Oversight and Governance
OG-WRL-016

Technology Program Auditing

Responsible for conducting evaluations of technology programs or their individual components to determine compliance with published standards.

  • T0412: Conduct import/export reviews for acquiring systems and software
  • T1020: Determine the operational and safety impacts of cybersecurity lapses
  • T1026: Determine procurement requirements
  • T1067: Recommend development of new applications or modification of existing applications
  • T1068: Create development plans for new applications or modification of existing applications
  • T1154: Develop risk, compliance, and assurance monitoring strategies
  • T1155: Develop risk, compliance, and assurance measurement strategies
  • T1306: Conduct technology program and project audits
  • T1344: Determine if procurement activities sufficiently address supply chain risks
  • T1345: Recommend improvements to procurement activities to address cybersecurity requirements
  • T1394: Develop independent cybersecurity audit processes for application software, networks, and systems
  • T1395: Implement independent cybersecurity audit processes for application software, networks, and systems
  • T1396: Oversee independent cybersecurity audits
  • T1397: Determine if research and design processes and procedures are in compliance with cybersecurity requirements
  • T1398: Determine if research and design processes and procedures are accurately followed by cybersecurity staff when performing their day-to-day activities
  • T1399: Develop supply chain, system, network, and operational security contract language
  • T1480: Examine service performance reports for issues and variances
  • T1481: Initiate corrective actions to service performance issues and variances
  • T1498: Determine if cybersecurity requirements included in contracts are delivered
  • K0653: Knowledge of cybersecurity practices in the acquisition process
  • K0674: Knowledge of computer networking protocols
  • K0675: Knowledge of risk management processes
  • K0676: Knowledge of cybersecurity laws and regulations
  • K0677: Knowledge of cybersecurity policies and procedures
  • K0678: Knowledge of privacy laws and regulations
  • K0679: Knowledge of privacy policies and procedures
  • K0680: Knowledge of cybersecurity principles and practices
  • K0681: Knowledge of privacy principles and practices
  • K0682: Knowledge of cybersecurity threats
  • K0683: Knowledge of cybersecurity vulnerabilities
  • K0684: Knowledge of cybersecurity threat characteristics
  • K0721: Knowledge of risk management principles and practices
  • K0727: Knowledge of analysis standards and best practices
  • K0733: Knowledge of information technology (IT) architecture models and frameworks
  • K0734: Knowledge of Risk Management Framework (RMF) requirements
  • K0735: Knowledge of risk management models and frameworks
  • K0751: Knowledge of system threats
  • K0752: Knowledge of system vulnerabilities
  • K0754: Knowledge of resource management principles and practices
  • K0771: Knowledge of system life cycle management principles and practices
  • K0803: Knowledge of supply chain risk management principles and practices
  • K0819: Knowledge of import and export control laws and regulations
  • K0820: Knowledge of supply chain risks
  • K0821: Knowledge of federal agency roles and responsibilities
  • K0828: Knowledge of supply chain risk management standards and best practices
  • K0835: Knowledge of risk assessment principles and practices
  • K0836: Knowledge of threat assessment principles and practices
  • K0838: Knowledge of supply chain risk management policies and procedures
  • K0868: Knowledge of process improvement principles and practices
  • K0869: Knowledge of process maturity models and frameworks
  • K0872: Knowledge of service management principles and practices
  • K0873: Knowledge of service management standards and best practices
  • K0922: Knowledge of the acquisition life cycle models and frameworks
  • K0983: Knowledge of computer networking principles and practices
  • K1014: Knowledge of network security principles and practices
  • K1137: Knowledge of cybersecurity requirements
  • K1206: Knowledge of research and design processes and procedures
  • S0423: Skill in analyzing processes to ensure conformance with procedural requirements
  • S0462: Skill in integrating information security requirements in the acquisitions process
  • S0463: Skill in implementing software quality control processes
  • S0580: Skill in monitoring system performance
  • S0581: Skill in configuring systems for performance enhancement
  • S0619: Skill in auditing technical systems
  • S0811: Skill in managing intelligence collection requirements