Oversight and Governance
OG-WRL-009
Product Support Management
Responsible for planning, estimating costs, budgeting, developing, implementing, and managing product support strategies in order to field and maintain the readiness and operational capability of systems and components.
- T0220: Resolve conflicts in laws, regulations, policies, standards, or procedures
- T0412: Conduct import/export reviews for acquiring systems and software
- T1011: Apply standards to identify safety risk and protect cyber-physical functions
- T1020: Determine the operational and safety impacts of cybersecurity lapses
- T1023: Identify critical technology procurement requirements
- T1026: Determine procurement requirements
- T1031: Implement intelligence collection requirements
- T1067: Recommend development of new applications or modification of existing applications
- T1068: Create development plans for new applications or modification of existing applications
- T1154: Develop risk, compliance, and assurance monitoring strategies
- T1155: Develop risk, compliance, and assurance measurement strategies
- T1227: Manage cybersecurity budget, staffing, and contracting
- T1259: Identify opportunities for new and improved business process solutions
- T1291: Advise stakeholders on the development of continuity of operations plans
- T1306: Conduct technology program and project audits
- T1344: Determine if procurement activities sufficiently address supply chain risks
- T1345: Recommend improvements to procurement activities to address cybersecurity requirements
- T1366: Identify supply chain risks for critical system elements
- T1367: Document supply chain risks for critical system elements
- T1369: Determine if acquisitions, procurement, and outsourcing efforts address cybersecurity requirements
- T1394: Develop independent cybersecurity audit processes for application software, networks, and systems
- T1395: Implement independent cybersecurity audit processes for application software, networks, and systems
- T1396: Oversee independent cybersecurity audits
- T1397: Determine if research and design processes and procedures are in compliance with cybersecurity requirements
- T1398: Determine if research and design processes and procedures are accurately followed by cybersecurity staff when performing their day-to-day activities
- T1399: Develop supply chain, system, network, and operational security contract language
- T1435: Determine if technology services are delivered successfully
- T1448: Manage customer services
- T1465: Define service-level agreements (SLAs)
- T1472: Gather customer satisfaction and service performance feedback
- T1480: Examine service performance reports for issues and variances
- T1481: Initiate corrective actions to service performance issues and variances
- T1497: Determine supply chain cybersecurity requirements
- T1601: Advise stakeholders on enterprise cybersecurity risk management
- T1602: Advise stakeholders on supply chain risk management
- T1604: Provide cybersecurity advice on implementation plans, standard operating procedures, maintenance documentation, and maintenance training materials
- T1621: Prepare supply chain security reports
- T1622: Prepare risk management reports
- K0498: Knowledge of operational planning processes
- K0641: Knowledge of market research tools and techniques
- K0642: Knowledge of pricing structures
- K0650: Knowledge of supplier assessment criteria
- K0651: Knowledge of trustworthiness principles
- K0653: Knowledge of cybersecurity practices in the acquisition process
- K0674: Knowledge of computer networking protocols
- K0675: Knowledge of risk management processes
- K0676: Knowledge of cybersecurity laws and regulations
- K0677: Knowledge of cybersecurity policies and procedures
- K0678: Knowledge of privacy laws and regulations
- K0679: Knowledge of privacy policies and procedures
- K0680: Knowledge of cybersecurity principles and practices
- K0681: Knowledge of privacy principles and practices
- K0682: Knowledge of cybersecurity threats
- K0683: Knowledge of cybersecurity vulnerabilities
- K0684: Knowledge of cybersecurity threat characteristics
- K0690: Knowledge of requirements analysis principles and practices
- K0721: Knowledge of risk management principles and practices
- K0724: Knowledge of incident response principles and practices
- K0727: Knowledge of analysis standards and best practices
- K0728: Knowledge of Confidentiality, Integrity and Availability (CIA) principles and practices
- K0729: Knowledge of non-repudiation principles and practices
- K0730: Knowledge of cyber safety principles and practices
- K0734: Knowledge of Risk Management Framework (RMF) requirements
- K0735: Knowledge of risk management models and frameworks
- K0736: Knowledge of information technology (IT) security principles and practices
- K0743: Knowledge of new and emerging technologies
- K0751: Knowledge of system threats
- K0752: Knowledge of system vulnerabilities
- K0754: Knowledge of resource management principles and practices
- K0771: Knowledge of system life cycle management principles and practices
- K0803: Knowledge of supply chain risk management principles and practices
- K0819: Knowledge of import and export control laws and regulations
- K0820: Knowledge of supply chain risks
- K0821: Knowledge of federal agency roles and responsibilities
- K0823: Knowledge of incident response policies and procedures
- K0824: Knowledge of incident response roles and responsibilities
- K0828: Knowledge of supply chain risk management standards and best practices
- K0834: Knowledge of technology procurement principles and practices
- K0835: Knowledge of risk assessment principles and practices
- K0836: Knowledge of threat assessment principles and practices
- K0838: Knowledge of supply chain risk management policies and procedures
- K0863: Knowledge of cloud computing principles and practices
- K0864: Knowledge of knowledge management principles and practices
- K0868: Knowledge of process improvement principles and practices
- K0869: Knowledge of process maturity models and frameworks
- K0872: Knowledge of service management principles and practices
- K0873: Knowledge of service management standards and best practices
- K0912: Knowledge of sustainment principles and practices
- K0913: Knowledge of sustainment processes
- K0920: Knowledge of risk management policies and procedures
- K0922: Knowledge of the acquisition life cycle models and frameworks
- K0983: Knowledge of computer networking principles and practices
- K1014: Knowledge of network security principles and practices
- K1137: Knowledge of cybersecurity requirements
- K1180: Knowledge of organizational cybersecurity goals and objectives
- K1206: Knowledge of research and design processes and procedures
- S0384: Skill in applying standards
- S0404: Skill in conducting market research
- S0405: Skill in pricing products
- S0412: Skill in analyzing supplier trustworthiness
- S0413: Skill in determining supplier trustworthiness
- S0423: Skill in analyzing processes to ensure conformance with procedural requirements
- S0462: Skill in integrating information security requirements in the acquisitions process
- S0463: Skill in implementing software quality control processes
- S0555: Skill in performing capabilities analysis
- S0556: Skill in performing requirements analysis
- S0580: Skill in monitoring system performance
- S0581: Skill in configuring systems for performance enhancement
- S0673: Skill in translating operational requirements into security controls
- S0687: Skill in performing administrative planning activities
- S0759: Skill in identifying requirements
- S0811: Skill in managing intelligence collection requirements
- S0821: Skill in collaborating with internal and external stakeholders
- S0870: Skill in performing needs analysis
Source: Workforce Framework for Cybersecurity (NICE Framework) (NIST SP 800-181 Rev 1) (Version: 1.0.0)