Oversight and Governance
OG-WRL-010
Program Management
Responsible for leading, coordinating, and the overall success of a defined program. Includes communicating about the program and ensuring alignment with agency or organizational priorities.
- T0220: Resolve conflicts in laws, regulations, policies, standards, or procedures
- T0412: Conduct import/export reviews for acquiring systems and software
- T1011: Apply standards to identify safety risk and protect cyber-physical functions
- T1020: Determine the operational and safety impacts of cybersecurity lapses
- T1022: Review enterprise information technology (IT) goals and objectives
- T1023: Identify critical technology procurement requirements
- T1026: Determine procurement requirements
- T1031: Implement intelligence collection requirements
- T1145: Develop strategic plans
- T1146: Maintain strategic plans
- T1154: Develop risk, compliance, and assurance monitoring strategies
- T1155: Develop risk, compliance, and assurance measurement strategies
- T1227: Manage cybersecurity budget, staffing, and contracting
- T1259: Identify opportunities for new and improved business process solutions
- T1291: Advise stakeholders on the development of continuity of operations plans
- T1306: Conduct technology program and project audits
- T1344: Determine if procurement activities sufficiently address supply chain risks
- T1345: Recommend improvements to procurement activities to address cybersecurity requirements
- T1366: Identify supply chain risks for critical system elements
- T1367: Document supply chain risks for critical system elements
- T1369: Determine if acquisitions, procurement, and outsourcing efforts address cybersecurity requirements
- T1394: Develop independent cybersecurity audit processes for application software, networks, and systems
- T1395: Implement independent cybersecurity audit processes for application software, networks, and systems
- T1396: Oversee independent cybersecurity audits
- T1397: Determine if research and design processes and procedures are in compliance with cybersecurity requirements
- T1398: Determine if research and design processes and procedures are accurately followed by cybersecurity staff when performing their day-to-day activities
- T1399: Develop supply chain, system, network, and operational security contract language
- T1435: Determine if technology services are delivered successfully
- T1448: Manage customer services
- T1472: Gather customer satisfaction and service performance feedback
- T1474: Define operating level agreements (OLAs)
- T1497: Determine supply chain cybersecurity requirements
- T1498: Determine if cybersecurity requirements included in contracts are delivered
- T1552: Identify cyber workforce planning and management issues
- T1553: Address cyber workforce planning and management issues
- T1601: Advise stakeholders on enterprise cybersecurity risk management
- T1602: Advise stakeholders on supply chain risk management
- T1621: Prepare supply chain security reports
- T1622: Prepare risk management reports
- K0498: Knowledge of operational planning processes
- K0650: Knowledge of supplier assessment criteria
- K0651: Knowledge of trustworthiness principles
- K0653: Knowledge of cybersecurity practices in the acquisition process
- K0674: Knowledge of computer networking protocols
- K0675: Knowledge of risk management processes
- K0676: Knowledge of cybersecurity laws and regulations
- K0677: Knowledge of cybersecurity policies and procedures
- K0678: Knowledge of privacy laws and regulations
- K0679: Knowledge of privacy policies and procedures
- K0680: Knowledge of cybersecurity principles and practices
- K0681: Knowledge of privacy principles and practices
- K0682: Knowledge of cybersecurity threats
- K0683: Knowledge of cybersecurity vulnerabilities
- K0684: Knowledge of cybersecurity threat characteristics
- K0690: Knowledge of requirements analysis principles and practices
- K0721: Knowledge of risk management principles and practices
- K0728: Knowledge of Confidentiality, Integrity and Availability (CIA) principles and practices
- K0729: Knowledge of non-repudiation principles and practices
- K0730: Knowledge of cyber safety principles and practices
- K0733: Knowledge of information technology (IT) architecture models and frameworks
- K0734: Knowledge of Risk Management Framework (RMF) requirements
- K0735: Knowledge of risk management models and frameworks
- K0751: Knowledge of system threats
- K0752: Knowledge of system vulnerabilities
- K0754: Knowledge of resource management principles and practices
- K0771: Knowledge of system life cycle management principles and practices
- K0803: Knowledge of supply chain risk management principles and practices
- K0819: Knowledge of import and export control laws and regulations
- K0820: Knowledge of supply chain risks
- K0821: Knowledge of federal agency roles and responsibilities
- K0828: Knowledge of supply chain risk management standards and best practices
- K0834: Knowledge of technology procurement principles and practices
- K0835: Knowledge of risk assessment principles and practices
- K0836: Knowledge of threat assessment principles and practices
- K0838: Knowledge of supply chain risk management policies and procedures
- K0863: Knowledge of cloud computing principles and practices
- K0864: Knowledge of knowledge management principles and practices
- K0868: Knowledge of process improvement principles and practices
- K0869: Knowledge of process maturity models and frameworks
- K0872: Knowledge of service management principles and practices
- K0873: Knowledge of service management standards and best practices
- K0920: Knowledge of risk management policies and procedures
- K0922: Knowledge of the acquisition life cycle models and frameworks
- K0983: Knowledge of computer networking principles and practices
- K1014: Knowledge of network security principles and practices
- K1137: Knowledge of cybersecurity requirements
- K1180: Knowledge of organizational cybersecurity goals and objectives
- K1206: Knowledge of research and design processes and procedures
- S0384: Skill in applying standards
- S0412: Skill in analyzing supplier trustworthiness
- S0413: Skill in determining supplier trustworthiness
- S0423: Skill in analyzing processes to ensure conformance with procedural requirements
- S0462: Skill in integrating information security requirements in the acquisitions process
- S0463: Skill in implementing software quality control processes
- S0555: Skill in performing capabilities analysis
- S0556: Skill in performing requirements analysis
- S0580: Skill in monitoring system performance
- S0581: Skill in configuring systems for performance enhancement
- S0673: Skill in translating operational requirements into security controls
- S0687: Skill in performing administrative planning activities
- S0759: Skill in identifying requirements
- S0811: Skill in managing intelligence collection requirements
- S0870: Skill in performing needs analysis
Source: Workforce Framework for Cybersecurity (NICE Framework) (NIST SP 800-181 Rev 1) (Version: 1.0.0)