The Workforce Framework for Cybersecurity, commonly referred to as the NICE Framework, is a nationally focused resource to help employers develop their cybersecurity workforce. It establishes a common lexicon that describes cybersecurity work and workers regardless of where or for whom the work is performed. The NICE Framework applies across public, private, and academic sectors.

The NICE program of the National Institute for Standards and Technology (NIST) released NICE Framework Components v1.0.0(link is external) in March 2024. This data includes changes to Work Role Categories and Work Role names and descriptions; 11 Competency Areas; new Insider Threat Analysis Work Role; and updates to align Task, Knowledge, and Skill (TKS) statements with the TKS Authoring Guide principles(link is external).

The NICE Framework includes the following components: 

  • Work Role Categories (7): A high-level grouping of common cybersecurity functions
  • Work Roles (52): A grouping of work for which someone is responsible or accountable. Please note, Work Roles are not synonymous to job titles or occupations.
  • TKS Statements (2,200+): A set of discrete building blocks that describe the work to be done (in the form of Tasks) and what is required to perform that work (through Knowledge and Skills).
  • Competency Areas (11): Clusters of related Knowledge and Skill statements that correlate with one’s capability to perform Tasks in a particular domain.

To explore the updated version of the NICE Framework, click on the Work Role Categories below or use the links at the top of this page to search within the NICE Framework components. To learn more, visit the NICE Framework Resource Center(link is external) and review the NICE Framework Overview PDF(link is external).

Work Role Categories

Work Roles

Data Analysis

Responsible for analyzing data from multiple disparate sources to provide cybersecurity and privacy insight. Designs and implements custom algorithms, workflow processes, and layouts for complex, enterprise-scale data sets used for modeling, data mining, and research purposes.

Database Administration

Responsible for administering databases and data management systems that allow for the secure storage, query, protection, and utilization of data.

Knowledge Management

Responsible for managing and administering processes and tools to identify, document, and access an organization’s intellectual capital.

Network Operations

Responsible for planning, implementing, and operating network services and systems, including hardware and virtual environments.

Systems Administration

Responsible for setting up and maintaining a system or specific components of a system in adherence with organizational security policies and procedures. Includes hardware and software installation, configuration, and updates; user account management; backup and recovery management; and security control implementation.

Systems Security Analysis

Responsible for developing and analyzing the integration, testing, operations, and maintenance of systems security. Prepares, performs, and manages the security aspects of implementing and operating a system.

Technical Support

Responsible for providing technical support to customers who need assistance utilizing client-level hardware and software in accordance with established or approved organizational policies and processes.

The NICE Framework data used for this tool is from the NICE Framework Components v1.0.0.(link is external)