Attention: CISA Learning is now available for External Users! The Federal Virtual Training Environment (FedVTE) has been permanently decommissioned and replaced by CISA Learning. Please reference the CISA Learning page for the latest information. Please note: CISA Users should wait to access CISA Learning until the system is ready for internal use in the coming days.

OG-WRL-014

Systems Security Management

Responsible for managing the cybersecurity of a program, organization, system, or enclave.

Task statements

T1019: Determine special needs of cyber-physical systems
T1020: Determine the operational and safety impacts of cybersecurity lapses
T1022: Review enterprise information technology (IT) goals and objectives
T1023: Identify critical technology procurement requirements
T1026: Determine procurement requirements
T1052: Integrate black-box security testing tools into quality assurance processes
T1056: Acquire resources to support cybersecurity program goals and objectives
T1057: Conduct an effective enterprise continuity of operations program
T1058: Advise senior management on risk levels and security posture
T1059: Perform cost/benefit analyses of cybersecurity programs, policies, processes, systems, and elements
T1060: Advise senior management on organizational cybersecurity efforts
T1061: Advise senior leadership and authorizing official of changes affecting the organization's cybersecurity posture
T1086: Collect and maintain system cybersecurity report data
T1087: Create system cybersecurity reports
T1088: Communicate the value of cybersecurity to organizational stakeholders
T1113: Develop the enterprise continuity of operations strategy
T1114: Establish the enterprise continuity of operations program
T1178: Determine if security improvement actions are evaluated, validated, and implemented as required
T1180: Determine if cybersecurity inspections, tests, and reviews are coordinated for the network environment
T1181: Determine if cybersecurity requirements are integrated into continuity planning
T1182: Determine if security engineering is used when acquiring or developing protection and detection capabilities
T1183: Determine if protection and detection capabilities are consistent with organization-level cybersecurity architecture
T1186: Establish enterprise information security architecture
T1188: Determine if baseline security safeguards are appropriately installed
T1201: Determine implications of new and upgraded technologies to the cybersecurity program
T1221: Disseminate incident and other Computer Network Defense (CND) information
T1222: Determine security requirements for new information technologies
T1223: Determine security requirements for new operational technologies
T1224: Determine impact of noncompliance on organizational risk levels
T1225: Determine impact of noncompliance on effectiveness of the enterprise's cybersecurity program
T1226: Align cybersecurity priorities with organizational security strategy
T1227: Manage cybersecurity budget, staffing, and contracting
T1233: Monitor cybersecurity data sources
T1234: Develop Computer Network Defense (CND) guidance for organizational stakeholders
T1235: Manage threat and target analysis
T1236: Manage the production of threat information
T1238: Determine the effectiveness of enterprise cybersecurity safeguards
T1245: Oversee the cybersecurity training and awareness program
T1246: Establish Security Assessment and Authorization processes
T1247: Develop computer environment cybersecurity plans and requirements
T1284: Develop standard operating procedures for secure network system operations
T1285: Distribute standard operating procedures
T1286: Maintain standard operating procedures
T1291: Advise stakeholders on the development of continuity of operations plans
T1293: Advise on security requirements to be included in statements of work
T1295: Provide cybersecurity awareness and training
T1298: Communicate situational awareness information to leadership
T1300: Report cybersecurity incidents
T1304: Recommend organizational cybersecurity resource allocations
T1307: Develop cybersecurity policy recommendations
T1308: Coordinate cybersecurity policy review and approval processes
T1310: Implement protective or corrective measures when a cybersecurity incident or vulnerability is discovered
T1317: Determine if appropriate threat mitigation actions have been taken
T1321: Manage computing environment system operations
T1335: Promote cybersecurity awareness to management
T1336: Verify the inclusion of sound cybersecurity principles in the organization's vision and goals
T1342: Oversee policy standards and implementation strategy development
T1343: Provide cybersecurity guidance to organizational risk governance processes
T1344: Determine if procurement activities sufficiently address supply chain risks
T1345: Recommend improvements to procurement activities to address cybersecurity requirements
T1354: Identify system cybersecurity requirements
T1355: Determine if vulnerability remediation plans are in place
T1356: Develop vulnerability remediation plans
T1357: Determine if cybersecurity requirements have been successfully implemented
T1358: Determine the effectiveness of organizational cybersecurity policies and procedures
T1368: Support cybersecurity compliance activities
T1369: Determine if acquisitions, procurement, and outsourcing efforts address cybersecurity requirements
T1373: Determine organizational compliance
T1374: Forecast ongoing service demands
T1375: Conduct periodic reviews of security assumptions
T1376: Develop critical infrastructure protection policies and procedures
T1377: Implement critical infrastructure protection policies and procedures
T1476: Promote awareness of cybersecurity policy and strategy among management
T1586: Conduct cybersecurity risk assessments
T1601: Advise stakeholders on enterprise cybersecurity risk management
T1602: Advise stakeholders on supply chain risk management

Knowledge statements

K0018: Knowledge of encryption algorithms
K0092: Knowledge of technology integration processes
K0674: Knowledge of computer networking protocols
K0675: Knowledge of risk management processes
K0676: Knowledge of cybersecurity laws and regulations
K0677: Knowledge of cybersecurity policies and procedures
K0678: Knowledge of privacy laws and regulations
K0679: Knowledge of privacy policies and procedures
K0680: Knowledge of cybersecurity principles and practices
K0681: Knowledge of privacy principles and practices
K0682: Knowledge of cybersecurity threats
K0683: Knowledge of cybersecurity vulnerabilities
K0684: Knowledge of cybersecurity threat characteristics
K0685: Knowledge of access control principles and practices
K0686: Knowledge of authentication and authorization tools and techniques
K0687: Knowledge of business operations standards and best practices
K0701: Knowledge of data backup and recovery policies and procedures
K0709: Knowledge of business continuity and disaster recovery (BCDR) policies and procedures
K0710: Knowledge of enterprise cybersecurity architecture principles and practices
K0716: Knowledge of host access control (HAC) systems and software
K0717: Knowledge of network access control (NAC) systems and software
K0721: Knowledge of risk management principles and practices
K0723: Knowledge of vulnerability data sources
K0724: Knowledge of incident response principles and practices
K0725: Knowledge of incident response tools and techniques
K0726: Knowledge of incident handling tools and techniques
K0727: Knowledge of analysis standards and best practices
K0731: Knowledge of systems security engineering (SSE) principles and practices
K0732: Knowledge of intrusion detection tools and techniques
K0734: Knowledge of Risk Management Framework (RMF) requirements
K0735: Knowledge of risk management models and frameworks
K0736: Knowledge of information technology (IT) security principles and practices
K0740: Knowledge of system performance indicators
K0741: Knowledge of system availability measures
K0743: Knowledge of new and emerging technologies
K0744: Knowledge of operating system (OS) systems and software
K0746: Knowledge of policy-based access controls
K0747: Knowledge of Risk Adaptive (Adaptable) Access Controls (RAdAC)
K0749: Knowledge of process engineering principles and practices
K0751: Knowledge of system threats
K0752: Knowledge of system vulnerabilities
K0754: Knowledge of resource management principles and practices
K0758: Knowledge of server administration principles and practices
K0759: Knowledge of client and server architecture
K0765: Knowledge of software engineering principles and practices
K0769: Knowledge of system design standards and best practices
K0770: Knowledge of system administration principles and practices
K0771: Knowledge of system life cycle management principles and practices
K0778: Knowledge of enterprise information technology (IT) architecture principles and practices
K0779: Knowledge of systems engineering processes
K0783: Knowledge of network attack characteristics
K0791: Knowledge of defense-in-depth principles and practices
K0798: Knowledge of program management principles and practices
K0799: Knowledge of project management principles and practices
K0803: Knowledge of supply chain risk management principles and practices
K0818: Knowledge of new and emerging cybersecurity risks
K0820: Knowledge of supply chain risks
K0822: Knowledge of risk tolerance principles and practices
K0823: Knowledge of incident response policies and procedures
K0824: Knowledge of incident response roles and responsibilities
K0825: Knowledge of threat vector characteristics
K0827: Knowledge of software quality assurance (SQA) principles and practices
K0828: Knowledge of supply chain risk management standards and best practices
K0831: Knowledge of network attack vectors
K0834: Knowledge of technology procurement principles and practices
K0837: Knowledge of hardening tools and techniques
K0838: Knowledge of supply chain risk management policies and procedures
K0839: Knowledge of critical infrastructure systems and software
K0840: Knowledge of hardware reverse engineering tools and techniques
K0842: Knowledge of software reverse engineering tools and techniques
K0848: Knowledge of network systems management principles and practices
K0849: Knowledge of network systems management tools and techniques
K0851: Knowledge of reverse engineering principles and practices
K0859: Knowledge of encryption tools and techniques
K0865: Knowledge of data classification standards and best practices
K0866: Knowledge of data classification tools and techniques
K0870: Knowledge of enterprise architecture (EA) reference models and frameworks
K0871: Knowledge of enterprise architecture (EA) principles and practices
K0877: Knowledge of application firewall principles and practices
K0878: Knowledge of network firewall principles and practices
K0891: Knowledge of the Open Systems Interconnect (OSI) reference model
K0892: Knowledge of cyber defense laws and regulations
K0915: Knowledge of network architecture principles and practices
K0917: Knowledge of Personally Identifiable Information (PII) data security standards and best practices
K0918: Knowledge of Payment Card Industry (PCI) data security standards and best practices
K0919: Knowledge of Personal Health Information (PHI) data security standards and best practices
K0928: Knowledge of systems engineering principles and practices
K0934: Knowledge of data classification policies and procedures
K0947: Knowledge of computer engineering principles and practices
K0955: Knowledge of penetration testing principles and practices
K0956: Knowledge of penetration testing tools and techniques
K0962: Knowledge of targeting laws and regulations
K0963: Knowledge of exploitation laws and regulations
K0983: Knowledge of computer networking principles and practices
K1014: Knowledge of network security principles and practices
K1050: Knowledge of critical information requirements
K1077: Knowledge of data security controls
K1079: Knowledge of web application security risks
K1084: Knowledge of data privacy controls
K1093: Knowledge of black-box software testing
K1133: Knowledge of cybersecurity engineering
K1137: Knowledge of cybersecurity requirements
K1171: Knowledge of mission assurance practices and principles
K1179: Knowledge of organization's security strategy
K1180: Knowledge of organizational cybersecurity goals and objectives
K1183: Knowledge of organizational cybersecurity policies and procedures
K1188: Knowledge of organizational policies and procedures
K1189: Knowledge of organizational policy and procedures
K1209: Knowledge of risk mitigation principles and practices
K1221: Knowledge of supply chain risk management practices
K1225: Knowledge of system life cycles

Skill statements

S0462: Skill in integrating information security requirements in the acquisitions process
S0463: Skill in implementing software quality control processes
S0465: Skill in identifying critical infrastructure systems
S0466: Skill in identifying systems designed without security considerations
S0509: Skill in evaluating security products
S0564: Skill in creating system security policies
S0572: Skill in detecting host- and network-based intrusions
S0574: Skill in developing security system controls
S0578: Skill in evaluating security designs
S0616: Skill in applying black-box software testing
S0617: Skill in interpreting signatures
S0620: Skill in evaluating the trustworthiness of a supply chain
S0826: Skill in communicating with external organizations
S0841: Skill in identifying possible security violations
S0850: Skill in performing cost/benefit analysis
S0858: Skill in performing economic analysis
S0878: Skill in performing risk analysis

Source: Workforce Framework for Cybersecurity (NICE Framework) (NIST SP 800-181 Rev 1) (Version: 1.0.0)