Attention: CISA Learning is now available for External Users! The Federal Virtual Training Environment (FedVTE) has been permanently decommissioned and replaced by CISA Learning. Please reference the CISA Learning page for the latest information. Please note: CISA Users should wait to access CISA Learning until the system is ready for internal use in the coming days.

OG-WRL-010

Program Management

Responsible for leading, coordinating, and the overall success of a defined program. Includes communicating about the program and ensuring alignment with agency or organizational priorities.

Task statements

T0220: Resolve conflicts in laws, regulations, policies, standards, or procedures
T0412: Conduct import/export reviews for acquiring systems and software
T1011: Apply standards to identify safety risk and protect cyber-physical functions
T1020: Determine the operational and safety impacts of cybersecurity lapses
T1022: Review enterprise information technology (IT) goals and objectives
T1023: Identify critical technology procurement requirements
T1026: Determine procurement requirements
T1031: Implement intelligence collection requirements
T1145: Develop strategic plans
T1146: Maintain strategic plans
T1154: Develop risk, compliance, and assurance monitoring strategies
T1155: Develop risk, compliance, and assurance measurement strategies
T1227: Manage cybersecurity budget, staffing, and contracting
T1259: Identify opportunities for new and improved business process solutions
T1291: Advise stakeholders on the development of continuity of operations plans
T1306: Conduct technology program and project audits
T1344: Determine if procurement activities sufficiently address supply chain risks
T1345: Recommend improvements to procurement activities to address cybersecurity requirements
T1366: Identify supply chain risks for critical system elements
T1367: Document supply chain risks for critical system elements
T1369: Determine if acquisitions, procurement, and outsourcing efforts address cybersecurity requirements
T1394: Develop independent cybersecurity audit processes for application software, networks, and systems
T1395: Implement independent cybersecurity audit processes for application software, networks, and systems
T1396: Oversee independent cybersecurity audits
T1397: Determine if research and design processes and procedures are in compliance with cybersecurity requirements
T1398: Determine if research and design processes and procedures are accurately followed by cybersecurity staff when performing their day-to-day activities
T1399: Develop supply chain, system, network, and operational security contract language
T1435: Determine if technology services are delivered successfully
T1448: Manage customer services
T1472: Gather customer satisfaction and service performance feedback
T1474: Define operating level agreements (OLAs)
T1497: Determine supply chain cybersecurity requirements
T1498: Determine if cybersecurity requirements included in contracts are delivered
T1552: Identify cyber workforce planning and management issues
T1553: Address cyber workforce planning and management issues
T1601: Advise stakeholders on enterprise cybersecurity risk management
T1602: Advise stakeholders on supply chain risk management
T1621: Prepare supply chain security reports
T1622: Prepare risk management reports

Knowledge statements

K0498: Knowledge of operational planning processes
K0650: Knowledge of supplier assessment criteria
K0651: Knowledge of trustworthiness principles
K0653: Knowledge of cybersecurity practices in the acquisition process
K0674: Knowledge of computer networking protocols
K0675: Knowledge of risk management processes
K0676: Knowledge of cybersecurity laws and regulations
K0677: Knowledge of cybersecurity policies and procedures
K0678: Knowledge of privacy laws and regulations
K0679: Knowledge of privacy policies and procedures
K0680: Knowledge of cybersecurity principles and practices
K0681: Knowledge of privacy principles and practices
K0682: Knowledge of cybersecurity threats
K0683: Knowledge of cybersecurity vulnerabilities
K0684: Knowledge of cybersecurity threat characteristics
K0690: Knowledge of requirements analysis principles and practices
K0721: Knowledge of risk management principles and practices
K0728: Knowledge of Confidentiality, Integrity and Availability (CIA) principles and practices
K0729: Knowledge of non-repudiation principles and practices
K0730: Knowledge of cyber safety principles and practices
K0733: Knowledge of information technology (IT) architecture models and frameworks
K0734: Knowledge of Risk Management Framework (RMF) requirements
K0735: Knowledge of risk management models and frameworks
K0751: Knowledge of system threats
K0752: Knowledge of system vulnerabilities
K0754: Knowledge of resource management principles and practices
K0771: Knowledge of system life cycle management principles and practices
K0803: Knowledge of supply chain risk management principles and practices
K0819: Knowledge of import and export control laws and regulations
K0820: Knowledge of supply chain risks
K0821: Knowledge of federal agency roles and responsibilities
K0828: Knowledge of supply chain risk management standards and best practices
K0834: Knowledge of technology procurement principles and practices
K0835: Knowledge of risk assessment principles and practices
K0836: Knowledge of threat assessment principles and practices
K0838: Knowledge of supply chain risk management policies and procedures
K0863: Knowledge of cloud computing principles and practices
K0864: Knowledge of knowledge management principles and practices
K0868: Knowledge of process improvement principles and practices
K0869: Knowledge of process maturity models and frameworks
K0872: Knowledge of service management principles and practices
K0873: Knowledge of service management standards and best practices
K0920: Knowledge of risk management policies and procedures
K0922: Knowledge of the acquisition life cycle models and frameworks
K0983: Knowledge of computer networking principles and practices
K1014: Knowledge of network security principles and practices
K1137: Knowledge of cybersecurity requirements
K1180: Knowledge of organizational cybersecurity goals and objectives
K1206: Knowledge of research and design processes and procedures

Skill statements

S0384: Skill in applying standards
S0412: Skill in analyzing supplier trustworthiness
S0413: Skill in determining supplier trustworthiness
S0423: Skill in analyzing processes to ensure conformance with procedural requirements
S0462: Skill in integrating information security requirements in the acquisitions process
S0463: Skill in implementing software quality control processes
S0555: Skill in performing capabilities analysis
S0556: Skill in performing requirements analysis
S0580: Skill in monitoring system performance
S0581: Skill in configuring systems for performance enhancement
S0673: Skill in translating operational requirements into security controls
S0687: Skill in performing administrative planning activities
S0759: Skill in identifying requirements
S0811: Skill in managing intelligence collection requirements
S0870: Skill in performing needs analysis

Source: Workforce Framework for Cybersecurity (NICE Framework) (NIST SP 800-181 Rev 1) (Version: 1.0.0)