Oversight and Governance
OG-WRL-014
Systems Security Management
Responsible for managing the cybersecurity of a program, organization, system, or enclave.
- T1019: Determine special needs of cyber-physical systems
- T1020: Determine the operational and safety impacts of cybersecurity lapses
- T1022: Review enterprise information technology (IT) goals and objectives
- T1023: Identify critical technology procurement requirements
- T1026: Determine procurement requirements
- T1052: Integrate black-box security testing tools into quality assurance processes
- T1056: Acquire resources to support cybersecurity program goals and objectives
- T1057: Conduct an effective enterprise continuity of operations program
- T1058: Advise senior management on risk levels and security posture
- T1059: Perform cost/benefit analyses of cybersecurity programs, policies, processes, systems, and elements
- T1060: Advise senior management on organizational cybersecurity efforts
- T1061: Advise senior leadership and authorizing official of changes affecting the organization's cybersecurity posture
- T1086: Collect and maintain system cybersecurity report data
- T1087: Create system cybersecurity reports
- T1088: Communicate the value of cybersecurity to organizational stakeholders
- T1113: Develop the enterprise continuity of operations strategy
- T1114: Establish the enterprise continuity of operations program
- T1178: Determine if security improvement actions are evaluated, validated, and implemented as required
- T1180: Determine if cybersecurity inspections, tests, and reviews are coordinated for the network environment
- T1181: Determine if cybersecurity requirements are integrated into continuity planning
- T1182: Determine if security engineering is used when acquiring or developing protection and detection capabilities
- T1183: Determine if protection and detection capabilities are consistent with organization-level cybersecurity architecture
- T1186: Establish enterprise information security architecture
- T1188: Determine if baseline security safeguards are appropriately installed
- T1201: Determine implications of new and upgraded technologies to the cybersecurity program
- T1221: Disseminate incident and other Computer Network Defense (CND) information
- T1222: Determine security requirements for new information technologies
- T1223: Determine security requirements for new operational technologies
- T1224: Determine impact of noncompliance on organizational risk levels
- T1225: Determine impact of noncompliance on effectiveness of the enterprise's cybersecurity program
- T1226: Align cybersecurity priorities with organizational security strategy
- T1227: Manage cybersecurity budget, staffing, and contracting
- T1233: Monitor cybersecurity data sources
- T1234: Develop Computer Network Defense (CND) guidance for organizational stakeholders
- T1235: Manage threat and target analysis
- T1236: Manage the production of threat information
- T1238: Determine the effectiveness of enterprise cybersecurity safeguards
- T1245: Oversee the cybersecurity training and awareness program
- T1246: Establish Security Assessment and Authorization processes
- T1247: Develop computer environment cybersecurity plans and requirements
- T1284: Develop standard operating procedures for secure network system operations
- T1285: Distribute standard operating procedures
- T1286: Maintain standard operating procedures
- T1291: Advise stakeholders on the development of continuity of operations plans
- T1293: Advise on security requirements to be included in statements of work
- T1295: Provide cybersecurity awareness and training
- T1298: Communicate situational awareness information to leadership
- T1300: Report cybersecurity incidents
- T1304: Recommend organizational cybersecurity resource allocations
- T1307: Develop cybersecurity policy recommendations
- T1308: Coordinate cybersecurity policy review and approval processes
- T1310: Implement protective or corrective measures when a cybersecurity incident or vulnerability is discovered
- T1317: Determine if appropriate threat mitigation actions have been taken
- T1321: Manage computing environment system operations
- T1335: Promote cybersecurity awareness to management
- T1336: Verify the inclusion of sound cybersecurity principles in the organization's vision and goals
- T1342: Oversee policy standards and implementation strategy development
- T1343: Provide cybersecurity guidance to organizational risk governance processes
- T1344: Determine if procurement activities sufficiently address supply chain risks
- T1345: Recommend improvements to procurement activities to address cybersecurity requirements
- T1354: Identify system cybersecurity requirements
- T1355: Determine if vulnerability remediation plans are in place
- T1356: Develop vulnerability remediation plans
- T1357: Determine if cybersecurity requirements have been successfully implemented
- T1358: Determine the effectiveness of organizational cybersecurity policies and procedures
- T1368: Support cybersecurity compliance activities
- T1369: Determine if acquisitions, procurement, and outsourcing efforts address cybersecurity requirements
- T1373: Determine organizational compliance
- T1374: Forecast ongoing service demands
- T1375: Conduct periodic reviews of security assumptions
- T1376: Develop critical infrastructure protection policies and procedures
- T1377: Implement critical infrastructure protection policies and procedures
- T1476: Promote awareness of cybersecurity policy and strategy among management
- T1586: Conduct cybersecurity risk assessments
- T1601: Advise stakeholders on enterprise cybersecurity risk management
- T1602: Advise stakeholders on supply chain risk management
- K0018: Knowledge of encryption algorithms
- K0092: Knowledge of technology integration processes
- K0674: Knowledge of computer networking protocols
- K0675: Knowledge of risk management processes
- K0676: Knowledge of cybersecurity laws and regulations
- K0677: Knowledge of cybersecurity policies and procedures
- K0678: Knowledge of privacy laws and regulations
- K0679: Knowledge of privacy policies and procedures
- K0680: Knowledge of cybersecurity principles and practices
- K0681: Knowledge of privacy principles and practices
- K0682: Knowledge of cybersecurity threats
- K0683: Knowledge of cybersecurity vulnerabilities
- K0684: Knowledge of cybersecurity threat characteristics
- K0685: Knowledge of access control principles and practices
- K0686: Knowledge of authentication and authorization tools and techniques
- K0687: Knowledge of business operations standards and best practices
- K0701: Knowledge of data backup and recovery policies and procedures
- K0709: Knowledge of business continuity and disaster recovery (BCDR) policies and procedures
- K0710: Knowledge of enterprise cybersecurity architecture principles and practices
- K0716: Knowledge of host access control (HAC) systems and software
- K0717: Knowledge of network access control (NAC) systems and software
- K0721: Knowledge of risk management principles and practices
- K0723: Knowledge of vulnerability data sources
- K0724: Knowledge of incident response principles and practices
- K0725: Knowledge of incident response tools and techniques
- K0726: Knowledge of incident handling tools and techniques
- K0727: Knowledge of analysis standards and best practices
- K0731: Knowledge of systems security engineering (SSE) principles and practices
- K0732: Knowledge of intrusion detection tools and techniques
- K0734: Knowledge of Risk Management Framework (RMF) requirements
- K0735: Knowledge of risk management models and frameworks
- K0736: Knowledge of information technology (IT) security principles and practices
- K0740: Knowledge of system performance indicators
- K0741: Knowledge of system availability measures
- K0743: Knowledge of new and emerging technologies
- K0744: Knowledge of operating system (OS) systems and software
- K0746: Knowledge of policy-based access controls
- K0747: Knowledge of Risk Adaptive (Adaptable) Access Controls (RAdAC)
- K0749: Knowledge of process engineering principles and practices
- K0751: Knowledge of system threats
- K0752: Knowledge of system vulnerabilities
- K0754: Knowledge of resource management principles and practices
- K0758: Knowledge of server administration principles and practices
- K0759: Knowledge of client and server architecture
- K0765: Knowledge of software engineering principles and practices
- K0769: Knowledge of system design standards and best practices
- K0770: Knowledge of system administration principles and practices
- K0771: Knowledge of system life cycle management principles and practices
- K0778: Knowledge of enterprise information technology (IT) architecture principles and practices
- K0779: Knowledge of systems engineering processes
- K0783: Knowledge of network attack characteristics
- K0791: Knowledge of defense-in-depth principles and practices
- K0798: Knowledge of program management principles and practices
- K0799: Knowledge of project management principles and practices
- K0803: Knowledge of supply chain risk management principles and practices
- K0818: Knowledge of new and emerging cybersecurity risks
- K0820: Knowledge of supply chain risks
- K0822: Knowledge of risk tolerance principles and practices
- K0823: Knowledge of incident response policies and procedures
- K0824: Knowledge of incident response roles and responsibilities
- K0825: Knowledge of threat vector characteristics
- K0827: Knowledge of software quality assurance (SQA) principles and practices
- K0828: Knowledge of supply chain risk management standards and best practices
- K0831: Knowledge of network attack vectors
- K0834: Knowledge of technology procurement principles and practices
- K0837: Knowledge of hardening tools and techniques
- K0838: Knowledge of supply chain risk management policies and procedures
- K0839: Knowledge of critical infrastructure systems and software
- K0840: Knowledge of hardware reverse engineering tools and techniques
- K0842: Knowledge of software reverse engineering tools and techniques
- K0848: Knowledge of network systems management principles and practices
- K0849: Knowledge of network systems management tools and techniques
- K0851: Knowledge of reverse engineering principles and practices
- K0859: Knowledge of encryption tools and techniques
- K0865: Knowledge of data classification standards and best practices
- K0866: Knowledge of data classification tools and techniques
- K0870: Knowledge of enterprise architecture (EA) reference models and frameworks
- K0871: Knowledge of enterprise architecture (EA) principles and practices
- K0877: Knowledge of application firewall principles and practices
- K0878: Knowledge of network firewall principles and practices
- K0891: Knowledge of the Open Systems Interconnect (OSI) reference model
- K0892: Knowledge of cyber defense laws and regulations
- K0915: Knowledge of network architecture principles and practices
- K0917: Knowledge of Personally Identifiable Information (PII) data security standards and best practices
- K0918: Knowledge of Payment Card Industry (PCI) data security standards and best practices
- K0919: Knowledge of Personal Health Information (PHI) data security standards and best practices
- K0928: Knowledge of systems engineering principles and practices
- K0934: Knowledge of data classification policies and procedures
- K0947: Knowledge of computer engineering principles and practices
- K0955: Knowledge of penetration testing principles and practices
- K0956: Knowledge of penetration testing tools and techniques
- K0962: Knowledge of targeting laws and regulations
- K0963: Knowledge of exploitation laws and regulations
- K0983: Knowledge of computer networking principles and practices
- K1014: Knowledge of network security principles and practices
- K1050: Knowledge of critical information requirements
- K1077: Knowledge of data security controls
- K1079: Knowledge of web application security risks
- K1084: Knowledge of data privacy controls
- K1093: Knowledge of black-box software testing
- K1133: Knowledge of cybersecurity engineering
- K1137: Knowledge of cybersecurity requirements
- K1171: Knowledge of mission assurance practices and principles
- K1179: Knowledge of organization's security strategy
- K1180: Knowledge of organizational cybersecurity goals and objectives
- K1183: Knowledge of organizational cybersecurity policies and procedures
- K1188: Knowledge of organizational policies and procedures
- K1189: Knowledge of organizational policy and procedures
- K1209: Knowledge of risk mitigation principles and practices
- K1221: Knowledge of supply chain risk management practices
- K1225: Knowledge of system life cycles
- S0462: Skill in integrating information security requirements in the acquisitions process
- S0463: Skill in implementing software quality control processes
- S0465: Skill in identifying critical infrastructure systems
- S0466: Skill in identifying systems designed without security considerations
- S0509: Skill in evaluating security products
- S0564: Skill in creating system security policies
- S0572: Skill in detecting host- and network-based intrusions
- S0574: Skill in developing security system controls
- S0578: Skill in evaluating security designs
- S0616: Skill in applying black-box software testing
- S0617: Skill in interpreting signatures
- S0620: Skill in evaluating the trustworthiness of a supply chain
- S0826: Skill in communicating with external organizations
- S0841: Skill in identifying possible security violations
- S0850: Skill in performing cost/benefit analysis
- S0858: Skill in performing economic analysis
- S0878: Skill in performing risk analysis
Source: Workforce Framework for Cybersecurity (NICE Framework) (NIST SP 800-181 Rev 1) (Version: 1.0.0)