The NICE Workforce Framework for Cybersecurity, commonly referred to as the NICE Framework, is a nationally focused resource to help employers develop their cybersecurity workforce. It establishes a common lexicon that describes cybersecurity work and workers regardless of where or for whom the work is performed. The NICE Framework applies across public, private, and academic sectors.

The NICE Framework includes the following components: 

  • Work Role Categories: A high-level grouping of common cybersecurity functions
  • Work Roles: A grouping of work for which someone is responsible or accountable. Please note, Work Roles are not synonymous to job titles or occupations.
  • TKS Statements: A set of discrete building blocks that describe the work to be done (in the form of Tasks) and what is required to perform that work (through Knowledge and Skills).
  • Competency Areas: Clusters of related Knowledge and Skill statements that correlate with one’s capability to perform Tasks in a particular domain.

The NICE program of the National Institute for Standards and Technology (NIST) released NICE Framework Components v2.0.0 in March 2025 with updates to Work Role Categories, Work Roles, and Competency Areas, and administrative updates to Task, Knowledge, and Skill (TKS) statements. The updated NICE Framework Components also include the removal of two Work Role Categories (Cyberspace Effects and Cyberspace Intelligence), and the Work Roles contained in them. Note that these can be now found within the DoD Cyber Workforce Framework (DCWF).

To explore the updated version of the NICE Framework, click on the Work Role Categories below or use the links at the top of this page to search within the NICE Framework components. To learn more, visit the NICE Framework Resource Center and review the NICE Framework Overview PDF.

Work Role Categories

Work Roles

Cybersecurity Architecture

Responsible for ensuring that security requirements are adequately addressed in all aspects of enterprise architecture, including reference models, segment and solution architectures, and the resulting systems that protect and support organizational mission and business processes.

Enterprise Architecture

Responsible for developing and maintaining business, systems, and information processes to support enterprise mission needs. Develops technology rules and requirements that describe baseline and target architectures.

Operational Technology (OT) Cybersecurity Engineering

Responsible for working within the engineering department to design and create systems, processes, and procedures that maintain the safety, reliability, controllability, and security of industrial systems in the face of intentional and incidental cyber events. Interfaces with Chief Information Security Officer, plant managers, and industrial cybersecurity technicians.

Secure Software Development

Responsible for developing, creating, modifying, and maintaining computer applications, software, or specialized utility programs.

Secure Systems Development

Responsible for the secure design, development, and testing of systems and the evaluation of system security throughout the systems development life cycle.

Software Security Assessment

Responsible for analyzing the security of new or existing computer applications, software, or specialized utility programs and delivering actionable results.

Systems Requirements Planning

Responsible for consulting with internal and external customers to evaluate and translate functional requirements and integrating security policies into technical solutions.

Systems Testing and Evaluation

Responsible for planning, preparing, and executing system tests; evaluating test results against specifications and requirements; and reporting test results and findings.

Technology Research and Development

Responsible for conducting software and systems engineering and software systems research to develop new capabilities with fully integrated cybersecurity. Conducts comprehensive technology research to evaluate potential vulnerabilities in cyberspace systems.

The NICE Framework data used for this tool is from the NICE Framework Components version 2.0.0.

Looking for Cyberspace Intelligence or Cyberspace Effects Work Role Categories and corresponding Work Roles? These can now be found within the DoD Cyber Workforce Framework (DCWF).