Oversight and Governance
OG-WRL-011
Secure Project Management
Responsible for overseeing and directly managing technology projects. Ensures cybersecurity is built into projects to protect the organization’s critical infrastructure and assets, reduce risk, and meet organizational goals. Tracks and communicates project status and demonstrates project value to the organization.
- T0220: Resolve conflicts in laws, regulations, policies, standards, or procedures
- T0412: Conduct import/export reviews for acquiring systems and software
- T1011: Apply standards to identify safety risk and protect cyber-physical functions
- T1020: Determine the operational and safety impacts of cybersecurity lapses
- T1022: Review enterprise information technology (IT) goals and objectives
- T1023: Identify critical technology procurement requirements
- T1026: Determine procurement requirements
- T1031: Implement intelligence collection requirements
- T1067: Recommend development of new applications or modification of existing applications
- T1068: Create development plans for new applications or modification of existing applications
- T1154: Develop risk, compliance, and assurance monitoring strategies
- T1155: Develop risk, compliance, and assurance measurement strategies
- T1227: Manage cybersecurity budget, staffing, and contracting
- T1259: Identify opportunities for new and improved business process solutions
- T1291: Advise stakeholders on the development of continuity of operations plans
- T1306: Conduct technology program and project audits
- T1344: Determine if procurement activities sufficiently address supply chain risks
- T1345: Recommend improvements to procurement activities to address cybersecurity requirements
- T1366: Identify supply chain risks for critical system elements
- T1367: Document supply chain risks for critical system elements
- T1369: Determine if acquisitions, procurement, and outsourcing efforts address cybersecurity requirements
- T1394: Develop independent cybersecurity audit processes for application software, networks, and systems
- T1395: Implement independent cybersecurity audit processes for application software, networks, and systems
- T1396: Oversee independent cybersecurity audits
- T1397: Determine if research and design processes and procedures are in compliance with cybersecurity requirements
- T1398: Determine if research and design processes and procedures are accurately followed by cybersecurity staff when performing their day-to-day activities
- T1399: Develop supply chain, system, network, and operational security contract language
- T1435: Determine if technology services are delivered successfully
- T1448: Manage customer services
- T1465: Define service-level agreements (SLAs)
- T1472: Gather customer satisfaction and service performance feedback
- T1474: Define operating level agreements (OLAs)
- T1480: Examine service performance reports for issues and variances
- T1481: Initiate corrective actions to service performance issues and variances
- T1497: Determine supply chain cybersecurity requirements
- T1498: Determine if cybersecurity requirements included in contracts are delivered
- T1552: Identify cyber workforce planning and management issues
- T1553: Address cyber workforce planning and management issues
- T1601: Advise stakeholders on enterprise cybersecurity risk management
- T1602: Advise stakeholders on supply chain risk management
- T1621: Prepare supply chain security reports
- T1622: Prepare risk management reports
- K0498: Knowledge of operational planning processes
- K0650: Knowledge of supplier assessment criteria
- K0651: Knowledge of trustworthiness principles
- K0653: Knowledge of cybersecurity practices in the acquisition process
- K0674: Knowledge of computer networking protocols
- K0675: Knowledge of risk management processes
- K0676: Knowledge of cybersecurity laws and regulations
- K0677: Knowledge of cybersecurity policies and procedures
- K0678: Knowledge of privacy laws and regulations
- K0679: Knowledge of privacy policies and procedures
- K0680: Knowledge of cybersecurity principles and practices
- K0681: Knowledge of privacy principles and practices
- K0682: Knowledge of cybersecurity threats
- K0683: Knowledge of cybersecurity vulnerabilities
- K0684: Knowledge of cybersecurity threat characteristics
- K0690: Knowledge of requirements analysis principles and practices
- K0721: Knowledge of risk management principles and practices
- K0727: Knowledge of analysis standards and best practices
- K0728: Knowledge of Confidentiality, Integrity and Availability (CIA) principles and practices
- K0729: Knowledge of non-repudiation principles and practices
- K0730: Knowledge of cyber safety principles and practices
- K0733: Knowledge of information technology (IT) architecture models and frameworks
- K0734: Knowledge of Risk Management Framework (RMF) requirements
- K0735: Knowledge of risk management models and frameworks
- K0736: Knowledge of information technology (IT) security principles and practices
- K0743: Knowledge of new and emerging technologies
- K0751: Knowledge of system threats
- K0752: Knowledge of system vulnerabilities
- K0754: Knowledge of resource management principles and practices
- K0771: Knowledge of system life cycle management principles and practices
- K0803: Knowledge of supply chain risk management principles and practices
- K0819: Knowledge of import and export control laws and regulations
- K0820: Knowledge of supply chain risks
- K0821: Knowledge of federal agency roles and responsibilities
- K0828: Knowledge of supply chain risk management standards and best practices
- K0834: Knowledge of technology procurement principles and practices
- K0835: Knowledge of risk assessment principles and practices
- K0836: Knowledge of threat assessment principles and practices
- K0838: Knowledge of supply chain risk management policies and procedures
- K0863: Knowledge of cloud computing principles and practices
- K0864: Knowledge of knowledge management principles and practices
- K0868: Knowledge of process improvement principles and practices
- K0869: Knowledge of process maturity models and frameworks
- K0872: Knowledge of service management principles and practices
- K0873: Knowledge of service management standards and best practices
- K0920: Knowledge of risk management policies and procedures
- K0922: Knowledge of the acquisition life cycle models and frameworks
- K0983: Knowledge of computer networking principles and practices
- K1014: Knowledge of network security principles and practices
- K1137: Knowledge of cybersecurity requirements
- K1180: Knowledge of organizational cybersecurity goals and objectives
- K1206: Knowledge of research and design processes and procedures
- S0384: Skill in applying standards
- S0412: Skill in analyzing supplier trustworthiness
- S0413: Skill in determining supplier trustworthiness
- S0423: Skill in analyzing processes to ensure conformance with procedural requirements
- S0462: Skill in integrating information security requirements in the acquisitions process
- S0463: Skill in implementing software quality control processes
- S0555: Skill in performing capabilities analysis
- S0556: Skill in performing requirements analysis
- S0580: Skill in monitoring system performance
- S0581: Skill in configuring systems for performance enhancement
- S0673: Skill in translating operational requirements into security controls
- S0687: Skill in performing administrative planning activities
- S0759: Skill in identifying requirements
- S0811: Skill in managing intelligence collection requirements
- S0821: Skill in collaborating with internal and external stakeholders
- S0870: Skill in performing needs analysis
Source: Workforce Framework for Cybersecurity (NICE Framework) (NIST SP 800-181 Rev 1) (Version: 1.0.0)