PD-WRL-007

Vulnerability Analysis

Responsible for assessing systems and networks to identify deviations from acceptable configurations, enclave policy, or local policy. Measure effectiveness of defense-in-depth architecture against known vulnerabilities.

Task statements

T1020: Determine the operational and safety impacts of cybersecurity lapses
T1041: Determine impact of software configurations
T1069: Evaluate organizational cybersecurity policy regulatory compliance
T1070: Evaluate organizational cybersecurity policy alignment with organizational directives
T1079: Develop cybersecurity risk profiles
T1084: Identify anomalous network activity
T1091: Perform authorized penetration testing on enterprise network assets
T1118: Identify vulnerabilities
T1119: Recommend vulnerability remediation strategies
T1229: Maintain deployable cyber defense audit toolkits
T1279: Prepare audit reports
T1341: Perform required reviews
T1489: Correlate incident data
T1619: Perform risk and vulnerability assessments
T1620: Recommend cost-effective security controls

Knowledge statements

K0068: Knowledge of programming language structures and logic
K0674: Knowledge of computer networking protocols
K0675: Knowledge of risk management processes
K0676: Knowledge of cybersecurity laws and regulations
K0677: Knowledge of cybersecurity policies and procedures
K0678: Knowledge of privacy laws and regulations
K0679: Knowledge of privacy policies and procedures
K0680: Knowledge of cybersecurity principles and practices
K0681: Knowledge of privacy principles and practices
K0682: Knowledge of cybersecurity threats
K0683: Knowledge of cybersecurity vulnerabilities
K0684: Knowledge of cybersecurity threat characteristics
K0685: Knowledge of access control principles and practices
K0686: Knowledge of authentication and authorization tools and techniques
K0688: Knowledge of common application vulnerabilities
K0698: Knowledge of cryptographic key management principles and practices
K0701: Knowledge of data backup and recovery policies and procedures
K0710: Knowledge of enterprise cybersecurity architecture principles and practices
K0716: Knowledge of host access control (HAC) systems and software
K0717: Knowledge of network access control (NAC) systems and software
K0728: Knowledge of Confidentiality, Integrity and Availability (CIA) principles and practices
K0729: Knowledge of non-repudiation principles and practices
K0730: Knowledge of cyber safety principles and practices
K0742: Knowledge of identity and access management (IAM) principles and practices
K0751: Knowledge of system threats
K0752: Knowledge of system vulnerabilities
K0760: Knowledge of server diagnostic tools and techniques
K0761: Knowledge of Fault Detection and Diagnostics (FDD) tools and techniques
K0770: Knowledge of system administration principles and practices
K0778: Knowledge of enterprise information technology (IT) architecture principles and practices
K0779: Knowledge of systems engineering processes
K0783: Knowledge of network attack characteristics
K0791: Knowledge of defense-in-depth principles and practices
K0797: Knowledge of ethical hacking tools and techniques
K0813: Knowledge of interpreted and compiled programming language characteristics
K0832: Knowledge of cyberattack characteristics
K0833: Knowledge of cyberattack actor characteristics
K0837: Knowledge of hardening tools and techniques
K0844: Knowledge of cyber attack stages
K0845: Knowledge of cyber intrusion activity phases
K0865: Knowledge of data classification standards and best practices
K0866: Knowledge of data classification tools and techniques
K0870: Knowledge of enterprise architecture (EA) reference models and frameworks
K0871: Knowledge of enterprise architecture (EA) principles and practices
K0879: Knowledge of industry cybersecurity models and frameworks
K0880: Knowledge of access control models and frameworks
K0882: Knowledge of ethical hacking principles and practices
K0891: Knowledge of the Open Systems Interconnect (OSI) reference model
K0915: Knowledge of network architecture principles and practices
K0924: Knowledge of network analysis tools and techniques
K0934: Knowledge of data classification policies and procedures
K0939: Knowledge of packet-level analysis tools and techniques
K0942: Knowledge of cryptology principles and practices
K0955: Knowledge of penetration testing principles and practices
K0956: Knowledge of penetration testing tools and techniques
K0969: Knowledge of cyber-attack tools and techniques
K0983: Knowledge of computer networking principles and practices
K1014: Knowledge of network security principles and practices
K1076: Knowledge of risk scoring principles and practices
K1079: Knowledge of web application security risks
K1087: Knowledge of social engineering tools and techniques
K1129: Knowledge of cyber defense auditing laws and regulations
K1130: Knowledge of cyber defense auditing policies and practices
K1182: Knowledge of organizational cybersecurity policies and configurations

Skill statements

S0483: Skill in identifying software communications vulnerabilities
S0492: Skill in performing threat environment analysis
S0532: Skill in analyzing software configurations
S0543: Skill in scanning for vulnerabilities
S0544: Skill in recognizing vulnerabilities
S0572: Skill in detecting host- and network-based intrusions
S0574: Skill in developing security system controls
S0578: Skill in evaluating security designs
S0588: Skill in performing threat modeling
S0591: Skill in performing social engineering
S0597: Skill in writing code in a currently supported programming language
S0641: Skill in reviewing logs
S0642: Skill in identifying evidence of past intrusions
S0656: Skill in assessing application vulnerabilities
S0675: Skill in optimizing system performance
S0686: Skill in performing risk assessments
S0688: Skill in performing network data analysis
S0804: Skill in assessing an organization's threat environment

Source: Workforce Framework for Cybersecurity (NICE Framework) (NIST SP 800-181 Rev 1) (Version: 1.0.0)