Design and Development
DD-WRL-004

Secure Systems Development

Responsible for the secure design, development, and testing of systems and the evaluation of system security throughout the systems development life cycle.

  • T0067: Develop architectures or system components consistent with technical specifications
  • T0084: Employ secure configuration management processes
  • T0122: Implement security designs for new or existing systems
  • T0124: Incorporate cybersecurity vulnerability solutions into system designs (e.g., Cybersecurity Vulnerability Alerts)
  • T0271: Develop cybersecurity designs to meet specific operational needs and environmental factors (e.g., access controls, automated applications, networked operations, high integrity and availability requirements, multilevel security/processing of multiple classification levels, and processing Sensitive Compartmented Information)
  • T1010: Communicate enterprise information technology architecture
  • T1019: Determine special needs of cyber-physical systems
  • T1020: Determine the operational and safety impacts of cybersecurity lapses
  • T1022: Review enterprise information technology (IT) goals and objectives
  • T1026: Determine procurement requirements
  • T1027: Integrate organizational goals and objectives into security architecture
  • T1030: Estimate the impact of collateral damage
  • T1041: Determine impact of software configurations
  • T1046: Assess operation performance
  • T1047: Assess operation impact
  • T1072: Determine life cycle support requirements
  • T1075: Implement application cybersecurity policies
  • T1078: Determine effectiveness of system cybersecurity measures
  • T1079: Develop cybersecurity risk profiles
  • T1081: Create product prototypes using working and theoretical models
  • T1084: Identify anomalous network activity
  • T1096: Perform privacy impact assessments (PIAs)
  • T1118: Identify vulnerabilities
  • T1119: Recommend vulnerability remediation strategies
  • T1122: Determine essential system capabilities and business functions
  • T1123: Prioritize essential system capabilities and business functions
  • T1124: Restore essential system capabilities and business functions after catastrophic failure events
  • T1128: Design cybersecurity or cybersecurity-enabled products
  • T1129: Develop cybersecurity or cybersecurity-enabled products
  • T1131: Determine if hardware, operating systems, and software applications adequately address cybersecurity requirements
  • T1132: Design system data backup capabilities
  • T1133: Develop technical and procedural processes for integrity of stored backup data
  • T1134: Develop technical and procedural processes for backup data storage
  • T1138: Create system testing and validation procedures and documentation
  • T1148: Develop systems security design documentation
  • T1149: Develop disaster recovery and continuity of operations plans for systems under development
  • T1150: Test disaster recovery and continuity of operations plans for systems prior to deployment
  • T1160: Develop risk mitigation strategies
  • T1161: Resolve system vulnerabilities
  • T1162: Recommend security changes to systems and system components
  • T1163: Develop cybersecurity countermeasures for systems and applications
  • T1164: Develop risk mitigation strategies for systems and applications
  • T1193: Allocate security functions to components and elements
  • T1194: Remediate technical problems encountered during system testing and implementation
  • T1195: Direct the remediation of technical problems encountered during system testing and implementation
  • T1206: Recommend cybersecurity or cybersecurity-enabled products for use within a system
  • T1269: Conduct risk analysis of applications and systems undergoing major changes
  • T1292: Develop guidelines for implementing developed systems for customers and installation teams
  • T1294: Advise on Risk Management Framework process activities and documentation
  • T1309: Analyze system capabilities and requirements
  • T1312: Conduct test and evaluation activities
  • T1326: Develop system performance predictions for various operating conditions
  • T1363: Plan system security development
  • T1364: Conduct system security development
  • T1365: Document cybersecurity design and development activities
  • T1401: Integrate system development life cycle methodologies into development environment
  • T1454: Design secure interfaces between information systems, physical systems, and embedded technologies
  • T1455: Implement secure interfaces between information systems, physical systems, and embedded technologies
  • T1489: Correlate incident data
  • T1507: Determine user requirements
  • T1508: Plan cybersecurity architecture
  • T1519: Design system security measures
  • T1520: Update system security measures
  • T1522: Determine if systems meet minimum security requirements
  • T1563: Implement system security measures
  • T1583: Determine effectiveness of system implementation and testing processes
  • T1584: Establish minimum security requirements for applications
  • T1585: Determine if applications meet minimum security requirements
  • T1586: Conduct cybersecurity risk assessments
  • T1592: Conduct cybersecurity reviews
  • T1593: Identify cybersecurity gaps in enterprise architecture
  • T1604: Provide cybersecurity advice on implementation plans, standard operating procedures, maintenance documentation, and maintenance training materials
  • T1613: Determine if design components meet system requirements
  • T1614: Determine scalability of system architecture
  • K0018: Knowledge of encryption algorithms
  • K0055: Knowledge of microprocessors
  • K0068: Knowledge of programming language structures and logic
  • K0653: Knowledge of cybersecurity practices in the acquisition process
  • K0674: Knowledge of computer networking protocols
  • K0675: Knowledge of risk management processes
  • K0676: Knowledge of cybersecurity laws and regulations
  • K0677: Knowledge of cybersecurity policies and procedures
  • K0678: Knowledge of privacy laws and regulations
  • K0679: Knowledge of privacy policies and procedures
  • K0680: Knowledge of cybersecurity principles and practices
  • K0681: Knowledge of privacy principles and practices
  • K0682: Knowledge of cybersecurity threats
  • K0683: Knowledge of cybersecurity vulnerabilities
  • K0684: Knowledge of cybersecurity threat characteristics
  • K0685: Knowledge of access control principles and practices
  • K0686: Knowledge of authentication and authorization tools and techniques
  • K0694: Knowledge of computer algorithm capabilities and applications
  • K0698: Knowledge of cryptographic key management principles and practices
  • K0707: Knowledge of database systems and software
  • K0710: Knowledge of enterprise cybersecurity architecture principles and practices
  • K0711: Knowledge of evaluation and validation principles and practices
  • K0712: Knowledge of Local Area Networks (LAN)
  • K0713: Knowledge of Wide Area Networks (WAN)
  • K0714: Knowledge of electrical engineering principles and practices
  • K0715: Knowledge of resiliency and redundancy principles and practices
  • K0716: Knowledge of host access control (HAC) systems and software
  • K0717: Knowledge of network access control (NAC) systems and software
  • K0719: Knowledge of human-computer interaction (HCI) principles and practices
  • K0721: Knowledge of risk management principles and practices
  • K0722: Knowledge of software development principles and practices
  • K0728: Knowledge of Confidentiality, Integrity and Availability (CIA) principles and practices
  • K0729: Knowledge of non-repudiation principles and practices
  • K0730: Knowledge of cyber safety principles and practices
  • K0731: Knowledge of systems security engineering (SSE) principles and practices
  • K0736: Knowledge of information technology (IT) security principles and practices
  • K0737: Knowledge of bandwidth management tools and techniques
  • K0739: Knowledge of mathematics principles and practices
  • K0742: Knowledge of identity and access management (IAM) principles and practices
  • K0744: Knowledge of operating system (OS) systems and software
  • K0745: Knowledge of parallel and distributed computing principles and practices
  • K0746: Knowledge of policy-based access controls
  • K0747: Knowledge of Risk Adaptive (Adaptable) Access Controls (RAdAC)
  • K0748: Knowledge of Privacy Impact Assessment (PIA) principles and practices
  • K0749: Knowledge of process engineering principles and practices
  • K0751: Knowledge of system threats
  • K0752: Knowledge of system vulnerabilities
  • K0755: Knowledge of configuration management (CM) tools and techniques
  • K0756: Knowledge of security management principles and practices
  • K0757: Knowledge of system design tools and techniques
  • K0758: Knowledge of server administration principles and practices
  • K0759: Knowledge of client and server architecture
  • K0764: Knowledge of software development models and frameworks
  • K0765: Knowledge of software engineering principles and practices
  • K0767: Knowledge of structured analysis principles and practices
  • K0768: Knowledge of automated systems analysis tools and techniques
  • K0769: Knowledge of system design standards and best practices
  • K0771: Knowledge of system life cycle management principles and practices
  • K0772: Knowledge of systems testing and evaluation tools and techniques
  • K0773: Knowledge of telecommunications principles and practices
  • K0778: Knowledge of enterprise information technology (IT) architecture principles and practices
  • K0779: Knowledge of systems engineering processes
  • K0791: Knowledge of defense-in-depth principles and practices
  • K0803: Knowledge of supply chain risk management principles and practices
  • K0813: Knowledge of interpreted and compiled programming language characteristics
  • K0814: Knowledge of secure coding tools and techniques
  • K0820: Knowledge of supply chain risks
  • K0828: Knowledge of supply chain risk management standards and best practices
  • K0838: Knowledge of supply chain risk management policies and procedures
  • K0839: Knowledge of critical infrastructure systems and software
  • K0840: Knowledge of hardware reverse engineering tools and techniques
  • K0842: Knowledge of software reverse engineering tools and techniques
  • K0846: Knowledge of secure software deployment principles and practices
  • K0847: Knowledge of secure software deployment tools and techniques
  • K0848: Knowledge of network systems management principles and practices
  • K0849: Knowledge of network systems management tools and techniques
  • K0851: Knowledge of reverse engineering principles and practices
  • K0859: Knowledge of encryption tools and techniques
  • K0865: Knowledge of data classification standards and best practices
  • K0866: Knowledge of data classification tools and techniques
  • K0870: Knowledge of enterprise architecture (EA) reference models and frameworks
  • K0871: Knowledge of enterprise architecture (EA) principles and practices
  • K0872: Knowledge of service management principles and practices
  • K0873: Knowledge of service management standards and best practices
  • K0877: Knowledge of application firewall principles and practices
  • K0878: Knowledge of network firewall principles and practices
  • K0879: Knowledge of industry cybersecurity models and frameworks
  • K0880: Knowledge of access control models and frameworks
  • K0891: Knowledge of the Open Systems Interconnect (OSI) reference model
  • K0915: Knowledge of network architecture principles and practices
  • K0917: Knowledge of Personally Identifiable Information (PII) data security standards and best practices
  • K0918: Knowledge of Payment Card Industry (PCI) data security standards and best practices
  • K0919: Knowledge of Personal Health Information (PHI) data security standards and best practices
  • K0922: Knowledge of the acquisition life cycle models and frameworks
  • K0928: Knowledge of systems engineering principles and practices
  • K0934: Knowledge of data classification policies and procedures
  • K0937: Knowledge of countermeasure design principles and practices
  • K0942: Knowledge of cryptology principles and practices
  • K0947: Knowledge of computer engineering principles and practices
  • K0948: Knowledge of embedded systems and software
  • K0952: Knowledge of information theory principles and practices
  • K0983: Knowledge of computer networking principles and practices
  • K1014: Knowledge of network security principles and practices
  • K1063: Knowledge of operation assessment processes
  • K1080: Knowledge of secure software update principles and practices
  • K1081: Knowledge of secure firmware update principles and practices
  • K1088: Knowledge of knowledge management tools and techniques
  • K1100: Knowledge of analytical tools and techniques
  • K1111: Knowledge of application security design principles and practices
  • K1119: Knowledge of component and interface specifications
  • K1120: Knowledge of Confidentiality, Integrity, Availability, Authenticity, and Non-repudiation (CIAAN) principles and practices
  • K1148: Knowledge of data manipulation principles and practices
  • K1149: Knowledge of data retrieval principles and practices
  • K1150: Knowledge of data storage principles and practices
  • K1158: Knowledge of evaluation and validation requirements
  • K1164: Knowledge of hardware design principles and practices
  • K1194: Knowledge of Personally Identifiable Information (PII) attributes
  • K1212: Knowledge of security controls
  • K1235: Knowledge of user needs and requirements
  • S0097: Skill in applying security controls
  • S0136: Skill in network systems management principles, models, methods (e.g., end-to-end systems performance monitoring), and tools
  • S0141: Skill in assessing security systems designs
  • S0172: Skill in applying secure coding techniques
  • S0383: Skill in analyzing an organization's enterprise information technology architecture
  • S0385: Skill in communicating complex concepts
  • S0391: Skill in creating technical documentation
  • S0409: Skill in deriving evaluative conclusions from data
  • S0418: Skill in applying secure network architectures
  • S0419: Skill in designing systems
  • S0423: Skill in analyzing processes to ensure conformance with procedural requirements
  • S0428: Skill in designing architectures
  • S0429: Skill in designing frameworks
  • S0430: Skill in collaborating with others
  • S0462: Skill in integrating information security requirements in the acquisitions process
  • S0463: Skill in implementing software quality control processes
  • S0465: Skill in identifying critical infrastructure systems
  • S0466: Skill in identifying systems designed without security considerations
  • S0532: Skill in analyzing software configurations
  • S0543: Skill in scanning for vulnerabilities
  • S0544: Skill in recognizing vulnerabilities
  • S0569: Skill in designing security controls
  • S0570: Skill in designing the integration of hardware solutions
  • S0571: Skill in designing the integration of software solutions
  • S0574: Skill in developing security system controls
  • S0578: Skill in evaluating security designs
  • S0619: Skill in auditing technical systems
  • S0655: Skill in designing secure test plans
  • S0664: Skill in applying policies that meet system security objectives
  • S0674: Skill in installing system and component upgrades
  • S0675: Skill in optimizing system performance
  • S0681: Skill in performing design modeling
  • S0686: Skill in performing risk assessments
  • S0744: Skill in performing technical writing
  • S0788: Skill in orchestrating planning teams
  • S0789: Skill in coordinating collection support
  • S0790: Skill in monitoring status
  • S0824: Skill in communicating with customers
  • S0861: Skill in performing gap analysis
  • S0878: Skill in performing risk analysis
  • S0893: Skill in performing user needs analysis
  • S0899: Skill in testing interfaces