CE-WRL-004

Mission Assessment

Responsible for developing assessment plans and performance measures; conducting strategic and operational effectiveness assessments for cyber events; determining whether systems perform as expected; and providing input to the determination of operational effectiveness.

Task statements

T0611: Conduct end-of-operations assessments
T0624: Conduct target research and analysis
T0684: Estimate operational effects generated through cyber activities
T0685: Evaluate threat decision-making processes
T0686: Identify threat vulnerabilities
T0707: Generate requests for information
T0718: Identify intelligence gaps and shortfalls
T1020: Determine the operational and safety impacts of cybersecurity lapses
T1022: Review enterprise information technology (IT) goals and objectives
T1030: Estimate the impact of collateral damage
T1033: Support cyber operations
T1035: Determine how threat activity groups employ encryption to support their operations
T1046: Assess operation performance
T1047: Assess operation impact
T1053: Identify and characterize intrusion activities against a victim or target
T1054: Scope analysis reports to various audiences that accounts for data sharing classification restrictions
T1055: Determine if priority information requirements are satisfied
T1638: Recommend cyber operation targets
T1640: Determine effectiveness of intelligence collection operations
T1641: Recommend adjustments to intelligence collection strategies
T1642: Advise stakeholders on course of action development
T1643: Develop common operational pictures
T1644: Develop cyber operations indicators
T1645: Coordinate all-source collection activities
T1646: Validate all-source collection requirements and plans
T1647: Develop priority information requirements
T1648: Develop performance success metrics
T1651: Prepare threat and target briefings
T1652: Prepare threat and target situational updates
T1661: Assess all-source data for intelligence or vulnerability value
T1686: Identify intelligence requirements
T1707: Prepare munitions effectiveness assessment reports
T1762: Modify collection requirements
T1763: Determine effectiveness of collection requirements
T1765: Monitor changes to designated cyber operations warning problem sets
T1766: Prepare change reports for designated cyber operations warning problem sets
T1767: Monitor threat activities
T1768: Prepare threat activity reports
T1770: Report on adversarial activities that fulfill priority information requirements
T1772: Identify indications and warnings of target communication changes or processing failures
T1775: Prepare cyber operations intelligence reports
T1776: Prepare indications and warnings intelligence reports
T1792: Assess effectiveness of intelligence production
T1793: Assess effectiveness of intelligence reporting
T1795: Conduct post-action effectiveness assessments
T1835: Determine if intelligence requirements and collection plans are accurate and up-to-date

Knowledge statements

K0018: Knowledge of encryption algorithms
K0480: Knowledge of malware
K0551: Knowledge of targeting cycles
K0655: Knowledge of intelligence fusion
K0658: Knowledge of cognitive biases
K0674: Knowledge of computer networking protocols
K0675: Knowledge of risk management processes
K0676: Knowledge of cybersecurity laws and regulations
K0677: Knowledge of cybersecurity policies and procedures
K0678: Knowledge of privacy laws and regulations
K0679: Knowledge of privacy policies and procedures
K0680: Knowledge of cybersecurity principles and practices
K0681: Knowledge of privacy principles and practices
K0682: Knowledge of cybersecurity threats
K0683: Knowledge of cybersecurity vulnerabilities
K0684: Knowledge of cybersecurity threat characteristics
K0689: Knowledge of network infrastructure principles and practices
K0690: Knowledge of requirements analysis principles and practices
K0697: Knowledge of encryption algorithm capabilities and applications
K0718: Knowledge of network communications principles and practices
K0719: Knowledge of human-computer interaction (HCI) principles and practices
K0751: Knowledge of system threats
K0752: Knowledge of system vulnerabilities
K0766: Knowledge of data asset management principles and practices
K0773: Knowledge of telecommunications principles and practices
K0786: Knowledge of physical computer components
K0787: Knowledge of computer peripherals
K0788: Knowledge of adversarial tactics principles and practices
K0789: Knowledge of adversarial tactics tools and techniques
K0790: Knowledge of adversarial tactics policies and procedures
K0792: Knowledge of network configurations
K0806: Knowledge of machine virtualization tools and techniques
K0812: Knowledge of digital communication systems and software
K0818: Knowledge of new and emerging cybersecurity risks
K0825: Knowledge of threat vector characteristics
K0831: Knowledge of network attack vectors
K0844: Knowledge of cyber attack stages
K0845: Knowledge of cyber intrusion activity phases
K0857: Knowledge of malware analysis tools and techniques
K0858: Knowledge of virtual machine detection tools and techniques
K0865: Knowledge of data classification standards and best practices
K0866: Knowledge of data classification tools and techniques
K0892: Knowledge of cyber defense laws and regulations
K0915: Knowledge of network architecture principles and practices
K0916: Knowledge of malware analysis principles and practices
K0925: Knowledge of wireless communication tools and techniques
K0926: Knowledge of signal jamming tools and techniques
K0934: Knowledge of data classification policies and procedures
K0960: Knowledge of content management system (CMS) capabilities and applications
K0968: Knowledge of analytic standards and frameworks Skill in assigning analytical confidence ratings
K0969: Knowledge of cyber-attack tools and techniques
K0983: Knowledge of computer networking principles and practices
K0984: Knowledge of web security principles and practices
K0986: Knowledge of target selection criticality factors
K0987: Knowledge of target selection vulnerability factors
K0989: Knowledge of intelligence information repositories
K0990: Knowledge of cyber operations principles and practices
K0994: Knowledge of denial and deception tools and techniques
K1002: Knowledge of supervisory control and data acquisition (SCADA) systems and software
K1005: Knowledge of intelligence collection capabilities and applications
K1007: Knowledge of intelligence requirements tasking systems and software
K1008: Knowledge of intelligence support activities
K1009: Knowledge of threat intelligence principles and practices
K1010: Knowledge of intelligence policies and procedures
K1011: Knowledge of network addressing principles and practices
K1014: Knowledge of network security principles and practices
K1023: Knowledge of network exploitation tools and techniques
K1025: Knowledge of decision-making policies and procedures
K1028: Knowledge of target development principles and practices
K1035: Knowledge of target research tools and techniques
K1042: Knowledge of target selection policies and procedures
K1049: Knowledge of routing protocols
K1059: Knowledge of request for information processes
K1063: Knowledge of operation assessment processes
K1066: Knowledge of threat behaviors
K1067: Knowledge of target behaviors
K1068: Knowledge of threat systems and software
K1069: Knowledge of virtual machine tools and technologies
K1100: Knowledge of analytical tools and techniques
K1101: Knowledge of analytics
K1106: Knowledge of targeting databases
K1107: Knowledge of targeting systems and software
K1109: Knowledge of virtual collaborative workspace tools and techniques
K1197: Knowledge of priority intelligence requirements

Skill statements

S0111: Skill in interfacing with customers
S0194: Skill in conducting non-attributable research
S0385: Skill in communicating complex concepts
S0430: Skill in collaborating with others
S0433: Skill in creating analytics
S0434: Skill in extrapolating from incomplete data sets
S0435: Skill in analyzing large data sets
S0436: Skill in creating target intelligence products
S0438: Skill in functioning effectively in a dynamic, fast-paced environment
S0443: Skill in mitigating cognitive biases
S0444: Skill in mitigating deception in reporting and analysis
S0446: Skill in mimicking threat actors
S0472: Skill in developing virtual machines
S0473: Skill in maintaining virtual machines
S0494: Skill in performing operational environment analysis
S0503: Skill in selecting targets
S0504: Skill in identifying vulnerabilities
S0505: Skill in performing intrusion data analysis
S0506: Skill in identifying customer information needs
S0509: Skill in evaluating security products
S0511: Skill in establishing priorities
S0512: Skill in extracting metadata
S0514: Skill in preparing operational environments
S0515: Skill in identifying partner capabilities
S0516: Skill in performing threat emulation tactics
S0517: Skill in anticipating threats
S0535: Skill in performing threat factor analysis
S0537: Skill in designing wireless communications systems
S0540: Skill in identifying network threats
S0555: Skill in performing capabilities analysis
S0556: Skill in performing requirements analysis
S0579: Skill in preparing reports
S0600: Skill in collecting relevant data from a variety of sources
S0633: Skill in developing position qualification requirements
S0673: Skill in translating operational requirements into security controls
S0686: Skill in performing risk assessments
S0693: Skill in assessing effects generated during and after cyber operations
S0702: Skill in defining an operational environment
S0704: Skill in performing target analysis
S0709: Skill in developing analytics
S0712: Skill in evaluating data source quality
S0713: Skill in evaluating information quality
S0718: Skill in identifying cybersecurity threats
S0719: Skill in identifying intelligence gaps
S0724: Skill in managing client relationships
S0728: Skill in preparing briefings
S0731: Skill in producing after-action reports
S0739: Skill in analyzing intelligence products
S0748: Skill in querying data
S0751: Skill in conducting open-source searches
S0756: Skill in incorporating feedback
S0765: Skill in converting intelligence requirements into intelligence production tasks
S0777: Skill in developing collection strategies
S0779: Skill in determining information requirements
S0791: Skill in presenting to an audience
S0801: Skill in assessing partner operations capabilities
S0847: Skill in performing all-source intelligence analysis
S0869: Skill in performing metadata analysis
S0876: Skill in performing nodal analysis

Source: Workforce Framework for Cybersecurity (NICE Framework) (NIST SP 800-181 Rev 1) (Version: 1.0.0)