Attention: CISA Learning is now available for External Users! The Federal Virtual Training Environment (FedVTE) has been permanently decommissioned and replaced by CISA Learning. Please reference the CISA Learning page for the latest information. Please note: CISA Users should wait to access CISA Learning until the system is ready for internal use in the coming days.

PD-WRL-004

Infrastructure Support

Responsible for testing, implementing, deploying, maintaining, and administering infrastructure hardware and software for cybersecurity.

Task statements

T1020: Determine the operational and safety impacts of cybersecurity lapses
T1111: Administer rule and signature updates for specialized cyber defense applications
T1267: Perform system administration on specialized cyber defense applications and systems
T1268: Administer Virtual Private Network (VPN) devices
T1352: Coordinate critical cyber defense infrastructure protection measures
T1353: Prioritize critical cyber defense infrastructure resources
T1432: Build dedicated cyber defense hardware
T1433: Install dedicated cyber defense hardware
T1442: Assess the impact of implementing and sustaining a dedicated cyber defense infrastructure
T1503: Evaluate platforms managed by service providers
T1515: Manage network access control lists on specialized cyber defense systems
T1555: Implement cyber defense tools
T1561: Implement dedicated cyber defense systems
T1562: Document system requirements

Knowledge statements

K0674: Knowledge of computer networking protocols
K0675: Knowledge of risk management processes
K0676: Knowledge of cybersecurity laws and regulations
K0677: Knowledge of cybersecurity policies and procedures
K0678: Knowledge of privacy laws and regulations
K0679: Knowledge of privacy policies and procedures
K0680: Knowledge of cybersecurity principles and practices
K0681: Knowledge of privacy principles and practices
K0682: Knowledge of cybersecurity threats
K0683: Knowledge of cybersecurity vulnerabilities
K0684: Knowledge of cybersecurity threat characteristics
K0685: Knowledge of access control principles and practices
K0686: Knowledge of authentication and authorization tools and techniques
K0701: Knowledge of data backup and recovery policies and procedures
K0710: Knowledge of enterprise cybersecurity architecture principles and practices
K0716: Knowledge of host access control (HAC) systems and software
K0717: Knowledge of network access control (NAC) systems and software
K0724: Knowledge of incident response principles and practices
K0725: Knowledge of incident response tools and techniques
K0726: Knowledge of incident handling tools and techniques
K0728: Knowledge of Confidentiality, Integrity and Availability (CIA) principles and practices
K0729: Knowledge of non-repudiation principles and practices
K0730: Knowledge of cyber safety principles and practices
K0746: Knowledge of policy-based access controls
K0747: Knowledge of Risk Adaptive (Adaptable) Access Controls (RAdAC)
K0751: Knowledge of system threats
K0752: Knowledge of system vulnerabilities
K0770: Knowledge of system administration principles and practices
K0778: Knowledge of enterprise information technology (IT) architecture principles and practices
K0781: Knowledge of virtual private network (VPN) systems and software
K0783: Knowledge of network attack characteristics
K0791: Knowledge of defense-in-depth principles and practices
K0792: Knowledge of network configurations
K0811: Knowledge of web filtering systems and software
K0829: Knowledge of account creation policies and procedures
K0830: Knowledge of password policies and procedures
K0837: Knowledge of hardening tools and techniques
K0870: Knowledge of enterprise architecture (EA) reference models and frameworks
K0871: Knowledge of enterprise architecture (EA) principles and practices
K0881: Knowledge of learning assessment tools and techniques
K0891: Knowledge of the Open Systems Interconnect (OSI) reference model
K0915: Knowledge of network architecture principles and practices
K0925: Knowledge of wireless communication tools and techniques
K0926: Knowledge of signal jamming tools and techniques
K0950: Knowledge of Intrusion Detection System (IDS) tools and techniques
K0951: Knowledge of Intrusion Prevention System (IPS) tools and techniques
K0983: Knowledge of computer networking principles and practices
K1014: Knowledge of network security principles and practices
K1177: Knowledge of NIST Risk Management Framework authorization requirements
K1211: Knowledge of security assessment authorization requirements
K1237: Knowledge of Virtual Private Network (VPN) devices

Skill statements

S0077: Skill in securing network communications
S0552: Skill in applying host access controls
S0553: Skill in applying network access controls
S0592: Skill in tuning network sensors
S0593: Skill in handling incidents
S0596: Skill in encrypting network communications
S0615: Skill in protecting a network against malware
S0643: Skill in applying hardening techniques
S0645: Skill in troubleshooting cyber defense infrastructure anomalies
S0831: Skill in configuring hardware
S0898: Skill in testing hardware

Source: Workforce Framework for Cybersecurity (NICE Framework) (NIST SP 800-181 Rev 1) (Version: 1.0.0)