Attention: CISA Learning is now available! If you are an EXTERNAL (non-CISA) user access the new system using this url: CISA Learning. The Federal Virtual Training Environment (FedVTE) has been permanently decommissioned and replaced by CISA Learning. Please reference the CISA Learning page for the latest information. Please note: CISA Users (staff and contractors) should access CISA Learning through the internal site. You should have received an email on December 4, 2024, titled “CISA Learning is LIVE!” with more information.

OG-WRL-012

Security Control Assessment

Responsible for conducting independent comprehensive assessments of management, operational, and technical security controls and control enhancements employed within or inherited by a system to determine their overall effectiveness.

Task statements

T0309: Assess the effectiveness of security controls
T0495: Manage Accreditation Packages (e.g., ISO/IEC 15026-2)
T1012: Expand network access
T1013: Conduct technical exploitation of a target
T1019: Determine special needs of cyber-physical systems
T1020: Determine the operational and safety impacts of cybersecurity lapses
T1021: Review cyber defense service provider reporting structure
T1022: Review enterprise information technology (IT) goals and objectives
T1023: Identify critical technology procurement requirements
T1026: Determine procurement requirements
T1030: Estimate the impact of collateral damage
T1036: Integrate leadership priorities
T1038: Integrate organization objectives in intelligence collection
T1041: Determine impact of software configurations
T1046: Assess operation performance
T1047: Assess operation impact
T1054: Scope analysis reports to various audiences that accounts for data sharing classification restrictions
T1055: Determine if priority information requirements are satisfied
T1079: Develop cybersecurity risk profiles
T1084: Identify anomalous network activity
T1118: Identify vulnerabilities
T1119: Recommend vulnerability remediation strategies
T1232: Approve accreditation packages
T1263: Perform security reviews
T1264: Identify gaps in security architecture
T1265: Develop a cybersecurity risk management plan
T1266: Recommend risk mitigation strategies
T1269: Conduct risk analysis of applications and systems undergoing major changes
T1270: Plan security authorization reviews for system and network installations
T1271: Conduct security authorization reviews for system and network installations
T1272: Develop security assurance cases for system and network installations
T1294: Advise on Risk Management Framework process activities and documentation
T1305: Determine if authorization and assurance documents identify an acceptable level of risk for software applications, systems, and networks
T1327: Update security documentation to reflect current application and system security design features
T1328: Verify implementation of software, network, and system cybersecurity postures
T1329: Document software, network, and system deviations from implemented security postures
T1330: Recommend required actions to correct software, network, and system deviations from implemented security postures
T1339: Develop cybersecurity compliance processes for external services
T1340: Develop cybersecurity audit processes for external services
T1343: Provide cybersecurity guidance to organizational risk governance processes
T1355: Determine if vulnerability remediation plans are in place
T1356: Develop vulnerability remediation plans
T1357: Determine if cybersecurity requirements have been successfully implemented
T1358: Determine the effectiveness of organizational cybersecurity policies and procedures
T1361: Determine the impact of new system and interface implementations on organization's cybersecurity posture
T1362: Document impact of new system and interface implementations on organization's cybersecurity posture
T1365: Document cybersecurity design and development activities
T1368: Support cybersecurity compliance activities
T1369: Determine if acquisitions, procurement, and outsourcing efforts address cybersecurity requirements
T1437: Determine effectiveness of configuration management processes
T1489: Correlate incident data
T1829: Evaluate locally developed tools

Knowledge statements

K0018: Knowledge of encryption algorithms
K0476: Knowledge of language processing tools and techniques
K0653: Knowledge of cybersecurity practices in the acquisition process
K0655: Knowledge of intelligence fusion
K0658: Knowledge of cognitive biases
K0659: Knowledge of information privacy technologies
K0674: Knowledge of computer networking protocols
K0675: Knowledge of risk management processes
K0676: Knowledge of cybersecurity laws and regulations
K0677: Knowledge of cybersecurity policies and procedures
K0678: Knowledge of privacy laws and regulations
K0679: Knowledge of privacy policies and procedures
K0680: Knowledge of cybersecurity principles and practices
K0681: Knowledge of privacy principles and practices
K0682: Knowledge of cybersecurity threats
K0683: Knowledge of cybersecurity vulnerabilities
K0684: Knowledge of cybersecurity threat characteristics
K0685: Knowledge of access control principles and practices
K0686: Knowledge of authentication and authorization tools and techniques
K0687: Knowledge of business operations standards and best practices
K0688: Knowledge of common application vulnerabilities
K0689: Knowledge of network infrastructure principles and practices
K0691: Knowledge of cyber defense tools and techniques
K0692: Knowledge of vulnerability assessment tools and techniques
K0698: Knowledge of cryptographic key management principles and practices
K0701: Knowledge of data backup and recovery policies and procedures
K0702: Knowledge of data warehousing principles and practices
K0703: Knowledge of data mining principles and practices
K0707: Knowledge of database systems and software
K0709: Knowledge of business continuity and disaster recovery (BCDR) policies and procedures
K0710: Knowledge of enterprise cybersecurity architecture principles and practices
K0711: Knowledge of evaluation and validation principles and practices
K0712: Knowledge of Local Area Networks (LAN)
K0713: Knowledge of Wide Area Networks (WAN)
K0718: Knowledge of network communications principles and practices
K0720: Knowledge of Security Assessment and Authorization (SA&A) processes
K0721: Knowledge of risk management principles and practices
K0723: Knowledge of vulnerability data sources
K0728: Knowledge of Confidentiality, Integrity and Availability (CIA) principles and practices
K0729: Knowledge of non-repudiation principles and practices
K0730: Knowledge of cyber safety principles and practices
K0731: Knowledge of systems security engineering (SSE) principles and practices
K0734: Knowledge of Risk Management Framework (RMF) requirements
K0735: Knowledge of risk management models and frameworks
K0736: Knowledge of information technology (IT) security principles and practices
K0742: Knowledge of identity and access management (IAM) principles and practices
K0743: Knowledge of new and emerging technologies
K0746: Knowledge of policy-based access controls
K0747: Knowledge of Risk Adaptive (Adaptable) Access Controls (RAdAC)
K0749: Knowledge of process engineering principles and practices
K0751: Knowledge of system threats
K0752: Knowledge of system vulnerabilities
K0758: Knowledge of server administration principles and practices
K0760: Knowledge of server diagnostic tools and techniques
K0761: Knowledge of Fault Detection and Diagnostics (FDD) tools and techniques
K0765: Knowledge of software engineering principles and practices
K0767: Knowledge of structured analysis principles and practices
K0776: Knowledge of collaboration tools and techniques
K0778: Knowledge of enterprise information technology (IT) architecture principles and practices
K0779: Knowledge of systems engineering processes
K0784: Knowledge of insider threat laws and regulations
K0785: Knowledge of insider threat tools and techniques
K0791: Knowledge of defense-in-depth principles and practices
K0800: Knowledge of evidence admissibility laws and regulations
K0803: Knowledge of supply chain risk management principles and practices
K0806: Knowledge of machine virtualization tools and techniques
K0814: Knowledge of secure coding tools and techniques
K0819: Knowledge of import and export control laws and regulations
K0820: Knowledge of supply chain risks
K0821: Knowledge of federal agency roles and responsibilities
K0828: Knowledge of supply chain risk management standards and best practices
K0834: Knowledge of technology procurement principles and practices
K0838: Knowledge of supply chain risk management policies and procedures
K0839: Knowledge of critical infrastructure systems and software
K0840: Knowledge of hardware reverse engineering tools and techniques
K0842: Knowledge of software reverse engineering tools and techniques
K0851: Knowledge of reverse engineering principles and practices
K0858: Knowledge of virtual machine detection tools and techniques
K0859: Knowledge of encryption tools and techniques
K0865: Knowledge of data classification standards and best practices
K0866: Knowledge of data classification tools and techniques
K0870: Knowledge of enterprise architecture (EA) reference models and frameworks
K0871: Knowledge of enterprise architecture (EA) principles and practices
K0877: Knowledge of application firewall principles and practices
K0878: Knowledge of network firewall principles and practices
K0879: Knowledge of industry cybersecurity models and frameworks
K0880: Knowledge of access control models and frameworks
K0881: Knowledge of learning assessment tools and techniques
K0885: Knowledge of instructional design principles and practices
K0886: Knowledge of instructional design models and frameworks
K0892: Knowledge of cyber defense laws and regulations
K0915: Knowledge of network architecture principles and practices
K0917: Knowledge of Personally Identifiable Information (PII) data security standards and best practices
K0918: Knowledge of Payment Card Industry (PCI) data security standards and best practices
K0919: Knowledge of Personal Health Information (PHI) data security standards and best practices
K0922: Knowledge of the acquisition life cycle models and frameworks
K0924: Knowledge of network analysis tools and techniques
K0928: Knowledge of systems engineering principles and practices
K0934: Knowledge of data classification policies and procedures
K0942: Knowledge of cryptology principles and practices
K0947: Knowledge of computer engineering principles and practices
K0948: Knowledge of embedded systems and software
K0953: Knowledge of data mining tools and techniques
K0955: Knowledge of penetration testing principles and practices
K0956: Knowledge of penetration testing tools and techniques
K0962: Knowledge of targeting laws and regulations
K0963: Knowledge of exploitation laws and regulations
K0965: Knowledge of language analysis tools and techniques
K0966: Knowledge of voice analysis tools and techniques
K0967: Knowledge of graphic materials analysis tools and techniques
K0983: Knowledge of computer networking principles and practices
K0986: Knowledge of target selection criticality factors
K0987: Knowledge of target selection vulnerability factors
K0990: Knowledge of cyber operations principles and practices
K1014: Knowledge of network security principles and practices
K1034: Knowledge of target language
K1050: Knowledge of critical information requirements
K1063: Knowledge of operation assessment processes
K1069: Knowledge of virtual machine tools and technologies
K1076: Knowledge of risk scoring principles and practices
K1077: Knowledge of data security controls
K1079: Knowledge of web application security risks
K1084: Knowledge of data privacy controls
K1088: Knowledge of knowledge management tools and techniques
K1096: Knowledge of data analysis tools and techniques
K1098: Knowledge of personnel systems and software
K1099: Knowledge of code analysis tools and techniques
K1100: Knowledge of analytical tools and techniques
K1101: Knowledge of analytics
K1108: Knowledge of traceroute tools and techniques
K1109: Knowledge of virtual collaborative workspace tools and techniques
K1180: Knowledge of organizational cybersecurity goals and objectives

Skill statements

S0015: Skill in conducting test events
S0097: Skill in applying security controls
S0111: Skill in interfacing with customers
S0136: Skill in network systems management principles, models, methods (e.g., end-to-end systems performance monitoring), and tools
S0141: Skill in assessing security systems designs
S0172: Skill in applying secure coding techniques
S0175: Skill in performing root cause analysis
S0177: Skill in performing network analysis on targets
S0248: Skill in performing target system analysis
S0252: Skill in processing collected data for follow-on analysis
S0385: Skill in communicating complex concepts
S0386: Skill in communicating verbally
S0387: Skill in communicating in writing
S0388: Skill in facilitating small group discussions
S0389: Skill in facilitating group discussions
S0391: Skill in creating technical documentation
S0393: Skill in developing assessments
S0394: Skill in developing security assessments
S0401: Skill in collecting data
S0402: Skill in verifying data
S0403: Skill in validating data
S0409: Skill in deriving evaluative conclusions from data
S0414: Skill in evaluating laws
S0415: Skill in evaluating regulations
S0416: Skill in evaluating policies
S0423: Skill in analyzing processes to ensure conformance with procedural requirements
S0430: Skill in collaborating with others
S0431: Skill in applying critical thinking
S0435: Skill in analyzing large data sets
S0436: Skill in creating target intelligence products
S0437: Skill in identifying targets of interest
S0438: Skill in functioning effectively in a dynamic, fast-paced environment
S0439: Skill in identifying external partners
S0440: Skill in identifying target vulnerabilities
S0441: Skill in describing target vulnerabilities
S0443: Skill in mitigating cognitive biases
S0447: Skill in aligning privacy and cybersecurity objectives
S0462: Skill in integrating information security requirements in the acquisitions process
S0463: Skill in implementing software quality control processes
S0465: Skill in identifying critical infrastructure systems
S0466: Skill in identifying systems designed without security considerations
S0472: Skill in developing virtual machines
S0473: Skill in maintaining virtual machines
S0483: Skill in identifying software communications vulnerabilities
S0503: Skill in selecting targets
S0504: Skill in identifying vulnerabilities
S0506: Skill in identifying customer information needs
S0511: Skill in establishing priorities
S0515: Skill in identifying partner capabilities
S0532: Skill in analyzing software configurations
S0543: Skill in scanning for vulnerabilities
S0544: Skill in recognizing vulnerabilities
S0558: Skill in developing algorithms
S0559: Skill in performing data structure analysis
S0574: Skill in developing security system controls
S0578: Skill in evaluating security designs
S0579: Skill in preparing reports
S0580: Skill in monitoring system performance
S0581: Skill in configuring systems for performance enhancement
S0601: Skill in developing curricula
S0602: Skill in teaching training programs
S0614: Skill in categorizing types of vulnerabilities
S0628: Skill in developing learning activities
S0632: Skill in designing Test and Evaluation Strategies (TES)
S0634: Skill in identifying Test and Evaluation Strategies (TES) infrastructure requirements
S0635: Skill in managing test assets
S0641: Skill in reviewing logs
S0642: Skill in identifying evidence of past intrusions
S0645: Skill in troubleshooting cyber defense infrastructure anomalies
S0647: Skill in managing a workforce
S0654: Skill in conducting system reviews
S0655: Skill in designing secure test plans
S0656: Skill in assessing application vulnerabilities
S0657: Skill in implementing Public Key Infrastructure (PKI) encryption
S0658: Skill in implementing digital signatures
S0664: Skill in applying policies that meet system security objectives
S0667: Skill in assessing security controls
S0673: Skill in translating operational requirements into security controls
S0675: Skill in optimizing system performance
S0686: Skill in performing risk assessments
S0687: Skill in performing administrative planning activities
S0688: Skill in performing network data analysis
S0700: Skill in mining data
S0701: Skill in performing data mining analysis
S0704: Skill in performing target analysis
S0709: Skill in developing analytics
S0710: Skill in evaluating metadata
S0711: Skill in interpreting metadata
S0712: Skill in evaluating data source quality
S0713: Skill in evaluating information quality
S0715: Skill in generating operation plans
S0719: Skill in identifying intelligence gaps
S0720: Skill in identifying regional languages and dialects
S0721: Skill in prioritizing information
S0722: Skill in interpreting traceroute results
S0723: Skill in interpreting vulnerability scanner results
S0724: Skill in managing client relationships
S0728: Skill in preparing briefings
S0729: Skill in preparing plans
S0731: Skill in producing after-action reports
S0739: Skill in analyzing intelligence products
S0743: Skill in identifying network anomalies
S0744: Skill in performing technical writing
S0755: Skill in reconstructing a network
S0756: Skill in incorporating feedback
S0758: Skill in performing wireless network analysis
S0760: Skill in navigating databases
S0761: Skill in performing strategic guidance analysis
S0775: Skill in developing intelligence collection plans
S0777: Skill in developing collection strategies
S0780: Skill in fulfilling information requests
S0788: Skill in orchestrating planning teams
S0789: Skill in coordinating collection support
S0790: Skill in monitoring status
S0791: Skill in presenting to an audience
S0800: Skill in analyzing organizational patterns and relationships
S0801: Skill in assessing partner operations capabilities
S0807: Skill in solving problems
S0809: Skill in utilizing cyber defense service provider information
S0813: Skill in identifying cybersecurity issues in external connections
S0814: Skill in identifying privacy issues in partner interconnections
S0874: Skill in performing network traffic analysis
S0878: Skill in performing risk analysis

Source: Workforce Framework for Cybersecurity (NICE Framework) (NIST SP 800-181 Rev 1) (Version: 1.0.0)