OG-WRL-012

Security Control Assessment

Responsible for conducting independent comprehensive assessments of management, operational, and technical security controls and control enhancements employed within or inherited by a system to determine their overall effectiveness.

Task statements

T0309: Assess the effectiveness of security controls
T0495: Manage Accreditation Packages (e.g., ISO/IEC 15026-2)
T1012: Expand network access
T1013: Conduct technical exploitation of a target
T1019: Determine special needs of cyber-physical systems
T1020: Determine the operational and safety impacts of cybersecurity lapses
T1021: Review cyber defense service provider reporting structure
T1022: Review enterprise information technology (IT) goals and objectives
T1023: Identify critical technology procurement requirements
T1026: Determine procurement requirements
T1030: Estimate the impact of collateral damage
T1036: Integrate leadership priorities
T1038: Integrate organization objectives in intelligence collection
T1041: Determine impact of software configurations
T1046: Assess operation performance
T1047: Assess operation impact
T1054: Scope analysis reports to various audiences that accounts for data sharing classification restrictions
T1055: Determine if priority information requirements are satisfied
T1079: Develop cybersecurity risk profiles
T1084: Identify anomalous network activity
T1118: Identify vulnerabilities
T1119: Recommend vulnerability remediation strategies
T1232: Approve accreditation packages
T1263: Perform security reviews
T1264: Identify gaps in security architecture
T1265: Develop a cybersecurity risk management plan
T1266: Recommend risk mitigation strategies
T1269: Conduct risk analysis of applications and systems undergoing major changes
T1270: Plan security authorization reviews for system and network installations
T1271: Conduct security authorization reviews for system and network installations
T1272: Develop security assurance cases for system and network installations
T1294: Advise on Risk Management Framework process activities and documentation
T1305: Determine if authorization and assurance documents identify an acceptable level of risk for software applications, systems, and networks
T1327: Update security documentation to reflect current application and system security design features
T1328: Verify implementation of software, network, and system cybersecurity postures
T1329: Document software, network, and system deviations from implemented security postures
T1330: Recommend required actions to correct software, network, and system deviations from implemented security postures
T1339: Develop cybersecurity compliance processes for external services
T1340: Develop cybersecurity audit processes for external services
T1343: Provide cybersecurity guidance to organizational risk governance processes
T1355: Determine if vulnerability remediation plans are in place
T1356: Develop vulnerability remediation plans
T1357: Determine if cybersecurity requirements have been successfully implemented
T1358: Determine the effectiveness of organizational cybersecurity policies and procedures
T1361: Determine the impact of new system and interface implementations on organization's cybersecurity posture
T1362: Document impact of new system and interface implementations on organization's cybersecurity posture
T1365: Document cybersecurity design and development activities
T1368: Support cybersecurity compliance activities
T1369: Determine if acquisitions, procurement, and outsourcing efforts address cybersecurity requirements
T1437: Determine effectiveness of configuration management processes
T1489: Correlate incident data
T1829: Evaluate locally developed tools

Knowledge statements

K0018: Knowledge of encryption algorithms
K0476: Knowledge of language processing tools and techniques
K0653: Knowledge of cybersecurity practices in the acquisition process
K0655: Knowledge of intelligence fusion
K0658: Knowledge of cognitive biases
K0659: Knowledge of information privacy technologies
K0674: Knowledge of computer networking protocols
K0675: Knowledge of risk management processes
K0676: Knowledge of cybersecurity laws and regulations
K0677: Knowledge of cybersecurity policies and procedures
K0678: Knowledge of privacy laws and regulations
K0679: Knowledge of privacy policies and procedures
K0680: Knowledge of cybersecurity principles and practices
K0681: Knowledge of privacy principles and practices
K0682: Knowledge of cybersecurity threats
K0683: Knowledge of cybersecurity vulnerabilities
K0684: Knowledge of cybersecurity threat characteristics
K0685: Knowledge of access control principles and practices
K0686: Knowledge of authentication and authorization tools and techniques
K0687: Knowledge of business operations standards and best practices
K0688: Knowledge of common application vulnerabilities
K0689: Knowledge of network infrastructure principles and practices
K0691: Knowledge of cyber defense tools and techniques
K0692: Knowledge of vulnerability assessment tools and techniques
K0698: Knowledge of cryptographic key management principles and practices
K0701: Knowledge of data backup and recovery policies and procedures
K0702: Knowledge of data warehousing principles and practices
K0703: Knowledge of data mining principles and practices
K0707: Knowledge of database systems and software
K0709: Knowledge of business continuity and disaster recovery (BCDR) policies and procedures
K0710: Knowledge of enterprise cybersecurity architecture principles and practices
K0711: Knowledge of evaluation and validation principles and practices
K0712: Knowledge of Local Area Networks (LAN)
K0713: Knowledge of Wide Area Networks (WAN)
K0718: Knowledge of network communications principles and practices
K0720: Knowledge of Security Assessment and Authorization (SA&A) processes
K0721: Knowledge of risk management principles and practices
K0723: Knowledge of vulnerability data sources
K0728: Knowledge of Confidentiality, Integrity and Availability (CIA) principles and practices
K0729: Knowledge of non-repudiation principles and practices
K0730: Knowledge of cyber safety principles and practices
K0731: Knowledge of systems security engineering (SSE) principles and practices
K0734: Knowledge of Risk Management Framework (RMF) requirements
K0735: Knowledge of risk management models and frameworks
K0736: Knowledge of information technology (IT) security principles and practices
K0742: Knowledge of identity and access management (IAM) principles and practices
K0743: Knowledge of new and emerging technologies
K0746: Knowledge of policy-based access controls
K0747: Knowledge of Risk Adaptive (Adaptable) Access Controls (RAdAC)
K0749: Knowledge of process engineering principles and practices
K0751: Knowledge of system threats
K0752: Knowledge of system vulnerabilities
K0758: Knowledge of server administration principles and practices
K0760: Knowledge of server diagnostic tools and techniques
K0761: Knowledge of Fault Detection and Diagnostics (FDD) tools and techniques
K0765: Knowledge of software engineering principles and practices
K0767: Knowledge of structured analysis principles and practices
K0776: Knowledge of collaboration tools and techniques
K0778: Knowledge of enterprise information technology (IT) architecture principles and practices
K0779: Knowledge of systems engineering processes
K0784: Knowledge of insider threat laws and regulations
K0785: Knowledge of insider threat tools and techniques
K0791: Knowledge of defense-in-depth principles and practices
K0800: Knowledge of evidence admissibility laws and regulations
K0803: Knowledge of supply chain risk management principles and practices
K0806: Knowledge of machine virtualization tools and techniques
K0814: Knowledge of secure coding tools and techniques
K0819: Knowledge of import and export control laws and regulations
K0820: Knowledge of supply chain risks
K0821: Knowledge of federal agency roles and responsibilities
K0828: Knowledge of supply chain risk management standards and best practices
K0834: Knowledge of technology procurement principles and practices
K0838: Knowledge of supply chain risk management policies and procedures
K0839: Knowledge of critical infrastructure systems and software
K0840: Knowledge of hardware reverse engineering tools and techniques
K0842: Knowledge of software reverse engineering tools and techniques
K0851: Knowledge of reverse engineering principles and practices
K0858: Knowledge of virtual machine detection tools and techniques
K0859: Knowledge of encryption tools and techniques
K0865: Knowledge of data classification standards and best practices
K0866: Knowledge of data classification tools and techniques
K0870: Knowledge of enterprise architecture (EA) reference models and frameworks
K0871: Knowledge of enterprise architecture (EA) principles and practices
K0877: Knowledge of application firewall principles and practices
K0878: Knowledge of network firewall principles and practices
K0879: Knowledge of industry cybersecurity models and frameworks
K0880: Knowledge of access control models and frameworks
K0881: Knowledge of learning assessment tools and techniques
K0885: Knowledge of instructional design principles and practices
K0886: Knowledge of instructional design models and frameworks
K0892: Knowledge of cyber defense laws and regulations
K0915: Knowledge of network architecture principles and practices
K0917: Knowledge of Personally Identifiable Information (PII) data security standards and best practices
K0918: Knowledge of Payment Card Industry (PCI) data security standards and best practices
K0919: Knowledge of Personal Health Information (PHI) data security standards and best practices
K0922: Knowledge of the acquisition life cycle models and frameworks
K0924: Knowledge of network analysis tools and techniques
K0928: Knowledge of systems engineering principles and practices
K0934: Knowledge of data classification policies and procedures
K0942: Knowledge of cryptology principles and practices
K0947: Knowledge of computer engineering principles and practices
K0948: Knowledge of embedded systems and software
K0953: Knowledge of data mining tools and techniques
K0955: Knowledge of penetration testing principles and practices
K0956: Knowledge of penetration testing tools and techniques
K0962: Knowledge of targeting laws and regulations
K0963: Knowledge of exploitation laws and regulations
K0965: Knowledge of language analysis tools and techniques
K0966: Knowledge of voice analysis tools and techniques
K0967: Knowledge of graphic materials analysis tools and techniques
K0983: Knowledge of computer networking principles and practices
K0986: Knowledge of target selection criticality factors
K0987: Knowledge of target selection vulnerability factors
K0990: Knowledge of cyber operations principles and practices
K1014: Knowledge of network security principles and practices
K1034: Knowledge of target language
K1050: Knowledge of critical information requirements
K1063: Knowledge of operation assessment processes
K1069: Knowledge of virtual machine tools and technologies
K1076: Knowledge of risk scoring principles and practices
K1077: Knowledge of data security controls
K1079: Knowledge of web application security risks
K1084: Knowledge of data privacy controls
K1088: Knowledge of knowledge management tools and techniques
K1096: Knowledge of data analysis tools and techniques
K1098: Knowledge of personnel systems and software
K1099: Knowledge of code analysis tools and techniques
K1100: Knowledge of analytical tools and techniques
K1101: Knowledge of analytics
K1108: Knowledge of traceroute tools and techniques
K1109: Knowledge of virtual collaborative workspace tools and techniques
K1180: Knowledge of organizational cybersecurity goals and objectives

Skill statements

S0015: Skill in conducting test events
S0097: Skill in applying security controls
S0111: Skill in interfacing with customers
S0136: Skill in network systems management principles, models, methods (e.g., end-to-end systems performance monitoring), and tools
S0141: Skill in assessing security systems designs
S0172: Skill in applying secure coding techniques
S0175: Skill in performing root cause analysis
S0177: Skill in performing network analysis on targets
S0248: Skill in performing target system analysis
S0252: Skill in processing collected data for follow-on analysis
S0385: Skill in communicating complex concepts
S0386: Skill in communicating verbally
S0387: Skill in communicating in writing
S0388: Skill in facilitating small group discussions
S0389: Skill in facilitating group discussions
S0391: Skill in creating technical documentation
S0393: Skill in developing assessments
S0394: Skill in developing security assessments
S0401: Skill in collecting data
S0402: Skill in verifying data
S0403: Skill in validating data
S0409: Skill in deriving evaluative conclusions from data
S0414: Skill in evaluating laws
S0415: Skill in evaluating regulations
S0416: Skill in evaluating policies
S0423: Skill in analyzing processes to ensure conformance with procedural requirements
S0430: Skill in collaborating with others
S0431: Skill in applying critical thinking
S0435: Skill in analyzing large data sets
S0436: Skill in creating target intelligence products
S0437: Skill in identifying targets of interest
S0438: Skill in functioning effectively in a dynamic, fast-paced environment
S0439: Skill in identifying external partners
S0440: Skill in identifying target vulnerabilities
S0441: Skill in describing target vulnerabilities
S0443: Skill in mitigating cognitive biases
S0447: Skill in aligning privacy and cybersecurity objectives
S0462: Skill in integrating information security requirements in the acquisitions process
S0463: Skill in implementing software quality control processes
S0465: Skill in identifying critical infrastructure systems
S0466: Skill in identifying systems designed without security considerations
S0472: Skill in developing virtual machines
S0473: Skill in maintaining virtual machines
S0483: Skill in identifying software communications vulnerabilities
S0503: Skill in selecting targets
S0504: Skill in identifying vulnerabilities
S0506: Skill in identifying customer information needs
S0511: Skill in establishing priorities
S0515: Skill in identifying partner capabilities
S0532: Skill in analyzing software configurations
S0543: Skill in scanning for vulnerabilities
S0544: Skill in recognizing vulnerabilities
S0558: Skill in developing algorithms
S0559: Skill in performing data structure analysis
S0574: Skill in developing security system controls
S0578: Skill in evaluating security designs
S0579: Skill in preparing reports
S0580: Skill in monitoring system performance
S0581: Skill in configuring systems for performance enhancement
S0601: Skill in developing curricula
S0602: Skill in teaching training programs
S0614: Skill in categorizing types of vulnerabilities
S0628: Skill in developing learning activities
S0632: Skill in designing Test and Evaluation Strategies (TES)
S0634: Skill in identifying Test and Evaluation Strategies (TES) infrastructure requirements
S0635: Skill in managing test assets
S0641: Skill in reviewing logs
S0642: Skill in identifying evidence of past intrusions
S0645: Skill in troubleshooting cyber defense infrastructure anomalies
S0647: Skill in managing a workforce
S0654: Skill in conducting system reviews
S0655: Skill in designing secure test plans
S0656: Skill in assessing application vulnerabilities
S0657: Skill in implementing Public Key Infrastructure (PKI) encryption
S0658: Skill in implementing digital signatures
S0664: Skill in applying policies that meet system security objectives
S0667: Skill in assessing security controls
S0673: Skill in translating operational requirements into security controls
S0675: Skill in optimizing system performance
S0686: Skill in performing risk assessments
S0687: Skill in performing administrative planning activities
S0688: Skill in performing network data analysis
S0700: Skill in mining data
S0701: Skill in performing data mining analysis
S0704: Skill in performing target analysis
S0709: Skill in developing analytics
S0710: Skill in evaluating metadata
S0711: Skill in interpreting metadata
S0712: Skill in evaluating data source quality
S0713: Skill in evaluating information quality
S0715: Skill in generating operation plans
S0719: Skill in identifying intelligence gaps
S0720: Skill in identifying regional languages and dialects
S0721: Skill in prioritizing information
S0722: Skill in interpreting traceroute results
S0723: Skill in interpreting vulnerability scanner results
S0724: Skill in managing client relationships
S0728: Skill in preparing briefings
S0729: Skill in preparing plans
S0731: Skill in producing after-action reports
S0739: Skill in analyzing intelligence products
S0743: Skill in identifying network anomalies
S0744: Skill in performing technical writing
S0755: Skill in reconstructing a network
S0756: Skill in incorporating feedback
S0758: Skill in performing wireless network analysis
S0760: Skill in navigating databases
S0761: Skill in performing strategic guidance analysis
S0775: Skill in developing intelligence collection plans
S0777: Skill in developing collection strategies
S0780: Skill in fulfilling information requests
S0788: Skill in orchestrating planning teams
S0789: Skill in coordinating collection support
S0790: Skill in monitoring status
S0791: Skill in presenting to an audience
S0800: Skill in analyzing organizational patterns and relationships
S0801: Skill in assessing partner operations capabilities
S0807: Skill in solving problems
S0809: Skill in utilizing cyber defense service provider information
S0813: Skill in identifying cybersecurity issues in external connections
S0814: Skill in identifying privacy issues in partner interconnections
S0874: Skill in performing network traffic analysis
S0878: Skill in performing risk analysis

Source: Workforce Framework for Cybersecurity (NICE Framework) (NIST SP 800-181 Rev 1) (Version: 1.0.0)