovery of databases
T1297: Recommend new database technologies and architectures
T1402: Manage databases and data management systems
T1564: Install database management systems and software
T1565: Configure database management systems and software

Knowledge statements

K0674: Knowledge of computer networking protocols
K0675: Knowledge of risk management processes
K0676: Knowledge of cybersecurity laws and regulations
K0677: Knowledge of cybersecurity policies and procedures
K0678: Knowledge of privacy laws and regulations
K0679: Knowledge of privacy policies and procedures
K0680: Knowledge of cybersecurity principles and practices
K0681: Knowledge of privacy principles and practices
K0682: Knowledge of cybersecurity threats
K0683: Knowledge of cybersecurity vulnerabilities
K0684: Knowledge of cybersecurity threat characteristics
K0685: Knowledge of access control principles and practices
K0686: Knowledge of authentication and authorization tools and techniques
K0698: Knowledge of cryptographic key management principles and practices
K0699: Knowledge of data administration policies and procedures
K0700: Knowledge of data standardization policies and procedures
K0701: Knowledge of data backup and recovery policies and procedures
K0702: Knowledge of data warehousing principles and practices
K0703: Knowledge of data mining principles and practices
K0704: Knowledge of database management system (DBMS) principles and practices
K0705: Knowledge of database query language capabilities and applications
K0706: Knowledge of database schema capabilities and applications
K0707: Knowledge of database systems and software
K0708: Knowledge of digital rights management (DRM) tools and techniques
K0716: Knowledge of host access control (HAC) systems and software
K0717: Knowledge of network access control (NAC) systems and software
K0742: Knowledge of identity and access management (IAM) principles and practices
K0744: Knowledge of operating system (OS) systems and software
K0746: Knowledge of policy-based access controls
K0747: Knowledge of Risk Adaptive (Adaptable) Access Controls (RAdAC)
K0750: Knowledge of query languages
K0751: Knowledge of system threats
K0752: Knowledge of system vulnerabilities
K0759: Knowledge of client and server architecture
K0766: Knowledge of data asset management principles and practices
K0777: Knowledge of data storage media characteristics
K0859: Knowledge of encryption tools and techniques
K0862: Knowledge of data remediation tools and techniques
K0865: Knowledge of data classification standards and best practices
K0866: Knowledge of data classification tools and techniques
K0867: Knowledge of database application programming interfaces (APIs)
K0874: Knowledge of key management service (KMS) principles and practices
K0875: Knowledge of symmetric encryption principles and practices
K0876: Knowledge of key management service (KMS) key rotation policies and procedures
K0917: Knowledge of Personally Identifiable Information (PII) data security standards and best practices
K0918: Knowledge of Payment Card Industry (PCI) data security standards and best practices
K0919: Knowledge of Personal Health Information (PHI) data security standards and best practices
K0934: Knowledge of data classification policies and procedures
K0942: Knowledge of cryptology principles and practices
K0983: Knowledge of computer networking principles and practices
K0991: Knowledge of database administration principles and practices
K0992: Knowledge of database maintenance principles and practices
K1014: Knowledge of network security principles and practices
K1114: Knowledge of capacity management
K1121: Knowledge of configuration management
K1147: Knowledge of data integrity principles and practices
K1161: Knowledge of financial management

Skill statements

S0045: Skill in optimizing database performance
S0545: Skill in designing data storage solutions
S0546: Skill in implementing data storage solutions
S0558: Skill in developing algorithms
S0559: Skill in performing data structure analysis
S0579: Skill in preparing reports
S0586: Skill in administering databases
S0728: Skill in preparing briefings
S0791: Skill in presenting to an audience
S0819: Skill in caching data
S0820: Skill in cataloging data
S0828: Skill in compiling data
S0835: Skill in distributing data
S0897: Skill in retrieving data

Source: Workforce Framework for Cybersecurity (NICE Framework) (NIST SP 800-181 Rev 1) (Version: 1.0.0)