Attention: CISA Learning is now available! If you are an EXTERNAL (non-CISA) user access the new system using this url: CISA Learning. The Federal Virtual Training Environment (FedVTE) has been permanently decommissioned and replaced by CISA Learning. Please reference the CISA Learning page for the latest information. Please note: CISA Users (staff and contractors) should access CISA Learning through the internal site. You should have received an email on December 4, 2024, titled “CISA Learning is LIVE!” with more information.

DD-WRL-006

Systems Requirements Planning

Responsible for consulting with internal and external customers to evaluate and translate functional requirements and integrating security policies into technical solutions.

Task statements

T0235: Translate functional requirements into technical solutions
T1019: Determine special needs of cyber-physical systems
T1020: Determine the operational and safety impacts of cybersecurity lapses
T1022: Review enterprise information technology (IT) goals and objectives
T1023: Identify critical technology procurement requirements
T1026: Determine procurement requirements
T1031: Implement intelligence collection requirements
T1097: Determine functional requirements and specifications
T1107: Evaluate functional requirements
T1115: Oversee the development of design solutions
T1127: Define project scope and objectives
T1139: Develop systems design procedures and processes
T1217: Determine if system analysis meets cybersecurity requirements
T1243: Oversee configuration management
T1244: Develop configuration management recommendations
T1259: Identify opportunities for new and improved business process solutions
T1283: Develop cybersecurity use cases
T1366: Identify supply chain risks for critical system elements
T1367: Document supply chain risks for critical system elements
T1392: Develop user experience requirements
T1393: Document user experience requirements
T1408: Develop quality standards
T1409: Document quality standards
T1423: Create system security concept of operations (ConOps) documents
T1430: Determine if system components can be aligned
T1431: Integrate system components
T1527: Define baseline system security requirements
T1534: Develop cost estimates for new or modified systems
T1573: Determine if developed solutions meet customer requirements

Knowledge statements

K0018: Knowledge of encryption algorithms
K0055: Knowledge of microprocessors
K0674: Knowledge of computer networking protocols
K0675: Knowledge of risk management processes
K0676: Knowledge of cybersecurity laws and regulations
K0677: Knowledge of cybersecurity policies and procedures
K0678: Knowledge of privacy laws and regulations
K0679: Knowledge of privacy policies and procedures
K0680: Knowledge of cybersecurity principles and practices
K0681: Knowledge of privacy principles and practices
K0682: Knowledge of cybersecurity threats
K0683: Knowledge of cybersecurity vulnerabilities
K0684: Knowledge of cybersecurity threat characteristics
K0685: Knowledge of access control principles and practices
K0686: Knowledge of authentication and authorization tools and techniques
K0687: Knowledge of business operations standards and best practices
K0690: Knowledge of requirements analysis principles and practices
K0698: Knowledge of cryptographic key management principles and practices
K0715: Knowledge of resiliency and redundancy principles and practices
K0721: Knowledge of risk management principles and practices
K0727: Knowledge of analysis standards and best practices
K0728: Knowledge of Confidentiality, Integrity and Availability (CIA) principles and practices
K0729: Knowledge of non-repudiation principles and practices
K0730: Knowledge of cyber safety principles and practices
K0731: Knowledge of systems security engineering (SSE) principles and practices
K0733: Knowledge of information technology (IT) architecture models and frameworks
K0736: Knowledge of information technology (IT) security principles and practices
K0742: Knowledge of identity and access management (IAM) principles and practices
K0743: Knowledge of new and emerging technologies
K0744: Knowledge of operating system (OS) systems and software
K0745: Knowledge of parallel and distributed computing principles and practices
K0746: Knowledge of policy-based access controls
K0747: Knowledge of Risk Adaptive (Adaptable) Access Controls (RAdAC)
K0748: Knowledge of Privacy Impact Assessment (PIA) principles and practices
K0749: Knowledge of process engineering principles and practices
K0751: Knowledge of system threats
K0752: Knowledge of system vulnerabilities
K0755: Knowledge of configuration management (CM) tools and techniques
K0756: Knowledge of security management principles and practices
K0757: Knowledge of system design tools and techniques
K0758: Knowledge of server administration principles and practices
K0759: Knowledge of client and server architecture
K0765: Knowledge of software engineering principles and practices
K0768: Knowledge of automated systems analysis tools and techniques
K0769: Knowledge of system design standards and best practices
K0771: Knowledge of system life cycle management principles and practices
K0772: Knowledge of systems testing and evaluation tools and techniques
K0773: Knowledge of telecommunications principles and practices
K0779: Knowledge of systems engineering processes
K0803: Knowledge of supply chain risk management principles and practices
K0820: Knowledge of supply chain risks
K0828: Knowledge of supply chain risk management standards and best practices
K0834: Knowledge of technology procurement principles and practices
K0838: Knowledge of supply chain risk management policies and procedures
K0839: Knowledge of critical infrastructure systems and software
K0840: Knowledge of hardware reverse engineering tools and techniques
K0842: Knowledge of software reverse engineering tools and techniques
K0848: Knowledge of network systems management principles and practices
K0849: Knowledge of network systems management tools and techniques
K0851: Knowledge of reverse engineering principles and practices
K0865: Knowledge of data classification standards and best practices
K0866: Knowledge of data classification tools and techniques
K0872: Knowledge of service management principles and practices
K0873: Knowledge of service management standards and best practices
K0891: Knowledge of the Open Systems Interconnect (OSI) reference model
K0892: Knowledge of cyber defense laws and regulations
K0920: Knowledge of risk management policies and procedures
K0928: Knowledge of systems engineering principles and practices
K0934: Knowledge of data classification policies and procedures
K0942: Knowledge of cryptology principles and practices
K0947: Knowledge of computer engineering principles and practices
K0952: Knowledge of information theory principles and practices
K0962: Knowledge of targeting laws and regulations
K0963: Knowledge of exploitation laws and regulations
K0983: Knowledge of computer networking principles and practices
K1014: Knowledge of network security principles and practices
K1050: Knowledge of critical information requirements
K1077: Knowledge of data security controls
K1084: Knowledge of data privacy controls
K1086: Knowledge of design modeling
K1122: Knowledge of configuration management principles and practices
K1128: Knowledge of customer requirements
K1213: Knowledge of security requirements
K1227: Knowledge of systems architecture
K1228: Knowledge of systems development

Skill statements

S0066: Skill in identifying gaps in technical capabilities
S0465: Skill in identifying critical infrastructure systems
S0466: Skill in identifying systems designed without security considerations
S0497: Skill in developing client organization profiles
S0515: Skill in identifying partner capabilities
S0551: Skill in applying information technologies into proposed solutions
S0554: Skill in performing systems analysis
S0555: Skill in performing capabilities analysis
S0556: Skill in performing requirements analysis
S0590: Skill in building use cases
S0654: Skill in conducting system reviews
S0673: Skill in translating operational requirements into security controls
S0674: Skill in installing system and component upgrades
S0675: Skill in optimizing system performance
S0724: Skill in managing client relationships
S0759: Skill in identifying requirements
S0801: Skill in assessing partner operations capabilities
S0822: Skill in collaborating with stakeholders
S0824: Skill in communicating with customers
S0830: Skill in conducting feasibility studies
S0870: Skill in performing needs analysis
S0878: Skill in performing risk analysis
S0886: Skill in performing system analysis
S0891: Skill in performing trade-off analysis

Source: Workforce Framework for Cybersecurity (NICE Framework) (NIST SP 800-181 Rev 1) (Version: 1.0.0)