Oversight and Governance
OG-WRL-014

Systems Security Management

Responsible for managing the cybersecurity of a program, organization, system, or enclave.

  • T1019: Determine special needs of cyber-physical systems
  • T1020: Determine the operational and safety impacts of cybersecurity lapses
  • T1022: Review enterprise information technology (IT) goals and objectives
  • T1023: Identify critical technology procurement requirements
  • T1026: Determine procurement requirements
  • T1052: Integrate black-box security testing tools into quality assurance processes
  • T1056: Acquire resources to support cybersecurity program goals and objectives
  • T1057: Conduct an effective enterprise continuity of operations program
  • T1058: Advise senior management on risk levels and security posture
  • T1059: Perform cost/benefit analyses of cybersecurity programs, policies, processes, systems, and elements
  • T1060: Advise senior management on organizational cybersecurity efforts
  • T1061: Advise senior leadership and authorizing official of changes affecting the organization's cybersecurity posture
  • T1086: Collect and maintain system cybersecurity report data
  • T1087: Create system cybersecurity reports
  • T1088: Communicate the value of cybersecurity to organizational stakeholders
  • T1113: Develop the enterprise continuity of operations strategy
  • T1114: Establish the enterprise continuity of operations program
  • T1178: Determine if security improvement actions are evaluated, validated, and implemented as required
  • T1180: Determine if cybersecurity inspections, tests, and reviews are coordinated for the network environment
  • T1181: Determine if cybersecurity requirements are integrated into continuity planning
  • T1182: Determine if security engineering is used when acquiring or developing protection and detection capabilities
  • T1183: Determine if protection and detection capabilities are consistent with organization-level cybersecurity architecture
  • T1186: Establish enterprise information security architecture
  • T1188: Determine if baseline security safeguards are appropriately installed
  • T1201: Determine implications of new and upgraded technologies to the cybersecurity program
  • T1221: Disseminate incident and other Computer Network Defense (CND) information
  • T1222: Determine security requirements for new information technologies
  • T1223: Determine security requirements for new operational technologies
  • T1224: Determine impact of noncompliance on organizational risk levels
  • T1225: Determine impact of noncompliance on effectiveness of the enterprise's cybersecurity program
  • T1226: Align cybersecurity priorities with organizational security strategy
  • T1227: Manage cybersecurity budget, staffing, and contracting
  • T1233: Monitor cybersecurity data sources
  • T1234: Develop Computer Network Defense (CND) guidance for organizational stakeholders
  • T1235: Manage threat and target analysis
  • T1236: Manage the production of threat information
  • T1238: Determine the effectiveness of enterprise cybersecurity safeguards
  • T1245: Oversee the cybersecurity training and awareness program
  • T1246: Establish Security Assessment and Authorization processes
  • T1247: Develop computer environment cybersecurity plans and requirements
  • T1284: Develop standard operating procedures for secure network system operations
  • T1285: Distribute standard operating procedures
  • T1286: Maintain standard operating procedures
  • T1291: Advise stakeholders on the development of continuity of operations plans
  • T1293: Advise on security requirements to be included in statements of work
  • T1295: Provide cybersecurity awareness and training
  • T1298: Communicate situational awareness information to leadership
  • T1300: Report cybersecurity incidents
  • T1304: Recommend organizational cybersecurity resource allocations
  • T1307: Develop cybersecurity policy recommendations
  • T1308: Coordinate cybersecurity policy review and approval processes
  • T1310: Implement protective or corrective measures when a cybersecurity incident or vulnerability is discovered
  • T1317: Determine if appropriate threat mitigation actions have been taken
  • T1321: Manage computing environment system operations
  • T1335: Promote cybersecurity awareness to management
  • T1336: Verify the inclusion of sound cybersecurity principles in the organization's vision and goals
  • T1342: Oversee policy standards and implementation strategy development
  • T1343: Provide cybersecurity guidance to organizational risk governance processes
  • T1344: Determine if procurement activities sufficiently address supply chain risks
  • T1345: Recommend improvements to procurement activities to address cybersecurity requirements
  • T1354: Identify system cybersecurity requirements
  • T1355: Determine if vulnerability remediation plans are in place
  • T1356: Develop vulnerability remediation plans
  • T1357: Determine if cybersecurity requirements have been successfully implemented
  • T1358: Determine the effectiveness of organizational cybersecurity policies and procedures
  • T1368: Support cybersecurity compliance activities
  • T1369: Determine if acquisitions, procurement, and outsourcing efforts address cybersecurity requirements
  • T1373: Determine organizational compliance
  • T1374: Forecast ongoing service demands
  • T1375: Conduct periodic reviews of security assumptions
  • T1376: Develop critical infrastructure protection policies and procedures
  • T1377: Implement critical infrastructure protection policies and procedures
  • T1476: Promote awareness of cybersecurity policy and strategy among management
  • T1586: Conduct cybersecurity risk assessments
  • T1601: Advise stakeholders on enterprise cybersecurity risk management
  • T1602: Advise stakeholders on supply chain risk management
  • K0018: Knowledge of encryption algorithms
  • K0092: Knowledge of technology integration processes
  • K0674: Knowledge of computer networking protocols
  • K0675: Knowledge of risk management processes
  • K0676: Knowledge of cybersecurity laws and regulations
  • K0677: Knowledge of cybersecurity policies and procedures
  • K0678: Knowledge of privacy laws and regulations
  • K0679: Knowledge of privacy policies and procedures
  • K0680: Knowledge of cybersecurity principles and practices
  • K0681: Knowledge of privacy principles and practices
  • K0682: Knowledge of cybersecurity threats
  • K0683: Knowledge of cybersecurity vulnerabilities
  • K0684: Knowledge of cybersecurity threat characteristics
  • K0685: Knowledge of access control principles and practices
  • K0686: Knowledge of authentication and authorization tools and techniques
  • K0687: Knowledge of business operations standards and best practices
  • K0701: Knowledge of data backup and recovery policies and procedures
  • K0709: Knowledge of business continuity and disaster recovery (BCDR) policies and procedures
  • K0710: Knowledge of enterprise cybersecurity architecture principles and practices
  • K0716: Knowledge of host access control (HAC) systems and software
  • K0717: Knowledge of network access control (NAC) systems and software
  • K0721: Knowledge of risk management principles and practices
  • K0723: Knowledge of vulnerability data sources
  • K0724: Knowledge of incident response principles and practices
  • K0725: Knowledge of incident response tools and techniques
  • K0726: Knowledge of incident handling tools and techniques
  • K0727: Knowledge of analysis standards and best practices
  • K0731: Knowledge of systems security engineering (SSE) principles and practices
  • K0732: Knowledge of intrusion detection tools and techniques
  • K0734: Knowledge of Risk Management Framework (RMF) requirements
  • K0735: Knowledge of risk management models and frameworks
  • K0736: Knowledge of information technology (IT) security principles and practices
  • K0740: Knowledge of system performance indicators
  • K0741: Knowledge of system availability measures
  • K0743: Knowledge of new and emerging technologies
  • K0744: Knowledge of operating system (OS) systems and software
  • K0746: Knowledge of policy-based access controls
  • K0747: Knowledge of Risk Adaptive (Adaptable) Access Controls (RAdAC)
  • K0749: Knowledge of process engineering principles and practices
  • K0751: Knowledge of system threats
  • K0752: Knowledge of system vulnerabilities
  • K0754: Knowledge of resource management principles and practices
  • K0758: Knowledge of server administration principles and practices
  • K0759: Knowledge of client and server architecture
  • K0765: Knowledge of software engineering principles and practices
  • K0769: Knowledge of system design standards and best practices
  • K0770: Knowledge of system administration principles and practices
  • K0771: Knowledge of system life cycle management principles and practices
  • K0778: Knowledge of enterprise information technology (IT) architecture principles and practices
  • K0779: Knowledge of systems engineering processes
  • K0783: Knowledge of network attack characteristics
  • K0791: Knowledge of defense-in-depth principles and practices
  • K0798: Knowledge of program management principles and practices
  • K0799: Knowledge of project management principles and practices
  • K0803: Knowledge of supply chain risk management principles and practices
  • K0818: Knowledge of new and emerging cybersecurity risks
  • K0820: Knowledge of supply chain risks
  • K0822: Knowledge of risk tolerance principles and practices
  • K0823: Knowledge of incident response policies and procedures
  • K0824: Knowledge of incident response roles and responsibilities
  • K0825: Knowledge of threat vector characteristics
  • K0827: Knowledge of software quality assurance (SQA) principles and practices
  • K0828: Knowledge of supply chain risk management standards and best practices
  • K0831: Knowledge of network attack vectors
  • K0834: Knowledge of technology procurement principles and practices
  • K0837: Knowledge of hardening tools and techniques
  • K0838: Knowledge of supply chain risk management policies and procedures
  • K0839: Knowledge of critical infrastructure systems and software
  • K0840: Knowledge of hardware reverse engineering tools and techniques
  • K0842: Knowledge of software reverse engineering tools and techniques
  • K0848: Knowledge of network systems management principles and practices
  • K0849: Knowledge of network systems management tools and techniques
  • K0851: Knowledge of reverse engineering principles and practices
  • K0859: Knowledge of encryption tools and techniques
  • K0865: Knowledge of data classification standards and best practices
  • K0866: Knowledge of data classification tools and techniques
  • K0870: Knowledge of enterprise architecture (EA) reference models and frameworks
  • K0871: Knowledge of enterprise architecture (EA) principles and practices
  • K0877: Knowledge of application firewall principles and practices
  • K0878: Knowledge of network firewall principles and practices
  • K0891: Knowledge of the Open Systems Interconnect (OSI) reference model
  • K0892: Knowledge of cyber defense laws and regulations
  • K0915: Knowledge of network architecture principles and practices
  • K0917: Knowledge of Personally Identifiable Information (PII) data security standards and best practices
  • K0918: Knowledge of Payment Card Industry (PCI) data security standards and best practices
  • K0919: Knowledge of Personal Health Information (PHI) data security standards and best practices
  • K0928: Knowledge of systems engineering principles and practices
  • K0934: Knowledge of data classification policies and procedures
  • K0947: Knowledge of computer engineering principles and practices
  • K0955: Knowledge of penetration testing principles and practices
  • K0956: Knowledge of penetration testing tools and techniques
  • K0962: Knowledge of targeting laws and regulations
  • K0963: Knowledge of exploitation laws and regulations
  • K0983: Knowledge of computer networking principles and practices
  • K1014: Knowledge of network security principles and practices
  • K1050: Knowledge of critical information requirements
  • K1077: Knowledge of data security controls
  • K1079: Knowledge of web application security risks
  • K1084: Knowledge of data privacy controls
  • K1093: Knowledge of black-box software testing
  • K1133: Knowledge of cybersecurity engineering
  • K1137: Knowledge of cybersecurity requirements
  • K1171: Knowledge of mission assurance practices and principles
  • K1179: Knowledge of organization's security strategy
  • K1180: Knowledge of organizational cybersecurity goals and objectives
  • K1183: Knowledge of organizational cybersecurity policies and procedures
  • K1188: Knowledge of organizational policies and procedures
  • K1189: Knowledge of organizational policy and procedures
  • K1209: Knowledge of risk mitigation principles and practices
  • K1221: Knowledge of supply chain risk management practices
  • K1225: Knowledge of system life cycles
  • S0462: Skill in integrating information security requirements in the acquisitions process
  • S0463: Skill in implementing software quality control processes
  • S0465: Skill in identifying critical infrastructure systems
  • S0466: Skill in identifying systems designed without security considerations
  • S0509: Skill in evaluating security products
  • S0564: Skill in creating system security policies
  • S0572: Skill in detecting host- and network-based intrusions
  • S0574: Skill in developing security system controls
  • S0578: Skill in evaluating security designs
  • S0616: Skill in applying black-box software testing
  • S0617: Skill in interpreting signatures
  • S0620: Skill in evaluating the trustworthiness of a supply chain
  • S0826: Skill in communicating with external organizations
  • S0841: Skill in identifying possible security violations
  • S0850: Skill in performing cost/benefit analysis
  • S0858: Skill in performing economic analysis
  • S0878: Skill in performing risk analysis