Oversight and Governance
OG-WRL-013
Systems Authorization
Responsible for operating an information system at an acceptable level of risk to organizational operations, organizational assets, individuals, other organizations, and the nation.
- T0495: Manage Accreditation Packages (e.g., ISO/IEC 15026-2)
- T1019: Determine special needs of cyber-physical systems
- T1020: Determine the operational and safety impacts of cybersecurity lapses
- T1022: Review enterprise information technology (IT) goals and objectives
- T1023: Identify critical technology procurement requirements
- T1036: Integrate leadership priorities
- T1038: Integrate organization objectives in intelligence collection
- T1107: Evaluate functional requirements
- T1232: Approve accreditation packages
- T1305: Determine if authorization and assurance documents identify an acceptable level of risk for software applications, systems, and networks
- K0640: Knowledge of the organizational cybersecurity workforce
- K0644: Knowledge of cybersecurity operation policies and procedures
- K0674: Knowledge of computer networking protocols
- K0675: Knowledge of risk management processes
- K0676: Knowledge of cybersecurity laws and regulations
- K0677: Knowledge of cybersecurity policies and procedures
- K0678: Knowledge of privacy laws and regulations
- K0679: Knowledge of privacy policies and procedures
- K0680: Knowledge of cybersecurity principles and practices
- K0681: Knowledge of privacy principles and practices
- K0682: Knowledge of cybersecurity threats
- K0683: Knowledge of cybersecurity vulnerabilities
- K0684: Knowledge of cybersecurity threat characteristics
- K0685: Knowledge of access control principles and practices
- K0686: Knowledge of authentication and authorization tools and techniques
- K0691: Knowledge of cyber defense tools and techniques
- K0692: Knowledge of vulnerability assessment tools and techniques
- K0698: Knowledge of cryptographic key management principles and practices
- K0710: Knowledge of enterprise cybersecurity architecture principles and practices
- K0711: Knowledge of evaluation and validation principles and practices
- K0720: Knowledge of Security Assessment and Authorization (SA&A) processes
- K0721: Knowledge of risk management principles and practices
- K0723: Knowledge of vulnerability data sources
- K0728: Knowledge of Confidentiality, Integrity and Availability (CIA) principles and practices
- K0729: Knowledge of non-repudiation principles and practices
- K0730: Knowledge of cyber safety principles and practices
- K0734: Knowledge of Risk Management Framework (RMF) requirements
- K0735: Knowledge of risk management models and frameworks
- K0736: Knowledge of information technology (IT) security principles and practices
- K0743: Knowledge of new and emerging technologies
- K0746: Knowledge of policy-based access controls
- K0747: Knowledge of Risk Adaptive (Adaptable) Access Controls (RAdAC)
- K0751: Knowledge of system threats
- K0752: Knowledge of system vulnerabilities
- K0760: Knowledge of server diagnostic tools and techniques
- K0761: Knowledge of Fault Detection and Diagnostics (FDD) tools and techniques
- K0767: Knowledge of structured analysis principles and practices
- K0778: Knowledge of enterprise information technology (IT) architecture principles and practices
- K0784: Knowledge of insider threat laws and regulations
- K0785: Knowledge of insider threat tools and techniques
- K0791: Knowledge of defense-in-depth principles and practices
- K0800: Knowledge of evidence admissibility laws and regulations
- K0803: Knowledge of supply chain risk management principles and practices
- K0819: Knowledge of import and export control laws and regulations
- K0820: Knowledge of supply chain risks
- K0821: Knowledge of federal agency roles and responsibilities
- K0828: Knowledge of supply chain risk management standards and best practices
- K0834: Knowledge of technology procurement principles and practices
- K0838: Knowledge of supply chain risk management policies and procedures
- K0839: Knowledge of critical infrastructure systems and software
- K0859: Knowledge of encryption tools and techniques
- K0870: Knowledge of enterprise architecture (EA) reference models and frameworks
- K0871: Knowledge of enterprise architecture (EA) principles and practices
- K0877: Knowledge of application firewall principles and practices
- K0878: Knowledge of network firewall principles and practices
- K0879: Knowledge of industry cybersecurity models and frameworks
- K0880: Knowledge of access control models and frameworks
- K0892: Knowledge of cyber defense laws and regulations
- K0915: Knowledge of network architecture principles and practices
- K0917: Knowledge of Personally Identifiable Information (PII) data security standards and best practices
- K0918: Knowledge of Payment Card Industry (PCI) data security standards and best practices
- K0919: Knowledge of Personal Health Information (PHI) data security standards and best practices
- K0942: Knowledge of cryptology principles and practices
- K0948: Knowledge of embedded systems and software
- K0955: Knowledge of penetration testing principles and practices
- K0956: Knowledge of penetration testing tools and techniques
- K0962: Knowledge of targeting laws and regulations
- K0963: Knowledge of exploitation laws and regulations
- K0983: Knowledge of computer networking principles and practices
- K0990: Knowledge of cyber operations principles and practices
- K1014: Knowledge of network security principles and practices
- K1050: Knowledge of critical information requirements
- K1077: Knowledge of data security controls
- K1079: Knowledge of web application security risks
- K1084: Knowledge of data privacy controls
- S0396: Skill in forecasting requirements
- S0397: Skill in assessing requirements
- S0398: Skill in analyzing organizational objectives
- S0406: Skill in developing policy plans
- S0414: Skill in evaluating laws
- S0415: Skill in evaluating regulations
- S0416: Skill in evaluating policies
- S0430: Skill in collaborating with others
- S0432: Skill in coordinating cybersecurity operations across an organization
- S0439: Skill in identifying external partners
- S0447: Skill in aligning privacy and cybersecurity objectives
- S0465: Skill in identifying critical infrastructure systems
- S0466: Skill in identifying systems designed without security considerations
- S0497: Skill in developing client organization profiles
- S0515: Skill in identifying partner capabilities
- S0686: Skill in performing risk assessments
- S0801: Skill in assessing partner operations capabilities
- S0807: Skill in solving problems
Source: Workforce Framework for Cybersecurity (NICE Framework) (NIST SP 800-181 Rev 1) (Version: 1.0.0)