Attention: CISA Learning is now available for External Users! The Federal Virtual Training Environment (FedVTE) has been permanently decommissioned and replaced by CISA Learning. Please reference the CISA Learning page for the latest information. Please note: CISA Users should wait to access CISA Learning until the system is ready for internal use in the coming days.

PD-WRL-007

Vulnerability Analysis

Responsible for assessing systems and networks to identify deviations from acceptable configurations, enclave policy, or local policy. Measure effectiveness of defense-in-depth architecture against known vulnerabilities.

Task statements

T1020: Determine the operational and safety impacts of cybersecurity lapses
T1041: Determine impact of software configurations
T1069: Evaluate organizational cybersecurity policy regulatory compliance
T1070: Evaluate organizational cybersecurity policy alignment with organizational directives
T1079: Develop cybersecurity risk profiles
T1084: Identify anomalous network activity
T1091: Perform authorized penetration testing on enterprise network assets
T1118: Identify vulnerabilities
T1119: Recommend vulnerability remediation strategies
T1229: Maintain deployable cyber defense audit toolkits
T1279: Prepare audit reports
T1341: Perform required reviews
T1489: Correlate incident data
T1619: Perform risk and vulnerability assessments
T1620: Recommend cost-effective security controls

Knowledge statements

K0068: Knowledge of programming language structures and logic
K0674: Knowledge of computer networking protocols
K0675: Knowledge of risk management processes
K0676: Knowledge of cybersecurity laws and regulations
K0677: Knowledge of cybersecurity policies and procedures
K0678: Knowledge of privacy laws and regulations
K0679: Knowledge of privacy policies and procedures
K0680: Knowledge of cybersecurity principles and practices
K0681: Knowledge of privacy principles and practices
K0682: Knowledge of cybersecurity threats
K0683: Knowledge of cybersecurity vulnerabilities
K0684: Knowledge of cybersecurity threat characteristics
K0685: Knowledge of access control principles and practices
K0686: Knowledge of authentication and authorization tools and techniques
K0688: Knowledge of common application vulnerabilities
K0698: Knowledge of cryptographic key management principles and practices
K0701: Knowledge of data backup and recovery policies and procedures
K0710: Knowledge of enterprise cybersecurity architecture principles and practices
K0716: Knowledge of host access control (HAC) systems and software
K0717: Knowledge of network access control (NAC) systems and software
K0728: Knowledge of Confidentiality, Integrity and Availability (CIA) principles and practices
K0729: Knowledge of non-repudiation principles and practices
K0730: Knowledge of cyber safety principles and practices
K0742: Knowledge of identity and access management (IAM) principles and practices
K0751: Knowledge of system threats
K0752: Knowledge of system vulnerabilities
K0760: Knowledge of server diagnostic tools and techniques
K0761: Knowledge of Fault Detection and Diagnostics (FDD) tools and techniques
K0770: Knowledge of system administration principles and practices
K0778: Knowledge of enterprise information technology (IT) architecture principles and practices
K0779: Knowledge of systems engineering processes
K0783: Knowledge of network attack characteristics
K0791: Knowledge of defense-in-depth principles and practices
K0797: Knowledge of ethical hacking tools and techniques
K0813: Knowledge of interpreted and compiled programming language characteristics
K0832: Knowledge of cyberattack characteristics
K0833: Knowledge of cyberattack actor characteristics
K0837: Knowledge of hardening tools and techniques
K0844: Knowledge of cyber attack stages
K0845: Knowledge of cyber intrusion activity phases
K0865: Knowledge of data classification standards and best practices
K0866: Knowledge of data classification tools and techniques
K0870: Knowledge of enterprise architecture (EA) reference models and frameworks
K0871: Knowledge of enterprise architecture (EA) principles and practices
K0879: Knowledge of industry cybersecurity models and frameworks
K0880: Knowledge of access control models and frameworks
K0882: Knowledge of ethical hacking principles and practices
K0891: Knowledge of the Open Systems Interconnect (OSI) reference model
K0915: Knowledge of network architecture principles and practices
K0924: Knowledge of network analysis tools and techniques
K0934: Knowledge of data classification policies and procedures
K0939: Knowledge of packet-level analysis tools and techniques
K0942: Knowledge of cryptology principles and practices
K0955: Knowledge of penetration testing principles and practices
K0956: Knowledge of penetration testing tools and techniques
K0969: Knowledge of cyber-attack tools and techniques
K0983: Knowledge of computer networking principles and practices
K1014: Knowledge of network security principles and practices
K1076: Knowledge of risk scoring principles and practices
K1079: Knowledge of web application security risks
K1087: Knowledge of social engineering tools and techniques
K1129: Knowledge of cyber defense auditing laws and regulations
K1130: Knowledge of cyber defense auditing policies and practices
K1182: Knowledge of organizational cybersecurity policies and configurations

Skill statements

S0483: Skill in identifying software communications vulnerabilities
S0492: Skill in performing threat environment analysis
S0532: Skill in analyzing software configurations
S0543: Skill in scanning for vulnerabilities
S0544: Skill in recognizing vulnerabilities
S0572: Skill in detecting host- and network-based intrusions
S0574: Skill in developing security system controls
S0578: Skill in evaluating security designs
S0588: Skill in performing threat modeling
S0591: Skill in performing social engineering
S0597: Skill in writing code in a currently supported programming language
S0641: Skill in reviewing logs
S0642: Skill in identifying evidence of past intrusions
S0656: Skill in assessing application vulnerabilities
S0675: Skill in optimizing system performance
S0686: Skill in performing risk assessments
S0688: Skill in performing network data analysis
S0804: Skill in assessing an organization's threat environment

Source: Workforce Framework for Cybersecurity (NICE Framework) (NIST SP 800-181 Rev 1) (Version: 1.0.0)