Attention: CISA Learning is now available for External Users! The Federal Virtual Training Environment (FedVTE) has been permanently decommissioned and replaced by CISA Learning. Please reference the CISA Learning page for the latest information. Please note: CISA Users should wait to access CISA Learning until the system is ready for internal use in the coming days.

DD-WRL-007

Systems Testing and Evaluation

Responsible for planning, preparing, and executing system tests; evaluating test results against specifications and requirements; and reporting test results and findings.

Task statements

T0080: Develop test plans to address specifications and requirements
T0274: Create auditable evidence of security measures
T0512: Perform interoperability testing on systems exchanging electronic information with other systems
T0513: Perform operational testing
T1020: Determine the operational and safety impacts of cybersecurity lapses
T1049: Determine appropriate level of test rigor for a given system
T1136: Determine level of assurance of developed capabilities
T1138: Create system testing and validation procedures and documentation
T1208: Implement new system design procedures
T1209: Implement new system test procedures
T1210: Implement new system quality standards
T1214: Install network infrastructure device operating system software
T1215: Maintain network infrastructure device operating system software
T1255: Perform cybersecurity testing of developed applications and systems
T1346: Determine if system requirements are adequately demonstrated in data samples
T1484: Establish testing specifications and requirements
T1506: Analyze software and hardware testing results
T1587: Perform cybersecurity testing on systems in development
T1610: Determine if hardware and software complies with defined specifications and requirements
T1611: Record test data
T1612: Manage test data
T1829: Evaluate locally developed tools

Knowledge statements

K0068: Knowledge of programming language structures and logic
K0674: Knowledge of computer networking protocols
K0675: Knowledge of risk management processes
K0676: Knowledge of cybersecurity laws and regulations
K0677: Knowledge of cybersecurity policies and procedures
K0678: Knowledge of privacy laws and regulations
K0679: Knowledge of privacy policies and procedures
K0680: Knowledge of cybersecurity principles and practices
K0681: Knowledge of privacy principles and practices
K0682: Knowledge of cybersecurity threats
K0683: Knowledge of cybersecurity vulnerabilities
K0684: Knowledge of cybersecurity threat characteristics
K0685: Knowledge of access control principles and practices
K0686: Knowledge of authentication and authorization tools and techniques
K0710: Knowledge of enterprise cybersecurity architecture principles and practices
K0711: Knowledge of evaluation and validation principles and practices
K0720: Knowledge of Security Assessment and Authorization (SA&A) processes
K0721: Knowledge of risk management principles and practices
K0728: Knowledge of Confidentiality, Integrity and Availability (CIA) principles and practices
K0729: Knowledge of non-repudiation principles and practices
K0730: Knowledge of cyber safety principles and practices
K0731: Knowledge of systems security engineering (SSE) principles and practices
K0749: Knowledge of process engineering principles and practices
K0751: Knowledge of system threats
K0752: Knowledge of system vulnerabilities
K0758: Knowledge of server administration principles and practices
K0765: Knowledge of software engineering principles and practices
K0770: Knowledge of system administration principles and practices
K0772: Knowledge of systems testing and evaluation tools and techniques
K0778: Knowledge of enterprise information technology (IT) architecture principles and practices
K0779: Knowledge of systems engineering processes
K0791: Knowledge of defense-in-depth principles and practices
K0803: Knowledge of supply chain risk management principles and practices
K0813: Knowledge of interpreted and compiled programming language characteristics
K0820: Knowledge of supply chain risks
K0828: Knowledge of supply chain risk management standards and best practices
K0837: Knowledge of hardening tools and techniques
K0838: Knowledge of supply chain risk management policies and procedures
K0839: Knowledge of critical infrastructure systems and software
K0840: Knowledge of hardware reverse engineering tools and techniques
K0842: Knowledge of software reverse engineering tools and techniques
K0851: Knowledge of reverse engineering principles and practices
K0865: Knowledge of data classification standards and best practices
K0866: Knowledge of data classification tools and techniques
K0870: Knowledge of enterprise architecture (EA) reference models and frameworks
K0871: Knowledge of enterprise architecture (EA) principles and practices
K0879: Knowledge of industry cybersecurity models and frameworks
K0880: Knowledge of access control models and frameworks
K0881: Knowledge of learning assessment tools and techniques
K0891: Knowledge of the Open Systems Interconnect (OSI) reference model
K0915: Knowledge of network architecture principles and practices
K0917: Knowledge of Personally Identifiable Information (PII) data security standards and best practices
K0918: Knowledge of Payment Card Industry (PCI) data security standards and best practices
K0919: Knowledge of Personal Health Information (PHI) data security standards and best practices
K0928: Knowledge of systems engineering principles and practices
K0934: Knowledge of data classification policies and procedures
K0947: Knowledge of computer engineering principles and practices
K0983: Knowledge of computer networking principles and practices
K1014: Knowledge of network security principles and practices
K1100: Knowledge of analytical tools and techniques

Skill statements

S0015: Skill in conducting test events
S0048: Skill in systems integration testing
S0401: Skill in collecting data
S0402: Skill in verifying data
S0403: Skill in validating data
S0409: Skill in deriving evaluative conclusions from data
S0558: Skill in developing algorithms
S0559: Skill in performing data structure analysis
S0568: Skill in designing data analysis structures
S0573: Skill in developing testing scenarios
S0579: Skill in preparing reports
S0597: Skill in writing code in a currently supported programming language
S0598: Skill in creating test plans
S0630: Skill in conducting Test Readiness Reviews (TRR)
S0632: Skill in designing Test and Evaluation Strategies (TES)
S0634: Skill in identifying Test and Evaluation Strategies (TES) infrastructure requirements
S0635: Skill in managing test assets
S0639: Skill in providing test and evaluation resource estimates
S0791: Skill in presenting to an audience
S0842: Skill in interpreting test results
S0889: Skill in performing test result analysis

Source: Workforce Framework for Cybersecurity (NICE Framework) (NIST SP 800-181 Rev 1) (Version: 1.0.0)