Sunteți pe pagina 1din 123

DRAFT National Cybersecurity Workforce Framework

Category
Specialty Area Title and Definition
Sample Job Titles
Securely Provision Specialty Areas responsible Secure Acquisition Manages and supports the
acquisition life cycle, including planning, determining
Chief Information Security Officer (CISO)
for conceptualizing,
specifications, selecting, and procuring information and
Contracting Officer (CO)
designing, and building
communications technology (ICT) and
Contracting Officer Technical
secure information
cybersecurityproducts used in the organizations design, Representative (COTR)
technology (IT) systems, with development, and maintenance of its infrastructure to
Information Technology (IT) Director
minimize potential risks and vulnerabilities.
responsibility for some
aspect of the systems'
development.
Analyst Programmer

Securely Provision

Computer Programmer
Configuration Manager
Database Developer/Engineer/Architect
Information Assurance (IA) Engineer
Information Assurance (IA) Software
Secure Software Engineering Develops, modifies,
Developer
enhances, and sustains new or existing computer
Information Assurance (IA) Software
applications, software, or utility programs following
Engineer
software assurance best practices throughout the software
Research & Development Engineer
lifecycle.
Secure Software Engineer
Security Engineer
Software Developer
Software Engineer/Architect
Systems Analyst
Web Application Developer

Link to
Tasks

Link to
KSAs

Secure Acquisition (Task)


Secure Acquisition (KSA)

Secure Software Engineering


Secure Software
(Task) Enginee

Securely Provision

Systems Security Architecture - Designs and develops


system concepts and works on the capabilities phases of
the systems development lifecycle. Translates technology
and environmental conditions (e.g., laws, regulations, best
practices) into system and security designs and processes.

Information Assurance (IA) Architect


Information Security Architect
Information Systems Security Engineer
Network Security Analyst
Research & Development Engineer
Security Architect
Security Engineer
Security Solutions Architect
Systems Engineer
Systems Security Analyst

Systems Security Architecture


Systems Security
(Task) Architec

Securely Provision

Technology Research and Development - Conducts


technology and/or feasibility assessments. Provides,
builds, and supports a prototype capability and/or
evaluates its security and utility. Facilitates innovation.

Capabilities and Development Specialist


Chief Engineer
Research & Development Engineer

Technology Research
Technology
and Development
Research(Task
and

DRAFT National Cybersecurity Workforce Framework


Sample Job Titles

Link to
Tasks

Link to
KSAs

Category

Specialty Area Title and Definition

Securely Provision

Business Analyst
Business Process Analyst
Systems Requirements Planning - Consults with
Computer Systems Analyst
stakeholders to guide, gather, and evaluate functional and
Human Factors Engineer
security requirements. Translates these requirements into
Requirements Analyst
guidance to stakeholders about the applicability of
Solutions Architect
information systems to meet their needs.
Systems Consultant
Systems Engineer

Securely Provision

Application Security Tester


Information Systems Security Engineer
Quality Assurance (QA) Tester
Research & Development Engineer
Test and Evaluation - Develops and conducts processes Research & Development Research
and procedures (e.g., testing) to evaluate compliance with Engineer
Test and Evaluation
Test
(Task)
and Evaluation (KS
security requirements.
Security Systems Engineer
Software Quality Assurance (QA) Engineer
Software Quality Engineer
Systems Engineer
Testing and Evaluation Specialist
Firewall Engineer
Information Assurance (IA) Developer
Information Assurance (IA) Engineer
Information Assurance (IA) Software
Engineer
Information Systems Security Engineer
Program Developer
Security Engineer
Systems Engineer
Systems Security Engineer

Securely Provision

Systems Development - Develops technical security


solutions to meet the defined requirements.

Operate and Maintain Specialty Areas responsible


for providing the support,
administration, and
maintenance necessary to
ensure effective and efficient
information technology (IT)
system performance and
security.

Content Staging Specialist


Data Architect
Data Custodian
Data Administration - Develops, maintains, and
Data Manager
administers databases and/or data management systems
Data Warehouse Specialist
that allow for the secure storage, query, and utilization of
Database Administrator
data. Conducts data integration, data modeling, analytics
Database Developer
modeling, and data mining.
Database Engineer/Architect
Information Dissemination Manager
Systems Operations Personnel

Systems Requirements
Systems
Planning
Requirements
(Task)
Pl

Systems Development
Systems
(Task)
Development

Data Administration
Data
(Task)
Administration (KS

DRAFT National Cybersecurity Workforce Framework


Category

Specialty Area Title and Definition

Sample Job Titles

Operate and Maintain

Computer Support Specialist


Customer Service and Technical Support - Provides
Customer Support
end users tiered-level customer support by coordinating
Help Desk Representative
software, hardware, network, and security issue resolution. Service Desk Operator
May install, configure, troubleshoot, and provide
Systems Administrator
maintenance and training.
Technical Support Specialist
User Support Specialist

Link to
Tasks

Link to
KSAs

Customer Service Customer


and Technical
Service
Support
and T

Operate and Maintain

Network Services - Installs, configures, tests, operates,


maintains, and manages network devices including
hardware, software, and operating systems that permit
information sharing across the full spectrum of
transmission using all media. Supports the security of
information and information systems.

Cabling Technician
Converged Network Engineer
Network Administrator
Network Analyst
Network Designer
Network Engineer
Network Systems and Data
Communications Analyst
Network Systems Engineer
Systems Engineer
Telecommunications Engineer, Personnel,
or Specialist

Network Services Network


(Task) Services (KSA

Operate and Maintain

System Administration - Installs, configures,


troubleshoots, and maintains server and systems
configurations (hardware and software) to ensure their
confidentiality, integrity, and availability. Administers
server-based systems, security devices, distributed
applications, network storage, messaging, and performs
systems monitoring. Consults on network, application, and
customer service issues to support computer systems
security and sustainability.

Local Area Network (LAN) Administrator


Platform Specialist
Security Administrator
Server Administrator
System Operations Personnel
Systems Administrator
Website Administrator

System Administration
System
(Task)
Administration (

Operate and Maintain

Information Assurance (IA) Operational


Engineer
Information Assurance (IA) Security Officer
Information Security Analyst/Administrator
Information Security Manager
Systems Security Analysis - Conducts and documents
Information Security Specialist
the systems integration, testing, operations, maintenance,
Systems Security Analysis
Systems (Task)
Security Analy
Information Systems Security Engineer
and security of an information environment. Coordinates
Information Systems Security Manager
threat and mitigation strategies across the enterprise.
Platform Specialist
Security Administrator
Security Analyst
Security Control Assessor
Security Engineer

DRAFT National Cybersecurity Workforce Framework


Category
Protect and Defend Specialty Areas responsible
for identifying, analyzing,
and mitigating threats to
internal information
technology (IT) systems or
networks.

Specialty Area Title and Definition

Sample Job Titles

Link to
Tasks

Link to
KSAs

Computer Network Defense (CND) Analyst


(Cryptologic)
Cybersecurity Intelligence Analyst
Enterprise Network Defense (END) Analysis - Uses
Enterprise Network Defense (END) Analyst
defensive measures and information collected from a
Focused Operations Analyst
variety of sources to identify, analyze, and report events
Incident Analyst
Enterprise NetworkEnterprise
Defense (END)
Network
Analys
Def
that occur or might occur within the enterprise network in
Network Defense Technician
order to protect information, information systems, and
Network Security Engineer
networks from threats.
Security Analyst
Security Operator
Sensor Analyst

Protect & Defend

Incident Response - Responds to disruptions within the


pertinent domain to mitigate immediate and potential
threats. Uses mitigation, preparedness, and response and
recovery approaches to maximize survival of life,
preservation of property, and information security.
Investigates and analyzes relevant response activities and
evaluates the effectiveness of and improvements to
existing practices.

Protect & Defend

Information Systems Security Engineer


Intrusion Detection System (IDS)
Administrator
Intrusion Detection System (IDS) Engineer
Enterprise Network Defense (END) Infrastructure
Intrusion Detection System (IDS)
Support - Tests, implements, deploys, maintains, reviews, Technician
and administers the infrastructure hardware, software, and Network Administrator
Enterprise NetworkEnterprise
Defense (END)
Network
Infras
Def
documentation that are required to effectively manage
Network Analyst
network defense resources. Monitors the network to
Network Security Engineer
actively remediate unauthorized activities.
Network Security Specialist
Security Analyst
Security Engineer
Security Specialist
Systems Security Engineer

Computer Crime Investigator


Incident Handler
Incident Responder
Incident Response Analyst
Incident Response Coordinator
Intrusion Analyst

Incident ResponseIncident
(Task) Response (KSA

DRAFT National Cybersecurity Workforce Framework


Category

Protect & Defend

Investigate - Specialty
Areas responsible for
investigating cyber events or
crimes related to information
technology (IT) systems,
networks, and digital
evidence.

Link to
Tasks

Link to
KSAs

Specialty Area Title and Definition

Sample Job Titles

Vulnerability Assessment and Management Conducts threat and vulnerability assessments and
determines deviations from acceptable configurations or
policies. Assesses the level of risk and develops and/or
recommends appropriate mitigation countermeasures in
operational and non-operational situations.

Blue Team Technician


Certified TEMPEST Professional
Certified TEMPEST Technical Authority
Close Access Technician
Computer Network Defense (CND) Auditor
Compliance Manager
Ethical Hacker
Governance Manager
Information Security Engineer
Vulnerability Assessment
Vulnerability
and Managemen
Assessmen
Internal Enterprise Auditor
Network Security Engineer
Penetration Tester
Red Team Technician
Reverse Engineer
Risk/Vulnerability Analyst
Technical Surveillance Countermeasures
Technician
Vulnerability Manager

Computer Forensic Analyst


Computer Network Defense (CND) Forensic
Digital Forensics - Collects, processes, preserves,
Analyst
analyzes, and presents digital-related evidence to support Digital Forensic Examiner
network vulnerability mitigation and/or civil, workplace,
Digital Media Collector
Digital Forensics (Task)
Digital Forensics (KSA)
counterintelligence, or law enforcement (e.g., criminal,
Forensic Analyst
fraud) investigations.
Forensic Analyst (Cryptologic)
Forensic Technician
Network Forensic Examiner

Investigate

Cyber Investigation Applies tactics, techniques, and


procedures to a full range of tools and processes related to
Computer Crime Investigator
administrative, criminal, and counter intelligence
Special Agent
gathering (e.g., in-depth case analyses, continuous
monitoring, malware analysis, clear documentation).

Cyber InvestigationCyber
(Task)
Investigation (KS

Oversee and Govern Specialty Areas responsible


for providing leadership,
management, direction, or
development and advocacy
so the organization may
effectively conduct
cybersecurity work.

Legal Advice and Advocacy - Provides legal advice and


recommendations to leadership and staff on relevant
topics within the pertinent subject domain. Advocates
Legal Advisor/Staff Judge Advocate (SJA)
legal and policy changes, and makes a case on behalf of
Paralegal
the client via written and oral work products, including
legal briefs and proceedings.

Legal Advice and Advocacy


Legal Advice
(Task)
and Advoc

DRAFT National Cybersecurity Workforce Framework


Category

Specialty Area Title and Definition

Sample Job Titles

Oversee and Govern

Strategic Planning and Policy Development - Applies


Chief Information Officer (CIO)
technical and organizational knowledge to define an
Chief Information Security Officer (CISO)
entitys strategic direction, determine resource allocations,
Command Information Officer
establish priorities, and identify programs or infrastructure
Information Security Policy Analyst
required to achieve desired goals. Develops policy or
Information Security Policy Manager
advocates for policy change that will support new
Policy Writer and Strategist
initiatives or required changes and enhancements.

Oversee and Govern

Training, Education, and Awareness (TEA) - Develops,


Cyber Trainer
plans, coordinates, delivers, and/or evaluates instructional
Information Security Trainer
cybersecurity content using various formats, techniques,
Security Training Coordinator
and venues.

Oversee and Govern

Information Systems Security Operations - Oversees


and ensures that the appropriate operational security
posture (e.g., network and system security, physical and
environmental protection, personnel security, incident
handling, security training and awareness) is implemented
and maintained for an information system or program.
Advises the Authorizing Official (AO), an information
system owner, or the Chief Information Security Officer
(CISO) on the security of an information system or
program.

Oversee and Govern

Security Program Management - Oversees and


manages information security program implementation
within the organization or other area of responsibility.
Manages strategy, personnel, infrastructure, policy
enforcement, emergency planning, security awareness,
and/or other resources.

Link to
Tasks

Link to
KSAs

Strategic PlanningStrategic
and Policy
Planning
Developmen
and

Training, Education,
Training,
and Awareness
Education,
(Task
and

Contracting Officer (CO)


Contracting Officer Technical
Representative (COTR)
Information Assurance (IA) Manager
Information Assurance (IA) Program
Manager
Information Systems
Information
Security Operations
Systems Se
Information Assurance (IA) Security Officer
Information Security Program Manager
Information Systems Security Manager
(ISSM)
Information Systems Security Officer (ISSO)
Information Systems Security Operator
Chief Information Security Officer (CISO)
Common Control Provider
Cybersecurity Officer
Enterprise Security Officer
Facility Security Officer
Information Systems Security Manager
(ISSM)
Security Program Management
Security Program
(Task)
Mana
Information Technology (IT) Director
Principal Security Architect
Risk Executive
Security Domain Specialist
Senior Agency Information Security (SAIS)
Officer

DRAFT National Cybersecurity Workforce Framework


Specialty Area Title and Definition

Sample Job Titles

Link to
Tasks

Oversee and Govern

Risk Management - Oversees, evaluates, and supports


the documentation, validation, and accreditation
processes necessary to ensure new and existing
information technology (IT) systems meet the
organizations information assurance (IA) and security
requirements. Ensures appropriate treatment of risk,
compliance, and monitoring assurance from internal and
external perspectives.

Accreditor
Analyst/Manager
Auditor
Authorizing Official Designated
Representative
Certification Agent
Certifying Official
Compliance Manager
Designated Accrediting Authority
Information Assurance (IA) Auditor
Information Assurance (IA) Compliance
Information Assurance (IA) Manager
Information Assurance (IA) Officer
Portfolio Manager
Quality Assurance (QA) Specialist
Risk/Vulnerability Analyst
Security Control Assessor
Systems Analyst
Validator

Risk ManagementRisk
(Task)
Management (KSA

Oversee and Govern

Knowledge Management - Manages and administers


integrated methods, enabling the organization to identify,
capture, catalog, classify, retrieve, and share intellectual
capital and information content. The methods may include
utilizing processes and tools (e.g., databases, documents,
policies, procedures) and expertise pertaining to the
organization.

Business Analyst
Business Intelligence Manager
Content Administrator
Document Steward
Freedom of Information Act Official
Information Manager
Information Owner
Information Resources Manager
Knowledge Manager

Knowledge Management
Knowledge
(Task)
Managemen

Category

Link to
KSAs

Due to the unique and highly specialized nature of this work, sample job titles, tasks, and knowledge, skills, and abilities (KSA)

Collect and Operate Specialty Areas responsible


for specialized denial and
deception operations and
collection of cybersecurity
information that may be
used to develop intelligence.
Collect and Operate

Collection Operations - Executes collection using


appropriate strategies within the priorities established
through the collection management process.

Cyber Operations - Performs activities to gather


evidence on criminal or foreign intelligence entities in
order to mitigate possible or real-time threats, protect
against espionage or insider threats, foreign sabotage,
international terrorist activities, or to support other
intelligence activities.

DRAFT National Cybersecurity Workforce Framework


Category

Specialty Area Title and Definition

Collect and Operate

Cyber Operations Planning - Performs in-depth joint


targeting and cyber planning process. Gathers information
and develops detailed operational plans and orders
supporting requirements. Conducts strategic and
operational-level planning across the full range of
operations for integrated information and cyberspace
operations.

Sample Job Titles

Link to
Tasks

Link to
KSAs

Due to the unique and highly specialized nature of this work, sample job titles, tasks, and knowledge, skills, and abilities (KSA)

Analyze - Specialty Areas


responsible for highly
specialized review and
evaluation of incoming
cybersecurity information to
determine its usefulness for
intelligence.

All Source Intelligence - Analyzes threat information


from multiple sources, disciplines, and agencies across the
Intelligence Community. Synthesizes and places
intelligence information in context draws insights about
the possible implications.

Analyze

Exploitation Analysis - Analyzes collected information to


identify vulnerabilities and potential for exploitation.

Analyze

Targets - Applies current knowledge of one or more


regions, countries, non-state entities, and/or technologies.

Analyze

Threat Analysis - Identifies and assesses the capabilities


and activities of cyber criminals or foreign intelligence
entities. Produces findings to help initialize or support law
enforcement and counterintelligence investigations or
activities.

Secure Acquisition Secure Acquisition Manages and supports the acquisition life
cycle, including planning, determining specifications, selecting, and procuring information
and communications technology (ICT) and cybersecurityproducts used in the
organizations design, development, and maintenance of its infrastructure to minimize
potential risks and vulnerabilities.

Item Tas
ID
k

Statement

680

Task Lead and oversee information security budget, staffing, and contracting.

801

Task

949

Provide enterprise information assurance (IA) and supply chain risk management
guidance for development of the Continuity of Operations Plans.
Evaluate the effectiveness of procurement function in addressing information security
Task requirements and supply chain risks through procurement activities and recommend
improvements.

955

Task Draft and publish a supply chain security and risk management policy.

970

Task

Apply defensive functions (e.g., encryption, access control, identity management) to


reduce exploitation opportunities of supply chain vulnerabilities.

1003 Task Develop and document supply chain risks for critical system elements, as appropriate.
1017 Task

Participate in the acquisition process as necessary, following appropriate supply chain


risk management practices.

1018 Task

Ensure all acquisitions, procurements, and outsourcing efforts address information


security requirements consistent with organization goals.

1143 Task Conduct import/export reviews for acquiring cryptographic systems.


1148 Task

Develop contract language to ensure supply chain, system, network, and operational
security are met.

Go Back to All Specialty Areas

Secure Acquisition Secure Acquisition Manages and supports the


acquisition life cycle, including planning, determining specifications,
selecting, and procuring information and communications technology (ICT)
and cybersecurityproducts used in the organizations design,
development, and maintenance of its infrastructure to minimize potential
risks and vulnerabilities.

Go Back to All Specialty Areas

General Knowledge Areas: Reflect basic types of knowledge for


cybersecurity professionals and reside within multiple Specialty Areas.
Designated with an asterisk (*).

Item
KSA
ID

Statement

Competency
Infrastructure Design

22

KSA

* Knowledge of computer networking concepts and protocols, and network


security methodologies.

108

KSA

* Knowledge of risk management processes (e.g., methods for assessing


and mitigating risk).

Risk Management

1157 KSA

* Knowledge of national and international laws, regulations, policies, and


ethics as they relate to cybersecurity.

Legal, Government, and


Jurisprudence

1158 KSA * Knowledge of cybersecurity principles.

Information
Systems/Network Security

1159 KSA * Knowledge of cyber threats and vulnerabilities.

Vulnerabilities Assessment

Specialty Area Knowledge, Skill, and Abilities (KSA).

Item
KSA
ID

Statement

107

KSA Knowledge of resource management principles and techniques.

296

KSA

325
954
979

Knowledge of how information needs and collection requirements are


translated, tracked, and prioritized across the extended enterprise.
Knowledge of secure acquisitions (e.g., relevant Contracting Officer's
KSA Technical Representative [COTR] duties, secure procurement, supply chain
risk management).
Knowledge of import/export control regulations and responsible agencies
KSA
for the purposes of reducing supply chain risk.
KSA

Knowledge of supply chain risk management standards, processes, and


practices.

Competency
Project Management
Telecommunications
Contracting/Procurement
Contracting/Procurement
Risk Management

1004 KSA

Knowledge of critical information technology (IT) procurement


requirements.

Contracting/Procurement

1005 KSA

Knowledge of functionality, quality, and security requirements and how


these will apply to specific items of supply (i.e., elements and processes).

Contracting/Procurement

1021 KSA Knowledge of risk threat assessment.


1037 KSA

Knowledge of information technology (IT) supply chain security and risk


management policies, requirements, and procedures.

1039 KSA Skill in evaluating the trustworthiness of the supplier and/or product.
1061 KSA Knowledge of the life cycle process.

Risk Management
Risk Management
Contracting/Procurement
Systems Life Cycle

Item
KSA
ID

Statement

1122 KSA Ability to apply supply chain risk management standards.


1127 KSA

Knowledge of Import/Export Regulations related to cryptography and other


security technologies.

Competency
Computer Network Defense
Legal, Government, and
Jurisprudence

Secure Software Engineering Develops, modifies, enhances, and sustains new or


existing computer applications, software, or utility programs following software assurance
best practices throughout the software lifecycle.

Item Tas
ID
k

Statement

408

Task

Analyze information to determine, recommend, and plan the development of a new


application or modification of an existing application.

414

Task

Analyze user needs and software requirements to determine feasibility of design within
time and cost constraints.

417

Task

Apply coding and testing standards, security testing tools (including fuzzing staticanalysis code scanning tools), and conduct code reviews.

418

Task Apply secure code documentation.

432

Capture security controls used during the requirements phase to integrate security within
Task the process, identify key security objectives, and maximize software security while
minimizing disruption to plans and schedules.

446

Task

459

Task

461

Compile and write documentation of program development and subsequent revisions,


inserting comments in the coded instructions so others can understand the program.

Conduct trial runs of programs and software applications to ensure the desired
information is produced and instructions are correct.
Confer with systems analysts, engineers, programmers, and others to design applications
Task and obtain information on project limitations and capabilities, performance requirements,
and interfaces.

465

Task Develop threat model based on customer interviews and requirements.

467

Task Consult with engineering staff to evaluate interface between hardware and software.

477

Task

Correct errors by making appropriate changes and rechecking the program to ensure
desired results are produced.

506

Task

Design, develop, and modify software systems using scientific analysis and mathematical
models to predict and measure outcome and consequences of design.

515

Task

Develop and direct software system testing and validation procedures, programming, and
documentation.

543

Task Develop secure code and error messages.

Go Back to All Specialty Areas

Item Tas
ID
k

Statement
Evaluate factors such as reporting formats required, cost constraints, and need for
security restrictions to determine hardware configuration.

602

Task

634

Task Identify basic common coding flaws at a high level.

644
645
709

Identify security implications and apply methodologies within centralized and


Task decentralized environments across the enterprise's computer systems in software
development.
Identify security issues around steady state operation and management of software, and
Task incorporate security measures that must be taken when a product reaches the end of its
life.
Modify existing software to correct errors, adapt it to new hardware or upgrade
Task
interfaces, and improve performance.

756

Task

Perform integrated quality assurance testing for security functionality and resiliency
attacks.

764

Task

Perform secure programming and identify potential flaws in codes to mitigate


vulnerabilities.

770

Task

Perform risk analysis (e.g., threat, vulnerability, and probability of occurrence) whenever
an application or system undergoes a major change.

785

Task

826
865

Prepare detailed workflow charts and diagrams that describe input, output, and logical
operation, and convert them into a series of instructions coded in a computer language.
Recognize security implications in the software acceptance phase, including completion
Task criteria, risk acceptance and documentation, common criteria, and methods of
independent testing.
Translate security requirements into application design elements, including documenting
Task the elements of the software attack surfaces, conducting threat modeling, and defining
any specific security criteria.

969

Task Perform penetration testing as required for new or updated applications.

970

Task

Apply defensive functions (e.g., encryption, access control, identity management) to


reduce exploitation opportunities of supply chain vulnerabilities.

971

Task

Design countermeasures and mitigations against potential exploitations of programming


language weaknesses and vulnerabilities in system and elements.

972

Task

Determine and document critical numbers of software patches or the extent of releases
that would leave software vulnerable.

Item Tas
ID
k

Statement

Enable applications with public keying by leveraging existing public key infrastructure
(PKI) libraries and incorporating certificate management and encryption functionalities.
Identify and leverage the enterprise-wide security services while designing and
1150 Task developing secure applications (e.g. Enterprise PKI, Federated Identity server, Enterprise
AV solution).
Identify and leverage the enterprise-wide version control system while designing and
1151 Task
developing secure applications.
1149 Task

Secure Software Engineering Develops, modifies, enhances, and


sustains new or existing computer applications, software, or utility
programs following software assurance best practices throughout the
software lifecycle.

Item
KSA
ID

Go Back to All Specialty Areas

General Knowledge Areas: Reflect basic types of knowledge for


cybersecurity professionals and reside within multiple Specialty Areas.
Designated with an asterisk (*).

Statement

Competency
Infrastructure Design

22

KSA

* Knowledge of computer networking concepts and protocols, and network


security methodologies.

108

KSA

* Knowledge of risk management processes (e.g., methods for assessing


and mitigating risk).

Risk Management

1157 KSA

* Knowledge of national and international laws, regulations, policies, and


ethics as they relate to cybersecurity.

Legal, Government, and


Jurisprudence

1158 KSA * Knowledge of cybersecurity principles.

Information
Systems/Network Security

1159 KSA * Knowledge of cyber threats and vulnerabilities.

Vulnerabilities Assessment

Specialty Area Knowledge, Skill, and Abilities (KSA).

Item
KSA
ID
3

KSA

Statement
Skill in conducting vulnerability scans and recognizing vulnerabilities in
security systems.

Competency
Vulnerabilities Assessment

20

KSA Knowledge of complex data structures.

23

KSA

Knowledge of computer programming principles such as object-oriented


design.

Object Technology

38

KSA

Knowledge of organization's enterprise information security architecture


system.

Information Assurance

40

KSA Knowledge of organization's evaluation and validation requirements.

43

KSA Knowledge of embedded systems and internet of things.

56

KSA

63

Knowledge of information assurance (IA) principles and organizational


KSA requirements to protect confidentiality, integrity, availability, authenticity,
and non-repudiation of information and data.

Information Assurance

74

KSA Knowledge of low-level computer languages (e.g., assembly languages).

Computer Languages

81

Knowledge of network protocols (e.g., Transmission Critical


KSA Protocol/Internet Protocol [TCP/IP], Dynamic Host Configuration Protocol
[DHCP]), and directory services (e.g., Domain Name System [DNS]).

Infrastructure Design

90

KSA Knowledge of operating systems.

Knowledge of information assurance (IA) principles and methods that apply


to software development.

Object Technology

Systems Testing and


Evaluation
Embedded Computers
Information Assurance

Operating Systems

Item
KSA
ID
95

KSA

Statement
Knowledge of penetration testing principles, tools, and techniques (e.g.,
metasploit, neosploit).

Competency
Vulnerabilities Assessment

100

KSA Knowledge of Privacy Impact Assessments (PIA).

Personnel Safety and


Security

102

KSA Knowledge of programming language structures and logic.

Computer Languages

109

KSA Knowledge of secure configuration management techniques.

116

KSA Knowledge of software debugging principles.

Software Development

117

KSA Knowledge of software design tools, methods, and techniques.

Software Development

118

KSA

119

KSA Knowledge of software engineering.

121

KSA Knowledge of structured analysis principles and methods.

123

KSA Knowledge of system and application security threats and vulnerabilities.

124

KSA

Knowledge of system design tools, methods, and techniques, including


automated systems analysis and design tools.

149

KSA

Knowledge of web services, including service oriented architecture, Simple


Object Access Protocol (SOAP), and web service description language.

168

KSA Skill in conducting software debugging.

172

KSA Skill in creating and utilizing mathematical or statistical models.

174

Skill in creating programs that validate and process multiple inputs,


KSA including command line arguments, environmental variables, and input
streams.

177

KSA Skill in designing countermeasures to identified security risks.

185

KSA

191

KSA Skill in developing and applying security system access controls.

197

KSA

238

Skill in writing code that is compatible with legacy code (e.g., Common
KSA Business-Oriented Language [COBOL], FORTRAN IV) in a modern
programming language (e.g., Java, C++).

Computer Languages

904

KSA Knowledge of interpreted and compiled computer languages.

Computer Languages

905

KSA Knowledge of secure coding techniques.

Computer Languages

Knowledge of software development models (e.g., Waterfall Model, Spiral


Model, Agile Model).

Skill in developing applications that can log errors, exceptions, and


application faults.

Skill in discerning the protection needs (i.e., security controls) of


information systems and networks.

Configuration Management

Software Engineering
Software Engineering
Logical Systems Design
Vulnerabilities Assessment
Logical Systems Design
Web Technology
Software Development
Modeling and Simulation
Software Testing and
Evaluation
Vulnerabilities Assessment
Software Development
Identity Management
Information
Systems/Network Security

Item
KSA
ID

Statement

Competency

968

Knowledge of software-related information technology (IT) security


KSA principles and methods (e.g., modularization, layering, abstraction, data
hiding, simplicity/minimization).

973

KSA Skill in using code analysis tools to eradicate bugs.

974

KSA Ability to tailor code analysis for application-specific concerns.

975

KSA

976

KSA Knowledge of software quality assurance process.

Software Engineering

978

KSA Knowledge of root cause analysis for incidents.

Incident Management

979

KSA

980

KSA Skill in performing root cause analysis for incidents.

Skill in integrating black box security testing tools into quality assurance
process of software releases.

Knowledge of supply chain risk management standards, processes, and


practices.

1020 KSA Skill in secure test plan design (i.e., unit, integration, system, acceptance).

Information
Systems/Network Security
Software Development
Software Testing and
Evaluation
Quality Assurance

Risk Management
Incident Management
Systems Testing and
Evaluation

1034 KSA

Knowledge of Personally Identifiable Information (PII) and Payment Card


Industry (PCI) data security standards.

Security

1037 KSA

Knowledge of information technology (IT) supply chain security and risk


management policies, requirements, and procedures.

Risk Management

Knowledge of local specialized system requirements (e.g., critical


1038 KSA infrastructure systems that may not use standard information technology
[IT]) for safety, performance, and reliability.
1071 KSA

Knowledge of secure software deployment methodologies, tools, and


practices.

Knowledge of network security architecture concepts, including topology,


1072 KSA protocols, components, and principles (e.g., application of defense-indepth).
1131 KSA

Knowledge of security architecture concepts and enterprise architecture


reference models (e.g., Zackman, Federal Enterprise Architecture [FEA]).

Knowledge of the application firewall concepts and functions (e.g., Single


point of authentication/audit/policy enforcement, message scanning for
1135 KSA malicious content, data anonymization for PCI and PII compliance, data
loss protection scanning, accelerated cryptographic operations, SSL
security, REST/JSON processing).

Infrastructure Design

Software Engineering
Information
Systems/Network Security
Enterprise Architecture

Computer Network Defense

Skill in deploying Service Gateway at the network edge as the first point of
1137 KSA contact or proxy into enterprise infrastructure handling layer 7 protocols
(e.g., web, XML SOAP, REST, or legacy protocols [EDI]).

Infrastructure Design

Skill in using Public-Key Infrastructure (PKI) Software Development Kit


1140 KSA (SDK) to add encryption and digital signature capabilities into applications
(e.g., S/MIME email, SSL traffic).

Encryption

Systems Security Architecture - Designs and develops system concepts and works on
the capabilities phases of the systems development lifecycle. Translates technology and
environmental conditions (e.g., laws, regulations, best practices) into system and security
designs and processes.

Item Tas
ID
k

Statement

413

Task Analyze user needs and requirements to plan system architecture.

437

Task

Collaborate with system developers to select appropriate design solutions or ensure the
compatibility of system components.

483

Task

Define and prioritize essential system capabilities or business functions required for
partial or full system restoration after a catastrophic failure event.

484

Define appropriate levels of system availability based on critical system functions and
ensure system requirements identify appropriate disaster recovery and continuity of
Task operations requirements, to include any appropriate fail-over/alternate site requirements,
backup requirements, and material supportability requirements for system
recovery/restoration.

502

Task Design system architecture or system components required to meet user needs.

534

Develop information assurance (IA) designs for systems and networks with multilevel
Task security requirements or requirements for the processing of multiple classification levels
of data (primarily applicable to government organizations).

561
563

Document and address organization's information security, information assurance (IA)


Task architecture, and systems security engineering requirements throughout the acquisition
lifecycle.
Document design specifications, installation instructions, and other system-related
Task
information.

568

Task Employ secure configuration management processes.

569

Ensure all definition and architecture activities (e.g., system lifecycle support plans,
Task concept of operations, operational procedures and maintenance training materials) are
properly documented and updated as necessary.

579

Task

Ensure acquired or developed system(s) and architecture(s) are consistent with


organization's information assurance (IA) architecture guidelines.

Go Back to All Specialty Areas

Item Tas
ID
k

Statement

601

Task

Evaluate current or emerging technologies to consider factors such as cost, security,


compatibility, or usability.

603

Task

Evaluate interface between hardware and software and operational and performance
requirements of overall system.

631

Task

Identify and prioritize critical business functions in collaboration with organizational


stakeholders.

646

Task

Identify the protection needs (i.e. security controls) for information system(s), network(s)
and document appropriately.

765

Task

Perform security reviews, identify gaps in security architecture, and develop a security
risk management plan.

780

Task

Plan system implementation to ensure that all system components can be integrated and
aligned (e.g., procedures, databases, policies, software, hardware).

797

Task Provide advice on project costs, design concepts, or design changes.

807

Task

809

Provide input to the Risk Management Framework (RMF) process activities and related
Task documentation (e.g., system lifecycle support plans, concept of operations, operational
procedures, and maintenance training materials).

849

Task

864

Task Translate proposed technical solutions into technical specifications.

994

Task

Define and document how the implementation of a new system or new interfaces
between systems impacts the security posture of the current environment.

995

Task

Document and manage an enterprise technical risk register prioritizing and managing
technical risks throughout the system lifecycle.

996

Task Assess and design key management functions (as related to information assurance [IA]).

Provide input on security requirements to be included in statements of work and other


appropriate procurement documents.

Specify power supply and heating, ventilation, and air conditioning (HVAC) requirements
and configuration based on system performance expectations and design specifications.

Systems Security Architecture - Designs and develops system concepts


and works on the capabilities phases of the systems development
lifecycle. Translates technology and environmental conditions (e.g., laws,
regulations, best practices) into system and security designs and
processes.

Item
KSA
ID

Go Back to All Specialty Areas

General Knowledge Areas: Reflect basic types of knowledge for


cybersecurity professionals and reside within multiple Specialty Areas.
Designated with an asterisk (*).

Statement

Competency
Infrastructure Design

22

KSA

* Knowledge of computer networking concepts and protocols, and network


security methodologies.

108

KSA

* Knowledge of risk management processes (e.g., methods for assessing


and mitigating risk).

Risk Management

1157 KSA

* Knowledge of national and international laws, regulations, policies, and


ethics as they relate to cybersecurity.

Legal, Government, and


Jurisprudence

1158 KSA * Knowledge of cybersecurity principles.

Information
Systems/Network Security

1159 KSA * Knowledge of cyber threats and vulnerabilities.

Vulnerabilities Assessment

Specialty Area Knowledge, Skill, and Abilities (KSA).

Item
KSA
ID
8

Statement

KSA Knowledge of authentication, authorization, and access control methods.

Competency
Identity Management

21

KSA Knowledge of computer algorithms.

25

Knowledge of encryption algorithms (e.g., Internet Protocol Security


[IPSEC], Advanced Encryption Standard [AES], Generic Routing
KSA Encapsulation [GRE], Internet Key Exchange[IKE], Message Digest
Algorithm [MD5], Secure Hash Algorithm [SHA], Triple Data Encryption
Standard [3DES]).

Cryptography

27

KSA Knowledge of cryptography and cryptographic key management concepts.

Cryptography

34

KSA Knowledge of database systems.

38

KSA

40

KSA Knowledge of organization's evaluation and validation requirements.

43

KSA Knowledge of embedded systems and internet of things.

Embedded Computers

46

KSA Knowledge of fault tolerance.

Information Assurance

51

KSA

52

KSA Knowledge of human-computer interaction principles.

Knowledge of organization's enterprise information security architecture


system.

Knowledge of how system components are installed, integrated, and


optimized.

Mathematical Reasoning

Database Management
Systems
Information Assurance
Systems Testing and
Evaluation

Systems Integration
Human Factors

Item
KSA
ID

Statement

53

KSA Knowledge of the Security Assessment and Authorization (SA&A) process.

62

KSA

63

Knowledge of information assurance (IA) principles and organizational


KSA requirements to protect confidentiality, integrity, availability, authenticity,
and non-repudiation of information and data.

65

KSA

Knowledge of information theory, including source coding, channel coding,


algorithm complexity theory, and data compression.

68

KSA

Knowledge of information technology (IT) architectural concepts and


frameworks.

70

KSA

Knowledge of information technology (IT) security principles and methods


(e.g., firewalls, demilitarized zones, encryption).

78

KSA Knowledge of microprocessors.

79

KSA

81

Knowledge of network protocols (e.g., Transmission Critical


KSA Protocol/Internet Protocol [TCP/IP], Dynamic Host Configuration Protocol
[DHCP]), and directory services (e.g., Domain Name System [DNS]).

82

KSA

90

KSA Knowledge of operating systems.

92

Knowledge of how traffic flows across the network (e.g., Transmission


KSA Control Protocol and Internet Protocol [TCP/IP], Open System
Interconnection model [OSI]).

94

KSA Knowledge of parallel and distributed computing concepts.

Knowledge of industry-standard and organizationally accepted analysis


principles and methods.

Knowledge of network access, identity, and access management (e.g.,


public key infrastructure [PKI]).

Knowledge of network design processes, including security objectives,


operational objectives, and tradeoffs.

Competency
Information Assurance
Logical Systems Design
Information Assurance
Mathematical Reasoning
Information Technology
Architecture
Information
Systems/Network Security
Computers and Electronics
Identity Management

Infrastructure Design

Infrastructure Design
Operating Systems
Infrastructure Design
Information Assurance

109

KSA Knowledge of secure configuration management techniques.

110

KSA

111

KSA Knowledge of security system design tools, methods, and techniques.

113

KSA Knowledge of server and client operating systems.

119

KSA Knowledge of software engineering.

124

KSA

130

KSA Knowledge of systems testing and evaluation methods.

Systems Testing and


Evaluation

132

KSA Knowledge of technology integration processes.

Systems Integration

Knowledge of key concepts in security management (e.g., Release


Management, Patch Management).

Knowledge of system design tools, methods, and techniques, including


automated systems analysis and design tools.

Configuration Management
Information Assurance
Information
Systems/Network Security
Operating Systems
Software Engineering
Logical Systems Design

Item
KSA
ID

Statement
Knowledge of key telecommunication concepts (e.g., Routing Algorithms,
Fiber Optics Systems Link Budgeting, Add/Drop Multiplexers).

133

KSA

141

KSA Knowledge of the enterprise information technology (IT) architecture.

143

KSA

144

KSA Knowledge of the systems engineering process.

155

KSA

180

KSA Skill in designing the integration of hardware and software solutions.

183

Skill in determining how a security system should work, including its


KSA resilience and dependability capabilities, and how changes in conditions,
operations, or the environment will affect these outcomes.

197

KSA

Skill in discerning the protection needs (i.e., security controls) of


information systems and networks.

224

KSA

Skill in design modeling and building use cases (e.g., unified modeling
language).

904

KSA Knowledge of interpreted and compiled computer languages.

993

Knowledge of the methods, standards, and approaches for describing,


analyzing, and documenting an organization's enterprise information
KSA technology (IT) architecture (e.g., Open Group Architecture Framework
[TOGAF], Department of Defense Architecture Framework [DODAF], Federal
Enterprise Architecture Framework [FEAF]).

Knowledge of the organizations enterprise information technology (IT)


goals and objectives.

Skill in applying and incorporating information technologies into proposed


solutions.

Competency
Telecommunications
Information Technology
Architecture
Enterprise Architecture
Systems Life Cycle
Technology Awareness
Systems Integration

Information Assurance
Information
Systems/Network Security
Modeling and Simulation
Computer Languages

Enterprise Architecture

1034 KSA

Knowledge of Personally Identifiable Information (PII) and Payment Card


Industry (PCI) data security standards.

Security

1037 KSA

Knowledge of information technology (IT) supply chain security and risk


management policies, requirements, and procedures.

Risk Management

Knowledge of local specialized system requirements (e.g., critical


1038 KSA infrastructure systems that may not use standard information technology
[IT]) for safety, performance, and reliability.
Knowledge of network security architecture concepts, including topology,
1072 KSA protocols, components, and principles (e.g., application of defense-indepth).
Knowledge of network systems management principles, models, methods
1073 KSA
(e.g., end-to-end systems performance monitoring), and tools.

Information
Systems/Network Security

Knowledge of organizational process improvement concepts and process


1130 KSA maturity models (e.g., Capability Maturity Model Integration (CMMI) for
Development, CMMI for Services and CMMI for Acquisitions).

Process Control

Infrastructure Design

Network Management

1133 KSA

Knowledge of service management concepts for networks and related


standards (e.g., Information Technology Infrastructure Library, v3 [ITIL]).

1141 KSA

Knowledge of an organization's information classification program and


procedures for level information loss.

Information Management

1142 KSA

Knowledge of security models (e.g., Bell-LaPadula model, Biba integrity


model, Clark-Wilson integrity model).

Enterprise Architecture

Network Management

Technology Research and Development - Conducts technology and/or feasibility


assessments. Provides, builds, and supports a prototype capability and/or evaluates its
security and utility. Facilitates innovation.

Item Tas
ID
k

Statement

455

Task Conduct continuous analysis to identify network and system vulnerabilities.

520

Task

925

Task Research current technology to understand capabilities of required system or network.

927

Task

Research and evaluate all available technologies and standards to meet customer
requirements.

934

Task

Identify cyber capabilities strategies for custom hardware and software development
based on mission requirements.

Review and validate data mining and data warehousing programs, processes, and
requirements.

1076 Task Collaborate with stakeholders to identify and/or develop appropriate solutions technology.
1077 Task Design and develop new tools/technologies as related to information assurance (IA).
1078 Task

Troubleshoot prototype design and process issues throughout the product design,
development, and post-launch phases.

1079 Task

Identify functional- and security-related features to find opportunities for new capability
development to exploit or mitigate cyberspace vulnerabilities.

1080 Task Identify and/or develop reverse engineering tools to detect cyberspace vulnerabilities.
1145 Task Develop and implement credentialing and identity management programs.
1147 Task

Develop cloud-based centralized cryptographic key management capability to support


mobile workforce.

Go Back to All Specialty Areas

Technology Research and Development - Conducts technology and/or


feasibility assessments. Provides, builds, and supports a prototype
capability and/or evaluates its security and utility. Facilitates innovation.

Item
KSA
ID

Go Back to All Specialty Areas

General Knowledge Areas: Reflect basic types of knowledge for


cybersecurity professionals and reside within multiple Specialty Areas.
Designated with an asterisk (*).

Statement

Competency
Infrastructure Design

22

KSA

* Knowledge of computer networking concepts and protocols, and network


security methodologies.

108

KSA

* Knowledge of risk management processes (e.g., methods for assessing


and mitigating risk).

Risk Management

1157 KSA

* Knowledge of national and international laws, regulations, policies, and


ethics as they relate to cybersecurity.

Legal, Government, and


Jurisprudence

1158 KSA * Knowledge of cybersecurity principles.

Information
Systems/Network Security

1159 KSA * Knowledge of cyber threats and vulnerabilities.

Vulnerabilities Assessment

Specialty Area Knowledge, Skill, and Abilities (KSA).

Item
KSA
ID

Statement

Competency

KSA

Skill in conducting vulnerability scans and recognizing vulnerabilities in


security systems.

Vulnerabilities Assessment

KSA

Ability to identify systemic security issues based on the analysis of


vulnerability and configuration data.

Vulnerabilities Assessment

10

KSA Knowledge of application vulnerabilities.

15

Knowledge of capabilities and applications of network equipment including


KSA hubs, routers, switches, bridges, servers, transmission media, and related
hardware.

Hardware

27

KSA Knowledge of cryptography and cryptographic key management concepts.

Cryptography

42

Knowledge of electrical engineering as applied to computer architecture,


KSA including circuit boards, processors, chips, and associated computer
hardware.

88

KSA

Knowledge of new and emerging Information Technology (IT) and cyber


security technologies.

Technology Awareness

95

KSA

Knowledge of penetration testing principles, tools, and techniques (e.g.,


metasploit, neosploit).

Vulnerabilities Assessment

129

KSA

Knowledge of system life cycle management principles, including software


security and usability.

132

KSA Knowledge of technology integration processes.

133

KSA

144

KSA Knowledge of the systems engineering process.

155

KSA

172

KSA Skill in creating and utilizing mathematical or statistical models.

180

KSA Skill in designing the integration of hardware and software solutions.

238

Skill in writing code that is compatible with legacy code (e.g., Common
KSA Business-Oriented Language [COBOL], FORTRAN IV) in a modern
programming language (e.g., Java, C++).

Computer Languages

321

Knowledge of products and nomenclature of major vendors (e.g., security


KSA suites: Trend Micro, Symantec, McAfee, Outpost, Panda, Kaspersky, etc.)
and how differences affect exploitation/vulnerabilities.

Technology Awareness

Knowledge of key telecommunication concepts (e.g., Routing Algorithms,


Fiber Optics Systems Link Budgeting, Add/Drop Multiplexers).

Skill in applying and incorporating information technologies into proposed


solutions.

Vulnerabilities Assessment

Hardware Engineering

Systems Life Cycle


Systems Integration
Telecommunications
Systems Life Cycle
Technology Awareness
Modeling and Simulation
Systems Integration

Item
KSA
ID

Statement

371

Skill in reading, interpreting, writing, modifying, and executing simple


scripts (e.g., PERL, Visual Basic Scripting [VBS]) on Windows and Unix
KSA
systems (e.g., tasks such as parsing large data files, automating manual
tasks, fetching/processing remote data).

905

KSA Knowledge of secure coding technologies.

1037 KSA

Knowledge of information technology (IT) supply chain security and risk


management policies, requirements, and procedures.

Knowledge of local specialized system requirements (e.g., critical


1038 KSA infrastructure systems that may not use standard information technology
[IT]) for safety, performance, and reliability.
1040 KSA

Knowledge of relevant laws, policies, procedures, or governance related to


work impacting critical infrastructure.

1042 KSA Ability to apply network programming towards client/server model.


1044 KSA Skill in identifying forensic footprints.
1047 KSA Skill in writing kernel level applications.
1052 KSA

Knowledge of Global Systems for Mobile communications (GSM)


architecture.

1054 KSA Knowledge of hardware reverse engineering techniques.


1055 KSA

Knowledge of middleware (e.g., enterprise service bus and message


queuing).

1056 KSA Knowledge of operations security.

Competency
Operating Systems

Computer Languages
Risk Management

Infrastructure Design

Criminal Law
Requirements Analysis
Computer Forensics
Software Development
Telecommunications
Vulnerabilities Assessment
Software Development
Public Safety and Security

1059 KSA Knowledge of networking protocols.

Infrastructure Design

1061 KSA Knowledge of the life cycle process.

Systems Life Cycle

1062 KSA Knowledge of software reverse engineering techniques.


1063 KSA

Knowledge of Unix/Linux operating system structure and internals (e.g.,


process management, directory structure, installed applications).

1064 KSA Knowledge of Extensible Markup Language (XML) schemas.


Skill in utilizing exploitation tools (e.g., Foundstone, fuzzers, packet
1066 KSA sniffers, debug) to identify system/software vulnerabilities (e.g.,
penetration and testing).
1067 KSA

Vulnerabilities Assessment
Operating Systems
Infrastructure Design
Vulnerabilities Assessment

Skill in utilizing network analysis tools to identify software communications


Vulnerabilities Assessment
vulnerabilities.

Knowledge of network security architecture concepts, including topology,


1072 KSA protocols, components, and principles (e.g., application of defense-indepth).
Knowledge of the application firewall concepts and functions (e.g., Single
point of authentication/audit/policy enforcement, message scanning for
1135 KSA malicious content, data anonymization for PCI and PII compliance, data
loss protection scanning, accelerated cryptographic operations, SSL
security, REST/JSON processing).
Knowledge of security models (e.g., Bell-LaPadula model, Biba integrity
1142 KSA
model, Clark-Wilson integrity model).

Information
Systems/Network Security
Computer Network Defense

Enterprise Architecture

Systems Requirements Planning - Consults with stakeholders to guide, gather, and


evaluate functional and security requirements. Translates these requirements into
guidance to stakeholders about the applicability of information systems to meet their
needs.

Item Tas
ID
k

Statement
Conduct risk analysis, feasibility study, and/or trade-off analysis to develop, document,
and refine functional requirements and specifications.

458

Task

466

Task Consult with customers to evaluate functional requirements.

476

Task

487

Task Define project scope and objectives based on customer requirements.

511

Develop an enterprise system security context, a preliminary system security concept of


Task operations, and define baseline security requirements in accordance with applicable
information assurance (IA) requirements.

517

Task

528

Task Develop cost estimates for future new or modified system(s).

669

Task

Integrate and align information security and/or information assurance (IA) policies to
ensure system analysis meets security requirements.

700

Task

Manage information technology (IT) projects to ensure that developed solutions meet
customer requirements.

726

Task Oversee and make recommendations regarding configuration management.

760

Task

789

Task Prepare use cases to justify the need for specific information technology (IT) solutions.

863

Task Translate functional requirements into technical solutions.

Coordinate with systems architects and developers, as needed, to provide oversight in


the development of design solutions.

Develop and document requirements, capabilities, and constraints for design procedures
and processes.

Perform needs analysis to determine opportunities for new and improved business
process solutions.

Go Back to All Specialty Areas

Item Tas
ID
k

Statement

1003 Task Develop and document supply chain risks for critical system elements, as appropriate.
1144 Task

Develop and document User Experience (UX) requirements including information


architecture and user interface requirements.

Systems Requirements Planning - Consults with stakeholders to guide,


gather, and evaluate functional and security requirements. Translates
these requirements into guidance to stakeholders about the applicability of
information systems to meet their needs.

Item
KSA
ID

Go Back to All Specialty Areas

General Knowledge Areas: Reflect basic types of knowledge for


cybersecurity professionals and reside within multiple Specialty Areas.
Designated with an asterisk (*).

Statement

Competency
Infrastructure Design

22

KSA

* Knowledge of computer networking concepts and protocols, and network


security methodologies.

108

KSA

* Knowledge of risk management processes (e.g., methods for assessing


and mitigating risk).

Risk Management

1157 KSA

* Knowledge of national and international laws, regulations, policies, and


ethics as they relate to cybersecurity.

Legal, Government, and


Jurisprudence

1158 KSA * Knowledge of cybersecurity principles.

Information
Systems/Network Security

1159 KSA * Knowledge of cyber threats and vulnerabilities.

Vulnerabilities Assessment

Specialty Area Knowledge, Skill, and Abilities (KSA).

Item
KSA
ID
9

KSA

Statement
Knowledge of applicable business processes and operations of customer
organizations.

Competency
Requirements Analysis

16

KSA Knowledge of capabilities and requirements analysis.

25

Knowledge of encryption algorithms (e.g., Internet Protocol Security


[IPSEC], Advanced Encryption Standard [AES], Generic Routing
KSA Encapsulation [GRE], Internet Key Exchange [IKE], Message Digest
Algorithm [MD5], Secure Hash Algorithm [SHA], Triple Data Encryption
Standard [3DES]).

Cryptography

27

KSA Knowledge of cryptography and cryptographic key management concepts.

Cryptography

46

KSA Knowledge of fault tolerance.

51

KSA

Knowledge of how system components are installed, integrated, and


optimized.

Systems Integration

53

KSA Knowledge of the Security Assessment and Authorization (SA&A) process.

Information Assurance

55
62

Knowledge of information assurance (IA) principles used to manage risks


KSA related to the use, processing, storage, and transmission of information or
data.
Knowledge of industry-standard and organizationally accepted analysis
KSA
principles and methods.

63

Knowledge of information assurance (IA) principles and organizational


KSA requirements to protect confidentiality, integrity, availability, authenticity,
and non-repudiation of information and data.

64

KSA Knowledge of information security systems engineering principles.

65

KSA

Knowledge of information theory, including source coding, channel coding,


algorithm complexity theory, and data compression.

Requirements Analysis

Information Assurance

Information Assurance
Logical Systems Design
Information Assurance
Information
Systems/Network Security
Mathematical Reasoning

Item
KSA
ID

Statement
Knowledge of information technology (IT) architectural concepts and
frameworks.

Competency
Information Technology
Architecture

68

KSA

78

KSA Knowledge of microprocessors.

79

KSA

81

Knowledge of network protocols (e.g., Transmission Critical


KSA Protocol/Internet Protocol [TCP/IP], Dynamic Host Configuration Protocol
[DHCP]), and directory services (e.g., Domain Name System [DNS]).

82

KSA

Knowledge of network design processes, including security objectives,


operational objectives, and tradeoffs.

Infrastructure Design

88

KSA

Knowledge of new and emerging Information Technology (IT) and cyber


security technologies.

Technology Awareness

90

KSA Knowledge of operating systems.

92

Knowledge of how traffic flows across the network (e.g., Transmission


KSA Control Protocol and Internet Protocol [TCP/IP], Open System
Interconnection model [OSI]).

94

KSA Knowledge of parallel and distributed computing concepts.

Knowledge of network access, identity, and access management (e.g.,


public key infrastructure [PKI]).

Computers and Electronics


Identity Management

Infrastructure Design

Operating Systems
Infrastructure Design
Information Assurance
Personnel Safety and
Security

100

KSA Knowledge of Privacy Impact Assessments (PIA).

101

KSA Knowledge of process engineering concepts.

110

KSA

Knowledge of key concepts in security management (e.g., Release


Management, Patch Management).

Information Assurance

124

KSA

Knowledge of system design tools, methods, and techniques, including


automated systems analysis and design tools.

Logical Systems Design

126

Knowledge of system software and organizational design standards,


KSA policies, and authorized approaches (e.g., International Organization for
Standardization [ISO] guidelines) relating to system design.

129

KSA

130

KSA Knowledge of systems testing and evaluation methods.

133

KSA

Knowledge of key telecommunication concepts (e.g., Routing Algorithms,


Fiber Optics Systems Link Budgeting, Add/Drop Multiplexers).

143

KSA

Knowledge of the organizations enterprise information technology (IT)


goals and objectives.

144

KSA Knowledge of the systems engineering process.

155

KSA

156

KSA Skill in applying confidentiality, integrity, and availability principles.

158

KSA

Knowledge of system life cycle management principles, including software


security and usability.

Skill in applying and incorporating information technologies into proposed


solutions.

Skill in applying organization-specific systems analysis principles and


techniques.

Logical Systems Design

Requirements Analysis

Systems Life Cycle


Systems Testing and
Evaluation
Telecommunications
Enterprise Architecture
Systems Life Cycle
Technology Awareness
Information Assurance
Systems Testing and
Evaluation

Item
KSA
ID

Statement

162

KSA Skill in conducting capabilities and requirements analysis.

224

KSA

229

KSA Skill in using incident handling methodologies.

911

KSA

Skill in design modeling and building use cases (e.g., unified modeling
language).

Ability to interpret and translate customer requirements into operational


cyber actions.

1002 KSA Skill in conducting audits or reviews of technical systems.

Competency
Requirements Analysis
Modeling and Simulation
Incident Management
Requirements Analysis
Information Technology
Performance Assessment

1004 KSA

Knowledge of critical information technology (IT) procurement


requirements.

Contracting/Procurement

1005 KSA

Knowledge of functionality, quality, and security requirements and how


these will apply to specific items of supply (i.e., elements and processes).

Contracting/Procurement

Knowledge of applicable laws (e.g., Electronic Communications Privacy Act,


Foreign Intelligence Surveillance Act, Protect America Act, search and
seizure laws, civil liberties and privacy laws), U.S. Statutes (e.g., Titles 10,
1036 KSA
18, 32, 50 in U.S. Code), Presidential Directives, executive branch
guidelines, and/or administrative/criminal legal guidelines and procedures
relevant to work performed.
1037 KSA

Knowledge of information technology (IT) supply chain security and risk


management policies, requirements, and procedures.

Knowledge of local specialized system requirements (e.g., critical


1038 KSA infrastructure systems that may not use standard information technology
[IT]) for safety, performance, and reliability.
1039 KSA Skill in evaluating the trustworthiness of the supplier and/or product.

Criminal Law

Risk Management
Infrastructure Design
Contracting/Procurement

1040 KSA

Knowledge of relevant laws, policies, procedures, or governance related to


work impacting critical infrastructure.

Criminal Law

1073 KSA

Knowledge of network systems management principles, models, methods


(e.g., end-to-end systems performance monitoring), and tools.

Network Management

1133 KSA

Knowledge of service management concepts for networks and related


standards (e.g., Information Technology Infrastructure Library, v3 [ITIL]).

Network Management

1141 KSA

Knowledge of an organization's information classification program and


procedures for level information loss.

Information Management

Test and Evaluation - Develops and conducts processes and procedures (e.g., testing)
to evaluate compliance with security requirements.

Item Tas
ID
k

Statement
Analyze the results of end-to-end testing (e.g., software, hardware, transport, seams,
interfaces).

412

Task

508

Task Determine level of assurance of developed capabilities based on test results.

550

Task Develop test plans to address specifications and requirements.

694

Task Make recommendations based on test results.

747

Task

748

Task Perform developmental testing on systems being concurrently developed.

757

Task

761

Task Perform operational testing to evaluate systems in an operational environment.

773

Task

858

Develop test bed environment to test and verify hardware and support peripherals to
Task ensure that they meet specifications and requirements by recording and analyzing test
data.

951

Task

Perform conformance testing to assess whether a system complies with defined


specifications or standards.

Perform interoperability testing on systems exchanging electronic information with


systems of other organizations.

Perform validation testing to ensure requirements meet proposed specifications or


standards and that correct specifications or standards are available.

Determine scope, infrastructure, resources, and data sample size to ensure system
requirements are adequately demonstrated.

1006 Task Create auditable evidence of security measures.

Go Back to All Specialty Areas

Item Tas
ID
k
1156 Task

Statement
Conduct and monitor Independent Validation and Verification (IV&V) testing for software
applications and systems.

Test and Evaluation - Develops and conducts processes and procedures


(e.g., testing) to evaluate compliance with security requirements.

Item
KSA
ID

Go Back to All Specialty Areas

General Knowledge Areas: Reflect basic types of knowledge for


cybersecurity professionals and reside within multiple Specialty Areas.
Designated with an asterisk (*).

Statement

Competency
Infrastructure Design

22

KSA

* Knowledge of computer networking concepts and protocols, and network


security methodologies.

108

KSA

* Knowledge of risk management processes (e.g., methods for assessing


and mitigating risk).

Risk Management

1157 KSA

* Knowledge of national and international laws, regulations, policies, and


ethics as they relate to cybersecurity.

Legal, Government, and


Jurisprudence

1158 KSA * Knowledge of cybersecurity principles.

Information
Systems/Network Security

1159 KSA * Knowledge of cyber threats and vulnerabilities.

Vulnerabilities Assessment

Specialty Area Knowledge, Skill, and Abilities (KSA).

Item
KSA
ID

Statement
Knowledge of organization's enterprise information security architecture
system.

Competency

38

KSA

Information Assurance

40

KSA Knowledge of agency evaluation and validation requirements.

53

KSA Knowledge of the Security Assessment and Authorization (SA&A) process.

Information Assurance

63

Knowledge of information assurance (IA) principles and organizational


KSA requirements to protect confidentiality, integrity, availability, authenticity,
and non-repudiation of information and data.

Information Assurance

Systems Testing and


Evaluation

Item
KSA
ID

Statement

81

Knowledge of network protocols (e.g., Transmission Critical


KSA Protocol/Internet Protocol [TCP/IP], Dynamic Host Configuration Protocol
[DHCP]), and directory services (e.g., Domain Name System [DNS]).

83

KSA Knowledge of network hardware devices and functions.

Competency
Infrastructure Design

Hardware

127

KSA Knowledge of systems administration concepts.

Operating Systems

144

KSA Knowledge of the systems engineering process.

Systems Life Cycle

169

KSA Skill in conducting test events.

176

KSA

182

KSA Skill in determining an appropriate level of test rigor for a given system.

Systems Testing and


Evaluation

190

KSA Skill in developing operations-based testing scenarios.

Systems Testing and


Evaluation

220

KSA Skill in systems integration testing.

Systems Testing and


Evaluation

239

KSA Skill in writing test plans.

Systems Testing and


Evaluation

904

KSA Knowledge of interpreted and compiled computer languages.

Computer Languages

950

KSA Skill in evaluating test plans for applicability and completeness.

Systems Testing and


Evaluation

1034 KSA

Skill in designing a data analysis structure (i.e., the types of data your test
must generate and how to analyze those data).

Knowledge of Personally Identifiable Information (PII) and Payment Card


Industry (PCI) data security standards.

Systems Testing and


Evaluation
Systems Testing and
Evaluation

Security

Item
KSA
ID
1037 KSA

Statement
Knowledge of information technology (IT) supply chain security and risk
management policies, requirements, and procedures.

Knowledge of local specialized system requirements (e.g., critical


1038 KSA infrastructure systems that may not use standard information technology
[IT]) for safety, performance, and reliability.
Knowledge of network security architecture concepts, including topology,
1072 KSA protocols, components, and principles (e.g., application of defense-indepth).

Competency
Risk Management
Infrastructure Design
Information
Systems/Network Security

Systems Development - Develops technical security solutions to meet the defined


requirements.

Item Tas
ID
k

Statement

416

Task

Analyzes design constraints, trade-offs, and detailed system and security designs to
identify necessary lifecycle support.

419

Task

Apply security policies to applications that interface with one another, such as Businessto-Business (B2B) applications.

425

Task Assess the effectiveness of information protection measures utilized by system(s).

426

Task

431

Task Build, test, and modify product prototypes using working models or theoretical models.

457

Conduct Privacy Impact Analysis (PIA) of the applications security design for the
Task appropriate security controls, which protect the confidentiality and integrity of Personal
Identifiable Information (PII).

494

Task Design and develop information assurance (IA) or IA-enabled tools.

495

Task Design and develop secure interface specifications between interconnected systems.

496

Design, develop, integrate, and update system security measures (including policies and
Task requirements) that provide confidentiality, integrity, availability, authentication, and nonrepudiation.

500

Task

501

Design or integrate appropriate data backup capabilities into overall system designs, and
Task ensure appropriate technical and procedural processes exist for secure system backups
and protected storage of backup data.

503

Task

Assess threats to and vulnerabilities of computer system(s) to develop a security risk


profile.

Design hardware, operating systems, and software applications to adequately addresses


information assurance (IA) security requirements.

Design systems to the minimum security requirements to ensure requirements are met
for all systems and/or applications.

Go Back to All Specialty Areas

Item Tas
ID
k

Statement

516

Task Develop and oversee system testing and validation procedures and documentation.

527

Task Develop architectures or system components consistent with technical specifications.

530

Task

Develop detailed security design documentation for component and interface


specifications to support system design and development.

531

Task

Develop disaster recovery and continuity of operations plans for systems under
development, and ensure testing prior to systems entering a production environment.

542

Task

Develop risk mitigation strategies to resolve vulnerabilities and recommend security


changes to system or system components as needed.

547

Task

Develop specific information assurance (IA) countermeasures and risk mitigation


strategies for systems and/or applications.

626

Task

Identifies components or elements, allocate security functions to those elements, and


describe the relationships between the elements.

630

632

648

Identify and direct the remediation of technical problems encountered during testing and
Task implementation of new systems (e.g., identify and find work-arounds for communication
protocols that are not interoperable).
Identify and prioritize essential system functions or sub-systems, as may be necessary to
support essential capabilities or business functions; in the event of system failure or
Task
system recovery, observe, and adhere to overall system requirements for continuity and
availability.
Identify, assess, and recommend information assurance (IA) or IA-enabled products for
Task use within a system and ensure recommended products are in compliance with
organization's evaluation and validation requirements.

659

Task Implement security designs for new or existing system(s).

662

Task

Incorporate information assurance (IA) vulnerability solutions into system designs (e.g.,
IA Vulnerability Alerts).

737

Task

Perform an information security risk assessment and design security countermeasures to


mitigate identified risks.

Item Tas
ID
k

Statement

766

Task Perform security reviews and identify security gaps in security architecture.

770

Task

Perform risk analysis (e.g., threat, vulnerability, and probability of occurrence) whenever
an application or system undergoes a major change.

803

Task

Provide guidelines for implementing developed systems to customers or installation


teams.

808

Task Provide input to implementation plans and standard operating procedures.

809

Provide input to the Risk Management Framework (RMF) process activities and related
Task documentation (e.g., system lifecycle support plans, concept of operations, operational
procedures, and maintenance training materials).

850

Task Store, retrieve, and manipulate data for analysis of system capabilities and requirements.

856

Task Provide support to security/certification test and evaluation activities.

860

Task Trace all system security requirements to design components.

874

Task

877

Task Verify stability, interoperability, portability, or scalability of system architecture.

997

Task

998

Task

999

Utilize models and simulations to analyze or predict system performance under different
operating conditions.

Design and develop key management functions to support authentication, encryption,


and digital signature capabilities (as related to information assurance [IA]).

Analyze user needs and requirements to plan and conduct system security development
around user experience (UX).
Develop information assurance (IA) designs to meet specific operational needs and
environmental factors (e.g., access controls, automated applications, networked
Task operations, high integrity and availability requirements, multilevel security/processing of
multiple classification levels, and processing Sensitive Compartmented Information
[SCI]).

Item Tas
ID
k

Statement

Ensure security design and information assurance (IA) development activities are
1000 Task properly documented, providing a functional description of security implementation, and
updated as necessary.
1152 Task

Implement and integrate system development life cycle (SLDC) methodologies (e.g., IBM
Rational Unified Process) into development environment.

Systems Development - Develops technical security solutions to meet


the defined requirements.

Item
KSA
ID

Go Back to All Specialty Areas

General Knowledge Areas: Reflect basic types of knowledge for


cybersecurity professionals and reside within multiple Specialty Areas.
Designated with an asterisk (*).

Statement

Competency
Infrastructure Design

22

KSA

* Knowledge of computer networking concepts and protocols, and network


security methodologies.

108

KSA

* Knowledge of risk management processes (e.g., methods for assessing


and mitigating risk).

Risk Management

1157 KSA

* Knowledge of national and international laws, regulations, policies, and


ethics as they relate to cybersecurity.

Legal, Government, and


Jurisprudence

1158 KSA * Knowledge of cybersecurity principles.

Information
Systems/Network Security

1159 KSA * Knowledge of cyber threats and vulnerabilities.

Vulnerabilities Assessment

Specialty Area Knowledge, Skill, and Abilities (KSA).

Item
KSA
ID

Statement
Skill in conducting vulnerability scans and recognizing vulnerabilities in
security systems.

KSA

KSA Knowledge of authentication, authorization, and access control methods.

Competency
Vulnerabilities Assessment
Identity Management

21

KSA Knowledge of computer algorithms.

25

Knowledge of encryption algorithms (e.g., Internet Protocol Security


[IPSEC], Advanced Encryption Standard [AES], Generic Routing
KSA Encapsulation [GRE], Internet Key Exchange [IKE], Message Digest
Algorithm [MD5], Secure Hash Algorithm [SHA], Triple Data Encryption
Standard [3DES]).

Cryptography

27

KSA Knowledge of cryptography and cryptographic key management concepts.

Cryptography

34

KSA Knowledge of database systems.

38

KSA

40

KSA Knowledge of organization's evaluation and validation requirements.

42

Knowledge of electrical engineering as applied to computer architecture,


KSA including circuit boards, processors, chips, and associated computer
hardware.

Hardware Engineering

43

KSA Knowledge of embedded systems and internet of things.

Embedded Computers

46

KSA Knowledge of fault tolerance.

Information Assurance

51

KSA

Knowledge of organization's enterprise information security architecture


system.

Knowledge of how system components are installed, integrated, and


optimized.

Mathematical Reasoning

Database Management
Systems
Information Assurance
Systems Testing and
Evaluation

Systems Integration

Item
KSA
ID

Statement

Competency

52

KSA Knowledge of human-computer interaction principles.

63

Knowledge of information assurance (IA) principles and organizational


KSA requirements to protect confidentiality, integrity, availability, authenticity,
and non-repudiation of information and data.

64

KSA Knowledge of information security systems engineering principles.

65

KSA

Knowledge of information theory, including source coding, channel coding,


algorithm complexity theory, and data compression.

Mathematical Reasoning

70

KSA

Knowledge of information technology (IT) security principles and methods


(e.g., firewalls, demilitarized zones, encryption).

Information
Systems/Network Security

72

KSA

Knowledge of local area network (LAN) and wide area network (WAN)
principles and concepts, including bandwidth management.

Infrastructure Design

75

KSA

Knowledge of mathematics, including logarithms, trigonometry, linear


algebra, calculus, and statistics.

Mathematical Reasoning

78

KSA Knowledge of microprocessors.

79

KSA

81

Knowledge of network protocols (e.g., Transmission Critical


KSA Protocol/Internet Protocol [TCP/IP], Dynamic Host Configuration Protocol
[DHCP]), and directory services (e.g., Domain Name System [DNS]).

82

KSA

90

KSA Knowledge of operating systems.

92

Knowledge of how traffic flows across the network (e.g., Transmission


KSA Control Protocol and Internet Protocol [TCP/IP], Open System
Interconnection model [OSI]).

94

KSA Knowledge of parallel and distributed computing concepts.

Information Assurance

98

KSA Knowledge of policy-based and risk-adaptive access controls.

Identity Management

100

KSA Knowledge of Privacy Impact Assessments (PIA).

Personnel Safety and


Security

101

KSA Knowledge of process engineering concepts.

109

KSA Knowledge of secure configuration management techniques.

110

KSA

Knowledge of key concepts in security management (e.g., Release


Management, Patch Management).

Information Assurance

118

KSA

Knowledge of software development models (e.g., Waterfall Model, Spiral


Model, Agile Model).

Software Engineering

119

KSA Knowledge of software engineering.

Knowledge of network access, identity, and access management (e.g.,


public key infrastructure [PKI]).

Knowledge of network design processes, including security objectives,


operational objectives, and tradeoffs.

Human Factors

Information Assurance
Information
Systems/Network Security

Computers and Electronics


Identity Management

Infrastructure Design

Infrastructure Design
Operating Systems
Infrastructure Design

Logical Systems Design


Configuration Management

Software Engineering

Item
KSA
ID

Statement

Competency

121

KSA Knowledge of structured analysis principles and methods.

124

KSA

126

Knowledge of system software and organizational design standards,


KSA policies, and authorized approaches (e.g., International Organization for
Standardization [ISO] guidelines) relating to system design.

129

KSA

130

KSA Knowledge of systems testing and evaluation methods.

133

KSA

144

KSA Knowledge of the systems engineering process.

173

KSA Skill in creating policies that reflect system security objectives.

Information Systems
Security Certification

177

KSA Skill in designing countermeasures to identified security risks.

Vulnerabilities Assessment

179

KSA

180

KSA Skill in designing the integration of hardware and software solutions.

191

KSA Skill in developing and applying security system access controls.

197

KSA

199

KSA Skill in evaluating the adequacy of security designs.

224

KSA

904

KSA Knowledge of interpreted and compiled computer languages.

Knowledge of system design tools, methods, and techniques, including


automated systems analysis and design tools.

Knowledge of system life cycle management principles, including software


security and usability.

Knowledge of key telecommunication concepts (e.g., Routing Algorithms,


Fiber Optics Systems Link Budgeting, Add/Drop Multiplexers).

Skill in designing security controls based on information assurance (IA)


principles and tenets.

Skill in discerning the protection needs (i.e., security controls) of


information systems and networks.

Skill in design modeling and building use cases (e.g., unified modeling
language).

1002 KSA Skill in conducting audits or reviews of technical systems.

Logical Systems Design


Logical Systems Design

Requirements Analysis

Systems Life Cycle


Systems Testing and
Evaluation
Telecommunications
Systems Life Cycle

Information Assurance
Systems Integration
Identity Management
Information
Systems/Network Security
Vulnerabilities Assessment
Modeling and Simulation
Computer Languages
Information Technology
Performance Assessment

1034 KSA

Knowledge of Personally Identifiable Information (PII) and Payment Card


Industry (PCI) data security standards.

Security

1037 KSA

Knowledge of information technology (IT) supply chain security and risk


management policies, requirements, and procedures.

Risk Management

Knowledge of local specialized system requirements (e.g., critical


1038 KSA infrastructure systems that may not use standard information technology
[IT]) for safety, performance, and reliability.
Knowledge of network security architecture concepts, including topology,
1072 KSA protocols, components, and principles (e.g., application of defense-indepth).

Infrastructure Design
Information
Systems/Network Security

Item
KSA
ID

Statement

Competency

1073 KSA

Knowledge of network systems management principles, models, methods


(e.g., end-to-end systems performance monitoring), and tools.

Network Management

1133 KSA

Knowledge of service management concepts for networks and related


standards (e.g., Information Technology Infrastructure Library, v3 [ITIL]).

Network Management

1141 KSA

Knowledge of an organization's information classification program and


procedures for level information loss.

Information Management

1142 KSA

Knowledge of security models (e.g., Bell-LaPadula model, Biba integrity


model, Clark-Wilson integrity model).

Enterprise Architecture

Data Administration - Develops, maintains, and administers databases and/or data


management systems that allow for the secure storage, query, and utilization of data.
Conducts data integration, data modeling, analytics modeling, and data mining.

Item Tas
ID
k

Statement

400

Task Analyze and define data requirements and specifications.

401

Task Analyze and plan for anticipated changes in data capacity requirements.

498

Task Design and implement database systems.

520

Task

529

Task Develop data standards, policies, and procedures.

664

Task Install and configure database management systems software.

684

Task Maintain database management systems software.

688

Task

Maintain directory replication services that enable information to replicate automatically


from rear servers to forward units via optimized routing.

690

Task

Maintain information exchanges through publish, subscribe, and alert functions that
enable users to send and receive critical information as required.

702

Task Manage the compilation, cataloging, caching, distribution, and retrieval of data.

712

Task Monitor and maintain databases to ensure optimal performance.

740

Task Perform backup and recovery of databases to ensure data integrity.

Review and validate data mining and data warehousing programs, processes, and
requirements.

Go Back to All Specialty Areas

Item Tas
ID
k

Statement
Provide a managed flow of relevant information (via web-based portals or other means)
based on a mission requirements.

796

Task

815

Task Provide recommendations on new database technologies and architectures.

1154 Task

Performs configuration management, problem management, capacity management, and


financial management for databases and data management systems.

Supports incident management, service level management, change management,


1155 Task release management, continuity management, and availability management for
databases and data management systems.

Data Administration - Develops, maintains, and administers databases


and/or data management systems that allow for the secure storage, query,
and utilization of data. Conducts data integration, data modeling, analytics
modeling, and data mining.

Item
KSA
ID

Go Back to All Specialty Areas

General Knowledge Areas: Reflect basic types of knowledge for


cybersecurity professionals and reside within multiple Specialty Areas.
Designated with an asterisk (*).

Statement

Competency
Infrastructure Design

22

KSA

* Knowledge of computer networking concepts and protocols, and network


security methodologies.

108

KSA

* Knowledge of risk management processes (e.g., methods for assessing


and mitigating risk).

Risk Management

1157 KSA

* Knowledge of national and international laws, regulations, policies, and


ethics as they relate to cybersecurity.

Legal, Government, and


Jurisprudence

1158 KSA * Knowledge of cybersecurity principles.

Information
Systems/Network Security

1159 KSA * Knowledge of cyber threats and vulnerabilities.

Vulnerabilities Assessment

Specialty Area Knowledge, Skill, and Abilities (KSA).

Item
KSA
ID

Statement

28

KSA

Knowledge of data administration and data standardization policies and


standards.

29

KSA

Knowledge of data backup, types of backups (e.g., full, incremental), and


recovery concepts and tools.

31

KSA Knowledge of data mining and data warehousing principles.

32

KSA

35

KSA Knowledge of digital rights management.

44

KSA Knowledge of enterprise messaging systems and associated software.

79

KSA

90

KSA Knowledge of operating systems.

98

KSA Knowledge of policy-based and risk-adaptive access controls.

Knowledge of database management systems, query languages, table


relationships, and views.

Knowledge of network access, identity, and access management (e.g.,


public key infrastructure [PKI]).

Competency
Data Management
Computer Forensics
Data Management
Database Management
Systems
Encryption
Enterprise Architecture
Identity Management
Operating Systems
Identity Management
Database Management
Systems

104

KSA Knowledge of query languages such as Structured Query Language (SQL).

120

KSA

Knowledge of sources, characteristics, and uses of the organizations data


assets.

Data Management

137

KSA

Knowledge of the characteristics of physical and virtual data storage


media.

Data Management

Item
KSA
ID

Statement

Competency

152

KSA

Skill in allocating storage capacity in the design of data management


systems.

Database Administration

166

KSA

Skill in conducting queries and developing algorithms to analyze data


structures.

Database Management
Systems

178

KSA Skill in designing databases.

186

KSA Skill in developing data dictionaries.

187

KSA Skill in developing data models.

188

KSA Skill in developing data repositories.

201

KSA Skill in generating queries and reports.

Database Management
Systems

208

KSA Skill in maintaining databases.

Database Management
Systems

213

KSA Skill in optimizing database performance.

910

KSA Knowledge of database theory.

1034 KSA

Knowledge of Personally Identifiable Information (PII) and Payment Card


Industry (PCI) data security standards.

Knowledge of advanced data encryption (e.g., Column and Tablespace


1123 KSA Encryption) security features in databases, including built-in cryptographic
key management features.
1124 KSA Knowledge of advanced data remediation security features in databases.
1128 KSA

Knowledge of Java-based database access application programming


interface (API) (e.g., Java Database Connectivity [JDBC]).

1141 KSA

Knowledge of an organization's information classification program and


procedures for level information loss.

Database Administration
Data Management
Modeling and Simulation
Data Management

Database Administration
Data Management
Security
Database Management
Systems
Database Administration
Database Management
Systems
Information Management

Customer Service and Technical Support - Provides end users tiered-level customer
support by coordinating software, hardware, network, and security issue resolution. May
install, configure, troubleshoot, and provide maintenance and training.

Item Tas
ID
k

Statement

428

Task Assist in the execution of disaster recovery and continuity of operations plans.

554

Task Diagnose and resolve customer reported system incidents.

639

Task Identify end-user requirements for software and hardware solutions.

665

Task Install and configure hardware, software, and peripheral equipment for system users.

695

Task Manage accounts, network rights, and access to systems and equipment.

698

Task Manage inventory of information technology (IT) resources.

714

Task Monitor client-level computer system performance.

813

Task Provide recommendations for possible improvements and upgrades.

830

Task Report emerging trend findings.

859

Task Test computer system performance.

866

Task Troubleshoot system hardware and software.

Go Back to All Specialty Areas

Customer Service and Technical Support - Provides end users tieredlevel customer support by coordinating software, hardware, network, and
security issue resolution. May install, configure, troubleshoot, and provide
maintenance and training.

Item
KSA
ID

Go Back to All Specialty Areas

General Knowledge Areas: Reflect basic types of knowledge for


cybersecurity professionals and reside within multiple Specialty Areas.
Designated with an asterisk (*).

Statement

Competency
Infrastructure Design

22

KSA

* Knowledge of computer networking concepts and protocols, and network


security methodologies.

108

KSA

* Knowledge of risk management processes (e.g., methods for assessing


and mitigating risk).

Risk Management

1157 KSA

* Knowledge of national and international laws, regulations, policies, and


ethics as they relate to cybersecurity.

Legal, Government, and


Jurisprudence

1158 KSA * Knowledge of cybersecurity principles.


1159 KSA * Knowledge of cyber threats and vulnerabilities.

Information Systems/Network
Security
Vulnerabilities Assessment

Specialty Area Knowledge, Skill, and Abilities (KSA).

Item
KSA
ID
7
33

Statement

Knowledge of knowledge-base capabilities for identifying the solutions to


less common and more complex system problems.
Knowledge of database procedures used for documenting and querying
KSA
reported incidents.
KSA

37

KSA Knowledge of disaster recovery and continuity of operations plans.

76

KSA

Knowledge of measures or indicators of system performance and


availability.

Competency
Knowledge Management
Incident Management
Incident Management
Information Technology
Performance Assessment

127

KSA Knowledge of systems administration concepts.

142

KSA

Knowledge of the operations and processes for diagnosing common or


recurring system problems.

Systems Life Cycle

145

KSA

Knowledge of the type and frequency of routine maintenance needed to


keep equipment functioning properly.

Systems Life Cycle

165

Skill in conducting open source research for troubleshooting novel clientKSA level problems (e.g., online development communities, system security
blogging sites).

204

KSA

221

KSA Skill in testing and configuring network workstations and peripherals.

222

KSA Skill in the basic operation of computers.

235

KSA

264

Knowledge of basic physical computer components and architectures,


including the functions of various components and peripherals (e.g.,
KSA
central processing units [CPUs], network interface cards [NICs], data
storage).

Skill in identifying possible causes of degradation of system performance


or availability and initiating actions needed to mitigate this degradation.

Skill in using the appropriate tools for repairing software, hardware, and
peripheral equipment of a system.

Operating Systems

Knowledge Management

Systems Life Cycle


Network Management
Computer Skills
Computers and Electronics

Computers and Electronics

Item
KSA
ID
281

Statement

Knowledge of electronic devices (e.g., computer systems/components,


access control devices, digital cameras, electronic organizers, hard drives,
KSA memory cards, modems, network components, printers, removable
storage devices, scanners, telephones, copiers, credit card skimmers,
facsimile machines, global positioning systems [GPSs]).

Knowledge of Personally Identifiable Information (PII) and Payment Card


Industry (PCI) data security standards.
Knowledge of network security architecture concepts, including topology,
1072 KSA protocols, components, and principles (e.g., application of defense-indepth).
Knowledge of an organization's information classification program and
1141 KSA
procedures for level information loss.
1034 KSA

Competency

Hardware

Security
Information Systems/Network
Security
Information Management

Network Services - Installs, configures, tests, operates, maintains, and manages


network devices including hardware, software, and operating systems that permit
information sharing across the full spectrum of transmission using all media. Supports
the security of information and information systems.

Item Tas
ID
k

Statement
Configure and optimize network hubs, routers, and switches (e.g., higher-level protocols,
tunneling).

462

Task

522

Task Develop and implement network backup and recovery procedures.

555

Task Diagnose network connectivity problems.

617

Task Expand or modify network infrastructure to serve new purposes or improve work flow.

656

Task Implement new system design procedures, test procedures, and quality standards.

666

Task

667

Task Install or replace network hubs, routers, and switches.

673

Task Integrate new systems into existing network architecture.

718

Task Monitor network capacity and performance.

736

Task

802

Install and maintain network infrastructure device operating system software (e.g.,
Interwork Operating System [IOS], firmware).

Patch network vulnerabilities to ensure information is safeguarded against outside


parties.
Provide feedback on network requirements, including network architecture and
Task
infrastructure.

829

Task Repair network connectivity problems.

857

Task Test and maintain network infrastructure including software and hardware devices.

Go Back to All Specialty Areas

Network Services - Installs, configures, tests, operates, maintains, and


manages network devices including hardware, software, and operating
systems that permit information sharing across the full spectrum of
transmission using all media. Supports the security of information and
information systems.

Item
KSA
ID

Go Back to All Specialty Areas

General Knowledge Areas: Reflect basic types of knowledge for


cybersecurity professionals and reside within multiple Specialty Areas.
Designated with an asterisk (*).

Statement

Competency
Infrastructure Design

22

KSA

* Knowledge of computer networking concepts and protocols, and network


security methodologies.

108

KSA

* Knowledge of risk management processes (e.g., methods for assessing


and mitigating risk).

Risk Management

1157 KSA

* Knowledge of national and international laws, regulations, policies, and


ethics as they relate to cybersecurity.

Legal, Government, and


Jurisprudence

1158 KSA * Knowledge of cybersecurity principles.

Information
Systems/Network Security

1159 KSA * Knowledge of cyber threats and vulnerabilities.

Vulnerabilities Assessment

Specialty Area Knowledge, Skill, and Abilities (KSA).

Item
KSA
ID

Statement
Knowledge of communication methods, principles, and concepts (e.g.,
encoding, signaling, multiplexing) that support the network infrastructure.

Competency

12

KSA

15

Knowledge of capabilities and applications of network equipment including


KSA hubs, routers, switches, bridges, servers, transmission media, and related
hardware.

Hardware

27

KSA Knowledge of cryptography and cryptographic key management concepts.

Cryptography

41

KSA

55

Knowledge of information assurance (IA) principles used to manage risks


KSA related to the use, processing, storage, and transmission of information or
data.

70

KSA

Knowledge of information technology (IT) security principles and methods


(e.g., firewalls, demilitarized zones, encryption).

72

KSA

Knowledge of local area network (LAN) and wide area network (WAN)
principles and concepts, including bandwidth management.

76

KSA

Knowledge of measures or indicators of system performance and


availability.

Information Technology
Performance Assessment

81

Knowledge of network protocols (e.g., Transmission Critical


KSA Protocol/Internet Protocol [TCP/IP], Dynamic Host Configuration Protocol
[DHCP]), and directory services (e.g., Domain Name System [DNS]).

Infrastructure Design

92

Knowledge of how traffic flows across the network (e.g., Transmission


KSA Control Protocol and Internet Protocol [TCP/IP], Open System
Interconnection model [OSI]).

Infrastructure Design

106

Knowledge of organization's Local Area Network (LAN)/Wide Area Network


(WAN) pathways.

KSA Knowledge of remote access technology concepts.

Infrastructure Design

Infrastructure Design
Information Assurance
Information
Systems/Network Security
Infrastructure Design

Information Technology
Architecture

Item
KSA
ID

Statement

Competency

112

KSA

Knowledge of server administration and systems engineering theories,


concepts, and methods.

133

KSA

Knowledge of key telecommunication concepts (e.g., Routing Algorithms,


Fiber Optics Systems Link Budgeting, Add/Drop Multiplexers).

148

KSA Knowledge of Virtual Private Network (VPN) security.

154

KSA Skill in analyzing network traffic capacity and performance characteristics.

Capacity Management

193

KSA

Skill in developing, testing, and implementing network infrastructure


contingency and recovery plans.

Information Assurance

198

KSA Skill in establishing a routing schema.

205

KSA

Skill in implementing, maintaining, and improving established security


practices.

207

KSA

Skill in installing, configuring, and troubleshooting local area network (LAN)


and wide area network (WAN).

Infrastructure Design

231

KSA

Skill in using network management tools to analyze network traffic


patterns (e.g., simple network management protocol).

Network Management

234

KSA Skill in using sub-netting tools.

Infrastructure Design

261

Knowledge of basic concepts, terminology, and operations of a wide range


KSA of communications media (e.g., computer and telephone networks,
satellite, fiber, wireless).

Telecommunications

271

KSA

Knowledge of common network tools (e.g., ping, traceroute, nslookup) and


interpret the information results.

Infrastructure Design

278

Knowledge of different types of network communication (e.g., Local Area


Network [LAN], Wide Area Network [WAN], Metropolitan Area Network
KSA
[MAN], Wireless Local Area Network [WLAN], Wireless Wide Area Network
[WWAN]).

347

KSA Knowledge of Windows command line (e.g., ipconfig, netstat, dir, nbtstat).

Operating Systems

891

KSA

Skill in configuring and utilizing hardware-based computer protection


components (e.g., hardware firewalls, servers, routers).

Configuration Management

893

KSA Skill in securing network communications.

896

KSA Skill in protecting a network against malware.

900

KSA Knowledge of web filtering technologies.

901

Knowledge of the capabilities of different electronic communication


KSA systems and methods (e.g., e-mail, Voice over Internet Protocol [VoIP],
Instant Messenger [IM], web forums, direct video broadcasts).

Network Management

902

Knowledge of the range of existing networks (e.g., Private Branching


KSA Exchange [PBX], Local Area Networks [LANs], Wide Area Networks [WANs],
Wireless Fidelity [WI-FI]).

Network Management

Systems Life Cycle


Telecommunications
Encryption

Infrastructure Design
Information
Systems/Network Security

Telecommunications

Information Assurance
Computer Network Defense
Web Technology

Item
KSA
ID

Statement

903

KSA Knowledge of Wireless Fidelity (WI-FI).

985

Skill in configuring and utilizing network protection components (e.g.,


KSA firewalls, Virtual Private Networks [VPNs], network Intrusion Detection
Systems [IDSs]).

989

KSA Knowledge of Voice over Internet Protocol (VoIP).

990

KSA Knowledge of common attack vectors on the network layer.

1034 KSA

Knowledge of Personally Identifiable Information (PII) and Payment Card


Industry (PCI) data security standards.

Knowledge of network security architecture concepts, including topology,


1072 KSA protocols, components, and principles (e.g., application of defense-indepth).
Knowledge of network systems management principles, models, methods
(e.g., end-to-end systems performance monitoring), and tools.
Knowledge of transmission records (e.g., Bluetooth, Radio Frequency
Identification [RFID], Infrared Networking [IR], Wireless Fidelity [Wi-Fi].
1074 KSA paging, cellular, satellite dishes), and jamming techniques that enable
transmission of undesirable information, or prevent installed systems from
operating correctly.
Knowledge of service management concepts for networks and related
1133 KSA
standards (e.g., Information Technology Infrastructure Library, v3 [ITIL]).
1073 KSA

1134 KSA Knowledge of symmetric key rotation techniques and concepts.

Competency
Network Management
Configuration Management
Telecommunications
Computer Network Defense
Security
Information
Systems/Network Security
Network Management

Web Technology

Network Management
Encryption

1141 KSA

Knowledge of an organization's information classification program and


procedures for level information loss.

Information Management

1142 KSA

Knowledge of security models (e.g., Bell-LaPadula model, Biba integrity


model, Clark-Wilson integrity model).

Enterprise Architecture

System Administration - Installs, configures, troubleshoots, and maintains server and


systems configurations (hardware and software) to ensure their confidentiality, integrity,
and availability. Administers server-based systems, security devices, distributed
applications, network storage, messaging, and performs systems monitoring. Consults on
network, application, and customer service issues to support computer systems security
and sustainability.

Item Tas
ID
k

Statement

434

Task Check server availability, functionality, integrity, and efficiency.

452

Task Conduct functional and connectivity testing to ensure continuing operability.

456

Task

Conduct periodic server maintenance including cleaning (both physically and


electronically), disk checks, routine reboots, data dumps, and testing.

499

Task

Design group policies and access control lists to ensure compatibility with organizational
standards, business rules, and needs.

518

Task Develop and document systems administration standard operating procedures.

521

Task Develop and implement local network usage policies and procedures.

668

Task Install server fixes, updates, and enhancements.

683

Task Maintain baseline system security according to organizational policies.

695

Task Manage accounts, network rights, and access to systems and equipment.

701

Task

713

Task Monitor and maintain server configuration.

728

Task Oversee installation, implementation, configuration, and support of network components.

Manage server resources including performance, capacity, availability, serviceability, and


recoverability.

Go Back to All Specialty Areas

Item Tas
ID
k

Statement

763

Task Perform repairs on faulty server hardware.

776

Task

781

Task Plan, execute, and verify data redundancy and system recovery procedures.

811

Task Provide ongoing optimization and problem solving support.

835

Task Resolve hardware/software interface and interoperability problems.

Plan and coordinate the installation of new or modified hardware, operating systems, and
other baseline software.

1153 Task Install, update, and troubleshoot virtual and remote access servers.

Item
KSA
ID

System Administration - Installs, configures, troubleshoots, and


maintains server and systems configurations (hardware and software) to
ensure their confidentiality, integrity, and availability. Administers serverbased systems, security devices, distributed applications, network storage,
messaging, and performs systems monitoring. Consults on network,
application, and customer service issues to support computer systems
security and sustainability.
General Knowledge Areas: Reflect basic types of knowledge for
cybersecurity professionals and reside within multiple Specialty Areas.
Designated with an asterisk (*).

Go Back to All Specialty Areas

Statement

Competency
Infrastructure Design

22

KSA

* Knowledge of computer networking concepts and protocols, and network


security methodologies.

108

KSA

* Knowledge of risk management processes (e.g., methods for assessing


and mitigating risk).

Risk Management

1157 KSA

* Knowledge of national and international laws, regulations, policies, and


ethics as they relate to cybersecurity.

Legal, Government, and


Jurisprudence

1158 KSA * Knowledge of cybersecurity principles.

Information
Systems/Network Security

1159 KSA * Knowledge of cyber threats and vulnerabilities.

Vulnerabilities Assessment

Specialty Area Knowledge, Skill, and Abilities (KSA).

Item
KSA
ID

Statement

Competency

70

KSA

Knowledge of information technology (IT) security principles and methods


(e.g., firewalls, demilitarized zones, encryption).

72

KSA

Knowledge of local area network (LAN) and wide area network (WAN)
principles and concepts, including bandwidth management.

76

KSA

Knowledge of measures or indicators of system performance and


availability.

Information Technology
Performance Assessment

81

Knowledge of network protocols (e.g., Transmission Critical


KSA Protocol/Internet Protocol [TCP/IP], Dynamic Host Configuration Protocol
[DHCP]), and directory services (e.g., Domain Name System [DNS]).

Infrastructure Design

89

KSA Knowledge of new technological developments in server administration.

Technology Awareness

96

KSA Knowledge of performance tuning tools and techniques.

99

KSA Knowledge of principles and methods for integrating server components.


Knowledge of server administration and systems engineering theories,
concepts, and methods.

Information
Systems/Network Security
Infrastructure Design

Information Technology
Performance Assessment
Systems Integration

112

KSA

Systems Life Cycle

113

KSA Knowledge of server and client operating systems.

Operating Systems

114

KSA Knowledge of server diagnostic tools and fault identification techniques.

Computer Forensics

Item
KSA
ID

Statement

Competency

127

KSA Knowledge of systems administration concepts.

141

KSA Knowledge of the enterprise information technology (IT) architecture.

145

KSA

148

KSA Knowledge of Virtual Private Network (VPN) security.

167

KSA Skill in conducting server planning, management, and maintenance.

Network Management

170

KSA Skill in configuring and optimizing software.

Software Engineering

171

KSA

194

KSA Skill in diagnosing connectivity problems.

Network Management

195

KSA Skill in diagnosing failed servers.

Network Management

202

KSA

206

KSA Skill in installing computer and server upgrades.

209

KSA Skill in maintaining directory services.

211

KSA Skill in monitoring and optimizing server performance.

216

KSA Skill in recovering failed servers.

219

KSA Skill in system administration for Unix/Linux operating systems.

Operating Systems

286

KSA Knowledge of file extensions (e.g., .dll, .bat, .zip, .pcap, .gzip).

Operating Systems

287

KSA

342

KSA Knowledge of Unix command line (e.g., mkdir, mv, ls, passwd, grep).

344

KSA

386

KSA Skill in using virtual machines.

892

KSA

Knowledge of the type and frequency of routine maintenance needed to


keep equipment functioning properly.

Skill in correcting physical and technical problems that impact server


performance.

Skill in identifying and anticipating server performance, availability,


capacity, or configuration problems.

Knowledge of file system implementations (e.g., New Technology File


System [NTFS], File Allocation Table [FAT], File Extension [EXT]).

Knowledge of virtualization technologies and virtual machine development


and maintenance.

Skill in configuring and utilizing software-based computer protection tools


(e.g., software firewalls, anti-virus software, anti-spyware).

Operating Systems
Information Technology
Architecture
Systems Life Cycle
Encryption

Network Management

Information Technology
Performance Assessment
Systems Life Cycle
Identity Management
Information Technology
Performance Assessment
Incident Management

Operating Systems
Computer Languages
Operating Systems
Operating Systems
Configuration Management

Item
KSA
ID
986

KSA

Statement
Knowledge of organizational information technology (IT) user security
policies (e.g., account creation, password rules, access control).

Competency
Identity Management

1033 KSA

Knowledge of basic system administration, network, and operating system


Information
hardening techniques.
Systems/Network Security

1034 KSA

Knowledge of Personally Identifiable Information (PII) and Payment Card


Industry (PCI) data security standards.

Security

Knowledge of network security architecture concepts, including topology,


Information
1072 KSA protocols, components, and principles (e.g., application of defense-inSystems/Network Security
depth).
Knowledge of transmission records (e.g., Bluetooth, Radio Frequency
Identification [RFID], Infrared Networking [IR], Wireless Fidelity [Wi-Fi].
1074 KSA paging, cellular, satellite dishes), and jamming techniques that enable
Web Technology
transmission of undesirable information, or prevent installed systems from
operating correctly.

Systems Security Analysis - Conducts and documents the systems integration,


testing, operations, maintenance, and security of an information environment.
Coordinates threat and mitigation strategies across the enterprise.

Item Tas
ID
k

Statement
Apply security policies to applications that interface with one another, such as Businessto-Business (B2B) applications.

419

Task

420

Task Apply security policies to meet security objectives of the system.

421

Task

Apply service-oriented architecture security architecture principles to meet organization's


confidentiality, integrity, and availability requirements.

525

Task

Develop and test system fail-over or system operations transfer to an alternate site
based on system availability requirements.

559

Task Discover organizational trends with regard to the security posture of systems.

571

Task

572

Ensure application of security patches for commercial products integrated into system
Task design meet the timelines dictated by the management authority for the intended
operational environment.

576

Task

Ensure information assurance-enabled products or other compensating security control


technologies reduce identified risk to an acceptable level.

593

Task

Establish adequate access controls based on principles of least privilege and need-toknow

616

Task Exercise the system disaster recovery and continuity of operations plans.

652

Task

Implement and/or integrate security measures for use in system(s) and ensure that
system designs incorporate security configuration guidelines.

653

Task

Implement security designs and approaches to resolve vulnerabilities, mitigate risks, and
recommend security changes to system or system components as needed.

Ensure all systems security operations and maintenance activities are properly
documented and updated as necessary.

Go Back to All Specialty Areas

Item Tas
ID
k

Statement

660

Task

Implement specific information assurance (IA) countermeasures for systems and/or


applications.

661

Task

Implement system security measures that provide confidentiality, integrity, availability,


authentication, and non-repudiation.

670

Task

Integrate and/or implement Cross Domain Solutions (CDS) in a classified environment


(Primarily applicable to government agencies).

671

708

Integrate automated capabilities for updating or patching system software where


practical, and develop processes and procedures for manual system software updating
Task
and patching using current and projected patch timeline requirements for the systems
operational environment.
Identify and correct security deficiencies discovered during security and certification
Task testing and continuous monitoring, or identify risk acceptance for the appropriate senior
leader or authorized representative.
Monitor information protection assurance mechanisms related to system implementation
and testing practices.

717

Task

729

Task Oversee minimum security requirements are in place for all applications.

754

Task

Perform information assurance (IA) testing of developed applications and/or systems to


identify security vulnerabilities such as SQL injection or cross-site scripting.

767

Task

Perform security reviews and identify security gaps in security architecture, resulting in
recommendations for the inclusion into the risk mitigation strategy.

782

Task

Plans and recommend modifications or adjustments based on exercise results or system


environment.

795

Task

Properly document all systems security implementation, operations and maintenance


activities and updated as necessary.

806

Task Provide information assurance (IA) guidance to leadership.

809

Provide input to the Risk Management Framework (RMF) process activities and related
Task documentation (e.g., system lifecycle support plans, concept of operations, operational
procedures, and maintenance training materials).

Item Tas
ID
k

Statement
Verify and update security documentation reflecting the application/system security
design features.

876

Task

880

Task Work with others to resolve computer security incidents and vulnerability compliance.

938

Task

Ensure recovery and continuity plans are executable in the system operational
environment.

Systems Security Analysis - Conducts and documents the systems


integration, testing, operations, maintenance, and security of an
information environment. Coordinates threat and mitigation strategies
across the enterprise.

Item
KSA
ID

Go Back to All Specialty Areas

General Knowledge Areas: Reflect basic types of knowledge for


cybersecurity professionals and reside within multiple Specialty Areas.
Designated with an asterisk (*).

Statement

Competency
Infrastructure Design

22

KSA

* Knowledge of computer networking concepts and protocols, and network


security methodologies.

108

KSA

* Knowledge of risk management processes (e.g., methods for assessing


and mitigating risk).

Risk Management

1157 KSA

* Knowledge of national and international laws, regulations, policies, and


ethics as they relate to cybersecurity.

Legal, Government, and


Jurisprudence

1158 KSA * Knowledge of cybersecurity principles.

Information
Systems/Network Security

1159 KSA * Knowledge of cyber threats and vulnerabilities.

Vulnerabilities Assessment

Specialty Area Knowledge, Skill, and Abilities (KSA).

Item
KSA
ID
3

KSA

Statement
Skill in conducting vulnerability scans and recognizing vulnerabilities in
security systems.

Competency
Vulnerabilities Assessment

18

KSA Knowledge of circuit analysis.

25

Knowledge of encryption algorithms (e.g., Internet Protocol Security


[IPSEC], Advanced Encryption Standard [AES], Generic Routing
KSA Encapsulation [GRE], Internet Key Exchange [IKE], Message Digest
Algorithm [MD5], Secure Hash Algorithm [SHA], Triple Data Encryption
Standard [3DES]).

Cryptography

27

KSA Knowledge of cryptography and cryptographic key management concepts.

Cryptography

34

KSA Knowledge of database systems.

Database Management
Systems

42

Knowledge of electrical engineering as applied to computer architecture,


KSA including circuit boards, processors, chips, and associated computer
hardware.

Hardware Engineering

43

KSA Knowledge of embedded systems and internet of things.

Embedded Computers

46

KSA Knowledge of fault tolerance.

Information Assurance

51

KSA

52

KSA Knowledge of human-computer interaction principles.

58

KSA

Knowledge of how system components are installed, integrated, and


optimized.

Knowledge of known vulnerabilities from alerts, advisories, errata, and


bulletins.

Computers and Electronics

Systems Integration
Human Factors
Information
Systems/Network Security

Item
KSA
ID

Statement

Competency

63

Knowledge of information assurance (IA) principles and organizational


KSA requirements to protect confidentiality, integrity, availability, authenticity,
and non-repudiation of information and data.

65

KSA

Knowledge of information theory, including source coding, channel coding,


algorithm complexity theory, and data compression.

Mathematical Reasoning

70

KSA

Knowledge of information technology (IT) security principles and methods


(e.g., firewalls, demilitarized zones, encryption).

Information
Systems/Network Security

75

KSA

Knowledge of mathematics, including logarithms, trigonometry, linear


algebra, calculus, and statistics.

78

KSA Knowledge of microprocessors.

79

KSA

Knowledge of network access, identity, and access management (e.g.,


public key infrastructure [PKI]).

Identity Management

82

KSA

Knowledge of network design processes, including security objectives,


operational objectives, and tradeoffs.

Infrastructure Design

90

KSA Knowledge of operating systems.

92

Knowledge of how traffic flows across the network (e.g., Transmission


KSA Control Protocol and Internet Protocol [TCP/IP], Open System
Interconnection model [OSI]).

94

KSA Knowledge of parallel and distributed computing concepts.

Information Assurance

Mathematical Reasoning
Computers and Electronics

Operating Systems
Infrastructure Design
Information Assurance

109

KSA Knowledge of secure configuration management techniques.

110

KSA

111

KSA Knowledge of security system design tools, methods, and techniques.

119

KSA Knowledge of software engineering.

Software Engineering

130

KSA Knowledge of systems testing and evaluation methods.

Systems Testing and


Evaluation

133

KSA

144

KSA Knowledge of the systems engineering process.

160

KSA Skill in assessing the robustness of security systems and designs.

Vulnerabilities Assessment

177

KSA Skill in designing countermeasures to identified security risks.

Vulnerabilities Assessment

179

KSA

183

Skill in determining how a security system should work, including its


KSA resilience and dependability capabilities, and how changes in conditions,
operations, or the environment will affect these outcomes.

Knowledge of key concepts in security management (e.g., Release


Management, Patch Management).

Knowledge of key telecommunication concepts (e.g., Routing Algorithms,


Fiber Optics Systems Link Budgeting, Add/Drop Multiplexers).

Skill in designing security controls based on information assurance (IA)


principles and tenets.

Configuration Management
Information Assurance
Information
Systems/Network Security

Telecommunications
Systems Life Cycle

Information Assurance

Information Assurance

Item
KSA
ID

Statement

Competency

191

KSA Skill in developing and applying security system access controls.

Identity Management

199

KSA Skill in evaluating the adequacy of security designs.

904

KSA Knowledge of interpreted and compiled computer languages.

Computer Languages

922

KSA Skill in using network analysis tools to identify vulnerabilities.

Vulnerabilities Assessment

Vulnerabilities Assessment

1034 KSA

Knowledge of Personally Identifiable Information (PII) and Payment Card


Industry (PCI) data security standards.

Security

1037 KSA

Knowledge of information technology (IT) supply chain security and risk


management policies, requirements, and procedures.

Risk Management

Knowledge of local specialized system requirements (e.g., critical


1038 KSA infrastructure systems that may not use standard information technology
[IT]) for safety, performance, and reliability).
1039 KSA Skill in evaluating the trustworthiness of the supplier and/or product.
1040 KSA

Knowledge of relevant laws, policies, procedures, or governance related to


work impacting critical infrastructure.

Knowledge of network security architecture concepts, including topology,


1072 KSA protocols, components, and principles (e.g., application of defense-indepth).
1073 KSA

Knowledge of network systems management principles, models, methods


(e.g., end-to-end systems performance monitoring), and tools.

1132 KSA

Knowledge of service catalogues and service management standards (e.g.,


Information Technology Infrastructure Library, v3 [ITIL]).

1133 KSA

Knowledge of service management concepts for networks and related


standards (e.g., Information Technology Infrastructure Library, v3 [ITIL]).

1138 KSA Skill in developing and applying user credential management system.

Infrastructure Design

Contracting/Procurement
Criminal Law
Information
Systems/Network Security
Network Management
Operations Support
Network Management
Identity Management

1139 KSA

Skill in implementing enterprise key escrow systems to support data-atrest encryption.

1141 KSA

Knowledge of an organization's information classification program and


procedures for level information loss.

Information Management

1142 KSA

Knowledge of security models (e.g., Bell-LaPadula model, Biba integrity


model, Clark-Wilson integrity model).

Enterprise Architecture

Infrastructure Design

Enterprise Network Defense (END) Analysis - Uses defensive measures and


information collected from a variety of sources to identify, analyze, and report events
that occur or might occur within the enterprise network in order to protect information,
information systems, and networks from threats.

Item Tas
ID
k

Statement

427

Task Develop content for cyber defense tools.

433

Task

472

Task Coordinate with Enterprise Network Defense (END) staff to validate network alerts.

716

Monitor external data sources (e.g., Enterprise Network Defense (END) vendor sites,
Computer Emergency Response Teams, SANS, Security Focus) to maintain currency of
Task
END threat condition and determine which security issues may have an impact on the
enterprise.

723

Task

745

Task Perform cyber defense trend analysis and reporting.

750

Perform event correlation using information gathered from a variety of sources within the
Task enterprise to gain situational awareness and determine the effectiveness of an observed
attack.

800

Task

Provide daily summary reports of network events and activity relevant to Enterprise
Network Defense (END) practices.

823

Task

Receive and analyze network alerts from various sources within the enterprise and
determines possible causes of such alerts.

956

Provide timely detection, identification, and alerts of possible attacks/intrusions,


Task anomalous activities, and misuse activities, and distinguish these incidents and events
from benign activities.

958

Task

Use cyber defense tools for continual monitoring and analysis of system activity to
identify malicious activity.

959

Task

Analyze identified malicious activity to determine weaknesses exploited, exploitation


methods, and effects on system and information.

Characterize and analyze network traffic to identify anomalous activity and potential
threats to network resources.

Document and escalate incidents, including event's history, status, and potential impact
for further action, that may cause ongoing and immediate impact to the environment.

Go Back to All Specialty Areas

Item Tas
ID
k
961

Task

Statement
Employ approved defense-in-depth principles and practices (e.g., defense-in-multiple
places, layered defenses, security robustness).

1010 Task

Determine appropriate course of action in response to identified and analyzed anomalous


network activity.

1102 Task

Conduct tests of information assurance (IA) safeguards in accordance with established


test plans and procedures.

1103 Task Determine tactics, techniques and procedures (TTPs) for intrusion sets.
1104 Task Examine network topologies to understand data flows through the network.
1105 Task Recommend computing environment vulnerability corrections.
1107 Task Identify and analyze anomalies in network traffic using metadata.
1108 Task

Conduct research, analysis, and correlation across a wide variety of all source data sets
(e.g., indications and warnings).

1109 Task

Validate Intrusion Detection System (IDS) alerts against network traffic using packet
analysis tools.

1110 Task Isolate and remove malware.


1111 Task Identify application and operating systems of a network device based on network traffic.
1112 Task Reconstruct a malicious attack or activity based on network traffic.
1113 Task Identify network mapping and operating system fingerprinting activities.

Enterprise Network Defense (END) Analysis - Uses defensive


measures and information collected from a variety of sources to identify,
analyze, and report events that occur or might occur within the enterprise
network in order to protect information, information systems, and networks
from threats.

Item
KSA
ID

Go Back to All Specialty Areas

General Knowledge Areas: Reflect basic types of knowledge for


cybersecurity professionals and reside within multiple Specialty Areas.
Designated with an asterisk (*).

Statement

Competency
Infrastructure Design

22

KSA

* Knowledge of computer networking concepts and protocols, and network


security methodologies.

108

KSA

* Knowledge of risk management processes (e.g., methods for assessing


and mitigating risk).

Risk Management

1157 KSA

* Knowledge of national and international laws, regulations, policies, and


ethics as they relate to cybersecurity.

Legal, Government, and


Jurisprudence

1158 KSA * Knowledge of cybersecurity principles.

Information
Systems/Network Security

1159 KSA * Knowledge of cyber threats and vulnerabilities.

Vulnerabilities Assessment

Specialty Area Knowledge, Skill, and Abilities (KSA).

Item
KSA
ID

Statement

Competency

KSA

Skill in conducting vulnerability scans and recognizing vulnerabilities in


security systems.

Vulnerabilities Assessment

19

KSA

Knowledge of cyber defense mitigation techniques and vulnerability


assessment tools, including open source tools, and their capabilities.

Computer Network Defense

27

KSA Knowledge of cryptography and cryptographic key management concepts.

Cryptography

29

KSA

Knowledge of data backup, types of backups (e.g., full, incremental), and


recovery concepts and tools.

Computer Forensics

49

KSA

Knowledge of host and network access control mechanisms (e.g., access


control list).

Information
Systems/Network Security

59

KSA Knowledge of Intrusion Detection System (IDS) tools and applications.

61

KSA Knowledge of incident response and handling methodologies.

63

66

Computer Network Defense


Incident Management

Knowledge of information assurance (IA) principles and organizational


KSA requirements to protect confidentiality, integrity, availability, authenticity,
Information Assurance
and non-repudiation of information and data.
Knowledge of intrusion detection methodologies and techniques for
KSA detecting host-and network-based intrusions via intrusion detection
Computer Network Defense
technologies.

81

Knowledge of network protocols (e.g., Transmission Critical


KSA Protocol/Internet Protocol [TCP/IP], Dynamic Host Configuration Protocol
[DHCP]), and directory services (e.g., Domain Name System [DNS]).

87

KSA Knowledge of network traffic analysis methods.

Infrastructure Design
Information
Systems/Network Security

Item
KSA
ID

Statement
Knowledge of new and emerging Information Technology (IT) and cyber
security technologies.

Competency

88

KSA

92

Knowledge of how traffic flows across the network (e.g., Transmission


KSA Control Protocol and Internet Protocol [TCP/IP], Open System
Interconnection model [OSI]).

95

KSA

98

KSA Knowledge of policy-based and risk-adaptive access controls.

Identity Management

KSA Knowledge of programming language structures and logic.

Computer Languages

102

105

110

Knowledge of penetration testing principles, tools, and techniques (e.g.,


metasploit, neosploit).

Knowledge of system and application security threats and vulnerabilities


(e.g., buffer overflow, mobile code, cross-site scripting, Procedural
KSA Language/Structured Query Language [PL/SQL] and injections, race
conditions, covert channel, replay, return-oriented attacks, malicious
code).
Knowledge of key concepts in security management (e.g., Release
KSA
Management, Patch Management).

115

KSA Knowledge of content development.

138

KSA

148

KSA Knowledge of Virtual Private Network (VPN) security.

150

KSA

165

Skill in conducting open source research for troubleshooting novel clientKSA level problems (e.g., online development communities, system security
blogging sites).

175

KSA Skill in developing and deploying signatures.

181

KSA

212

KSA Skill in network mapping and recreating network topologies.

214

KSA

229

KSA Skill in using incident handling methodologies.

233

KSA Skill in using protocol analyzers.

234

KSA Skill in using sub-netting tools.

270

Knowledge of common adversary tactics, techniques, and procedures


KSA (TTPs) in assigned area of responsibility (e.g., historical country-specific
TTPs, emerging capabilities).

271

KSA

Knowledge of the Enterprise Network Defense (END) provider reporting


structure and processes within ones own organization.

Knowledge of what constitutes a network attack and the relationship to


both threats and vulnerabilities.

Technology Awareness
Infrastructure Design
Vulnerabilities Assessment

Vulnerabilities Assessment

Information Assurance
Computer Network Defense
Information
Systems/Network Security
Encryption
Information
Systems/Network Security
Knowledge Management
Information
Systems/Network Security

Skill in detecting host and network based intrusions via intrusion detection
Computer Network Defense
technologies (e.g., Snort).

Skill in performing packet-level analysis using appropriate tools (e.g.,


Wireshark, tcpdump).

Knowledge of common network tools (e.g., ping, traceroute, nslookup) and


interpret the information results.

Infrastructure Design
Vulnerabilities Assessment
Incident Management
Vulnerabilities Assessment
Infrastructure Design
Computer Network Defense
Infrastructure Design

Item
KSA
ID

Statement
Knowledge of defense-in-depth principles and network security
architecture.

Competency

277

KSA

278

Knowledge of different types of network communication (e.g., Local Area


Network [LAN], Wide Area Network [WAN], Metropolitan Area Network
KSA
[MAN], Wireless Local Area Network [WLAN], Wireless Wide Area Network
[WWAN]).

286

KSA Knowledge of file extensions (e.g., .dll, .bat, .zip, .pcap, .gzip).

342

KSA Knowledge of Unix command line (e.g., mkdir, mv, ls, passwd, grep).

347

KSA Knowledge of Windows command line (e.g., ipconfig, netstat, dir, nbtstat).

353

KSA Skill in collecting data from a variety of cyber defense resources.

895

KSA

Skill in recognizing and categorizing types of vulnerabilities and associated


attacks.

912

KSA

Knowledge of collection management processes, capabilities, and


limitations.

Configuration Management

915

KSA

Knowledge of front-end collection systems, including network traffic


collection, filtering, and selection.

Information
Systems/Network Security

922

KSA Skill in using network analysis tools to identify vulnerabilities.

965

KSA

984

KSA Knowledge of cyber defense policies, procedures, and regulations.

Computer Network Defense

985

Skill in configuring and utilizing network protection components (e.g.,


KSA firewalls, Virtual Private Networks[VPNs], network Intrusion Detection
Systems [IDSs]).

Configuration Management

990

KSA Knowledge of common attack vectors on the network layer.

Computer Network Defense

991

KSA

992

Knowledge of different operational threat environments (e.g., first


KSA generation [script kiddies], second generation [non-nation state
sponsored], and third generation [nation state sponsored]).

Knowledge of organization's risk tolerance and/or risk management


approach.

Knowledge of different classes of attacks (e.g., passive, active, insider,


close-in, distribution).

1007 KSA Skills in data reduction.


1008 KSA

Knowledge of how to troubleshoot basic systems and identify operating


systems-related issues.

1021 KSA Knowledge of threat assessment.


1033 KSA

Computer Network Defense

Telecommunications

Operating Systems
Computer Languages
Operating Systems
Computer Network Defense
Information Assurance

Vulnerabilities Assessment
Risk Management

Computer Network Defense

Computer Network Defense

Data Management
Operating Systems
Risk Management

Knowledge of basic system administration, network, and operating system


Information
hardening techniques.
Systems/Network Security

Item
KSA
ID

Statement

Competency

Knowledge of applicable laws (e.g., Electronic Communications Privacy Act,


Foreign Intelligence Surveillance Act, Protect America Act, search and
seizure laws, civil liberties and privacy laws), U.S. Statutes (e.g., Titles 10,
1036 KSA
Criminal Law
18, 32, 50 in U.S. Code), Presidential Directives, executive branch
guidelines, and/or administrative/criminal legal guidelines and procedures
relevant to work performed.
Knowledge of general attack stages (e.g., foot printing and scanning,
1069 KSA enumeration, gaining access, escalation or privileges, maintaining access, Computer Network Defense
network exploitation, covering tracks).
Knowledge of network security architecture concepts, including topology,
Information
1072 KSA protocols, components, and principles (e.g., application of defense-inSystems/Network Security
depth).
1114 KSA Knowledge of encryption methodologies.

Cryptography

1115 KSA Skill in reading Hexadecimal data.

Computer Languages

Skill in identifying common encoding techniques (e.g., Exclusive


Disjunction [XOR], American Standard Code for Information Interchange
1116 KSA
[ASCII], Unicode, Base64, Uuencode, Uniform Resource Locator [URL]
encode).

Computer Languages

1117 KSA Skill in utilizing virtual networks for testing.

Operating Systems

1118 KSA Skill in reading and interpreting signatures (e.g., Snort).

Information
Systems/Network Security

1119 KSA Knowledge of signature implementation impact.

Information
Systems/Network Security

1120 KSA Ability to interpret and incorporate data from multiple tool sources.

Data Management

1121 KSA Knowledge of Windows and Unix ports and services.

Operating Systems

1133 KSA

Knowledge of service management concepts for networks and related


standards (e.g., Information Technology Infrastructure Library, v3 [ITIL]).

Network Management

Incident Response - Responds to disruptions within the pertinent domain to mitigate


immediate and potential threats. Uses mitigation, preparedness, and response and
recovery approaches to maximize survival of life, preservation of property, and
information security. Investigates and analyzes relevant response activities and
evaluates the effectiveness of and improvements to existing practices.

Item Tas
ID
k

Statement

470

Task

Coordinate and provide expert technical support to enterprise-wide Enterprise Network


Defense (END) technicians to resolve cyber defense incidents.

478

Task

Correlate incident data to identify specific vulnerabilities and make recommendations


that enable expeditious remediation.

716

738

Monitor external data sources (e.g., Enterprise Network Defense (END) vendor sites,
Computer Emergency Response Teams, SANS, Security Focus) to maintain currency of
Task
END threat condition and determine which security issues may have an impact on the
enterprise.
Perform analysis of log files from a variety of sources (e.g., individual host logs, network
Task traffic logs, firewall logs, and intrusion detection system [IDS] logs) to identify possible
threats to network security.

741

Task Perform command and control functions in response to incidents.

743

Perform Enterprise Network Defense (END) incident triage, to include determining scope,
Task urgency, and potential impact; identifying the specific vulnerability; and making
recommendations that enable expeditious remediation.

755

Task

762

Perform real-time Enterprise Network Defense (END) incident handling (e.g., forensic
Task collections, intrusion correlation and tracking, threat analysis, and direct system
remediation) tasks to support deployable Incident Response Teams (IRTs).

823

Task

Receive and analyze network alerts from various sources within the enterprise and
determines possible causes of such alerts.

861

Task

Track and document Enterprise Network Defense (END) incidents from initial detection
through final resolution.

882

Task

Write and publish cyber defense techniques, guidance, and reports on incident findings
to appropriate constituencies.

Perform initial, forensically sound collection of images and inspect to discern possible
mitigation/remediation on enterprise systems.

Go Back to All Specialty Areas

Item Tas
ID
k
961

Task

Statement
Employ approved defense-in-depth principles and practices (e.g., defense-in-multiple
places, layered defenses, security robustness).

Collect intrusion artifacts (e.g., source code, malware, trojans) and use discovered data
1030 Task to enable mitigation of potential Enterprise Network Defense (END) incidents within the
enterprise.
1031 Task

Serve as technical expert and liaison to law enforcement personnel and explain incident
details as required.

Incident Response - Responds to disruptions within the pertinent domain


to mitigate immediate and potential threats. Uses mitigation,
preparedness, and response and recovery approaches to maximize
survival of life, preservation of property, and information security.
Investigates and analyzes relevant response activities and evaluates the
effectiveness of and improvements to existing practices.

Item
KSA
ID

Go Back to All Specialty Areas

General Knowledge Areas: Reflect basic types of knowledge for


cybersecurity professionals and reside within multiple Specialty Areas.
Designated with an asterisk (*).

Statement

Competency
Infrastructure Design

22

KSA

* Knowledge of computer networking concepts and protocols, and network


security methodologies.

108

KSA

* Knowledge of risk management processes (e.g., methods for assessing


and mitigating risk).

Risk Management

1157 KSA

* Knowledge of national and international laws, regulations, policies, and


ethics as they relate to cybersecurity.

Legal, Government, and


Jurisprudence

1158 KSA * Knowledge of cybersecurity principles.

Information
Systems/Network Security

1159 KSA * Knowledge of cyber threats and vulnerabilities.

Vulnerabilities Assessment

Specialty Area Knowledge, Skill, and Abilities (KSA).

Item
KSA
ID

Statement

Competency

29

KSA

Knowledge of data backup, types of backups (e.g., full, incremental), and


recovery concepts and tools.

50

KSA

Knowledge of how network services and protocols interact to provide


network communications.

Infrastructure Design

60

KSA

Knowledge of incident categories, incident responses, and timelines for


responses.

Incident Management

61

KSA Knowledge of incident response and handling methodologies.

66

Knowledge of intrusion detection methodologies and techniques for


KSA detecting host-and network-based intrusions via intrusion detection
technologies.

81

Knowledge of network protocols (e.g., Transmission Critical


KSA Protocol/Internet Protocol [TCP/IP], Dynamic Host Configuration Protocol
[DHCP]), and directory services (e.g., Domain Name System [DNS]).

87

KSA Knowledge of network traffic analysis methods.

Information
Systems/Network Security

93

KSA Knowledge of packet-level analysis.

Vulnerabilities Assessment

105

150

Knowledge of system and application security threats and vulnerabilities


(e.g., buffer overflow, mobile code, cross-site scripting, Procedural
KSA Language/Structured Query Language [PL/SQL] and injections, race
conditions, covert channel, replay, return-oriented attacks, malicious
code).
Knowledge of what constitutes a network attack and the relationship to
KSA
both threats and vulnerabilities.

Computer Forensics

Incident Management
Computer Network Defense

Infrastructure Design

Vulnerabilities Assessment
Information
Systems/Network Security

Item
KSA
ID

Statement

153

KSA Skill of identifying capturing, containing, and reporting malware.

217

KSA

893

KSA Skill in securing network communications.

895

KSA

896

KSA Skill in protecting a network against malware.

897

KSA Skill in performing damage assessments.

923

KSA Knowledge of security event correlation tools.

984

KSA Knowledge of cyber defense policies, procedures, and regulations.

991

KSA

992

Knowledge of different operational threat environments (e.g., first


KSA generation [script kiddies], second generation [non-nation state
sponsored], and third generation [nation state sponsored]).

Skill in preserving evidence integrity according to standard operating


procedures or national standards.

Skill in recognizing and categorizing types of vulnerabilities and associated


attacks.

Knowledge of different classes of attacks (e.g., passive, active, insider,


close-in, distribution).

1029 KSA Knowledge of malware analysis concepts and methodology.

Competency
Computer Network Defense
Computer Forensics
Information Assurance
Information Assurance
Computer Network Defense
Information Assurance
Information
Systems/Network Security
Computer Network Defense
Computer Network Defense
Computer Network Defense
Computer Network Defense

Knowledge of basic system administration, network, and operating system


Information
hardening techniques.
Systems/Network Security
Knowledge of general attack stages (e.g., foot printing and scanning,
1069 KSA enumeration, gaining access, escalation or privileges, maintaining access, Computer Network Defense
network exploitation, covering tracks).
Knowledge of network security architecture concepts, including topology,
Information
1072 KSA protocols, components, and principles (e.g., application of defense-inSystems/Network Security
depth).
Knowledge of an organization's information classification program and
1141 KSA
Information Management
procedures for level information loss.
1033 KSA

Enterprise Network Defense (END) Infrastructure Support - Tests, implements,


deploys, maintains, reviews, and administers the infrastructure hardware, software, and
documentation that are required to effectively manage network defense resources.
Monitors the network to actively remediate unauthorized activities.

Item Tas
ID
k

Statement

393

Administer Enterprise Network Defense (END) test bed(s), and test and evaluate new
Task cyber defense applications, rules/signatures, access controls, and configurations of
platforms managed by service provider(s).

471

Coordinate with Enterprise Network Defense (END) Analysts to manage and administer
Task the updating of rules and signatures (e.g., intrusion detection/protection systems, antivirus, and content blacklists) for specialized cyber defense applications.

481
643

Create, edit, and manage changes to network access control lists on specialized
Task Enterprise Network Defense (END) systems (e.g., firewalls and intrusion prevention
systems).
Identify potential conflicts with implementation of any cyber defense tools within the
Task Enterprise Network Defense (END) provider area of responsibility (e.g., tool and signature
testing and optimization).

654

Implement Risk Management Framework (RMF)/Security Assessment and Authorization


Task (SA&A) requirements for specialized Enterprise Network Defense (END) systems within
the enterprise, and document and maintain records for them.

769

Perform system administration on specialized Enterprise Network Defense (END)


applications and systems (e.g., anti-virus, audit and remediation) or Virtual Private
Task
Network (VPN) devices, to include installation, configuration, maintenance, backup and
restoration.

960

Task

Assist in identifying, prioritizing, and coordinating the protection of critical Enterprise


Network Defense (END) infrastructure and key resources.

Go Back to All Specialty Areas

Enterprise Network Defense (END) Infrastructure Support - Tests,


implements, deploys, maintains, reviews, and administers the
infrastructure hardware, software, and documentation that are required to
effectively manage network defense resources. Monitors the network to
actively remediate unauthorized activities.

Item
KSA
ID

Go Back to All Specialty Areas

General Knowledge Areas: Reflect basic types of knowledge for


cybersecurity professionals and reside within multiple Specialty Areas.
Designated with an asterisk (*).

Statement

Competency
Infrastructure Design

22

KSA

* Knowledge of computer networking concepts and protocols, and network


security methodologies.

108

KSA

* Knowledge of risk management processes (e.g., methods for assessing


and mitigating risk).

Risk Management

1157 KSA

* Knowledge of national and international laws, regulations, policies, and


ethics as they relate to cybersecurity.

Legal, Government, and


Jurisprudence

1158 KSA * Knowledge of cybersecurity principles.

Information
Systems/Network Security

1159 KSA * Knowledge of cyber threats and vulnerabilities.

Vulnerabilities Assessment

Specialty Area Knowledge, Skill, and Abilities (KSA).

Item
KSA
ID

Statement

Competency

29

KSA

Knowledge of data backup, types of backups (e.g., full, incremental), and


recovery concepts and tools.

Computer Forensics

49

KSA

Knowledge of host and network access control mechanisms (e.g., access


control list).

Information
Systems/Network Security

59

KSA Knowledge of Intrusion Detection System (IDS) tools and applications.

61

KSA Knowledge of incident response and handling methodologies.

Incident Management

63

Knowledge of information assurance (IA) principles and organizational


KSA requirements to protect confidentiality, integrity, availability, authenticity,
and non-repudiation of information and data.

Information Assurance

81

Knowledge of network protocols (e.g., Transmission Critical


KSA Protocol/Internet Protocol [TCP/IP], Dynamic Host Configuration Protocol
[DHCP]), and directory services (e.g., Domain Name System [DNS]).

87

KSA Knowledge of network traffic analysis methods.

92

Knowledge of how traffic flows across the network (e.g., Transmission


KSA Control Protocol and Internet Protocol [TCP/IP], Open System
Interconnection model [OSI]).

93

KSA Knowledge of packet-level analysis.

Vulnerabilities Assessment

Knowledge of system and application security threats and vulnerabilities


(e.g., buffer overflow, mobile code, cross-site scripting, Procedural
KSA Language/Structured Query Language [PL/SQL] and injections, race
conditions, covert channel, replay, return-oriented attacks, malicious
code).

Vulnerabilities Assessment

105

Computer Network Defense

Infrastructure Design
Information
Systems/Network Security
Infrastructure Design

Item
KSA
ID

Statement
Knowledge of the types of Intrusion Detection System (IDS) hardware and
software.

146

KSA

148

KSA Knowledge of Virtual Private Network (VPN) security.

150

KSA

157

KSA Skill in applying host/network access controls (e.g., access control list).

227

KSA Skill in tuning sensors.

229

KSA Skill in using incident handling methodologies.

237

KSA Skill in using Virtual Private Network (VPN) devices and encryption.

893

KSA Skill in securing network communications.

896

KSA Skill in protecting a network against malware.

900

KSA Knowledge of web filtering technologies.

984

KSA Knowledge of cyber defense policies, procedures, and regulations.

989

KSA Knowledge of Voice over Internet Protocol (VoIP).

Knowledge of what constitutes a network attack and the relationship to


both threats and vulnerabilities.

1011 KSA Knowledge of processes for reporting network security related incidents.
1012 KSA

Knowledge of Capabilities and Maturity Model Integration (CMMI) at all five


levels.

Competency
Computer Network Defense
Encryption
Information
Systems/Network Security
Network Management
Computer Network Defense
Incident Management
Encryption
Information Assurance
Computer Network Defense
Web Technology
Computer Network Defense
Telecommunications
Security
Internal Controls

Knowledge of network security architecture concepts, including topology,


Information
1072 KSA protocols, components, and principles (e.g., application of defense-inSystems/Network Security
depth).
Knowledge of transmission records (e.g., Bluetooth, Radio Frequency
Identification [RFID], Infrared Networking [IR], Wireless Fidelity [Wi-Fi].
1074 KSA paging, cellular, satellite dishes), and jamming techniques that enable
Web Technology
transmission of undesirable information, or prevent installed systems from
operating correctly.
1131 KSA

Knowledge of security architecture concepts and enterprise architecture


reference models (e.g., Zackman, Federal Enterprise Architecture [FEA]).

Enterprise Architecture

Vulnerability Assessment and Management - Conducts threat and vulnerability


assessments and determines deviations from acceptable configurations or policies.
Assesses the level of risk and develops and/or recommends appropriate mitigation
countermeasures in operational and non-operational situations.

Item Tas
ID
k

Statement
Analyze organization's Enterprise Network Defense (END) policies and configurations and
evaluate compliance with regulations and organizational directives.

411

Task

448

Task Conduct and/or support authorized penetration testing on enterprise network assets.

685

Task

Maintain deployable cyber defense audit toolkit (e.g., specialized cyber defense software
and hardware) to support Enterprise Network Defense (END) audit missions.

692

Task

Maintain knowledge of applicable Enterprise Network Defense (END) policies, regulations,


and compliance documents specifically related to cyber defense auditing.

784

Task

Prepare audit reports that identify technical and procedural findings, and provide
recommended remediation strategies/solutions.

939

Task

Conduct required reviews as appropriate within environment (e.g., Technical Surveillance,


Countermeasure Reviews [TSCM], TEMPEST countermeasure reviews).

940

Perform technical (evaluation of technology) and non-technical (evaluation of people and


operations) risk and vulnerability assessments of relevant technology focus areas (e.g.,
Task
local computing environment, network and infrastructure, enclave boundary, and
supporting infrastructure).

941

Task

Assist with the selection of cost-effective security controls to mitigate risk (e.g.,
protection of information, systems and processes).

Go Back to All Specialty Areas

Vulnerability Assessment and Management - Conducts threat and


vulnerability assessments and determines deviations from acceptable
configurations or policies. Assesses the level of risk and develops and/or
recommends appropriate mitigation countermeasures in operational and
non-operational situations.

Item
KSA
ID

Go Back to All Specialty Areas

General Knowledge Areas: Reflect basic types of knowledge for


cybersecurity professionals and reside within multiple Specialty Areas.
Designated with an asterisk (*).

Statement

Competency
Infrastructure Design

22

KSA

* Knowledge of computer networking concepts and protocols, and network


security methodologies.

108

KSA

* Knowledge of risk management processes (e.g., methods for assessing


and mitigating risk).

Risk Management

1157 KSA

* Knowledge of national and international laws, regulations, policies, and


ethics as they relate to cybersecurity.

Legal, Government, and


Jurisprudence

1158 KSA * Knowledge of cybersecurity principles.

Information
Systems/Network Security

1159 KSA * Knowledge of cyber threats and vulnerabilities.

Vulnerabilities Assessment

Specialty Area Knowledge, Skill, and Abilities (KSA).

Item
KSA
ID

Statement

Competency

KSA

Skill in conducting vulnerability scans and recognizing vulnerabilities in


security systems.

Vulnerabilities Assessment

KSA

Ability to identify systemic security issues based on the analysis of


vulnerability and configuration data.

Vulnerabilities Assessment

10

KSA Knowledge of application vulnerabilities.

27

KSA Knowledge of cryptography and cryptographic key management concepts.

29

KSA

63

Knowledge of information assurance (IA) principles and organizational


KSA requirements to protect confidentiality, integrity, availability, authenticity,
and non-repudiation of information and data.

79

KSA

81

Knowledge of network protocols (e.g., Transmission Critical


KSA Protocol/Internet Protocol [TCP/IP], Dynamic Host Configuration Protocol
[DHCP]), and directory services (e.g., Domain Name System [DNS]).

Infrastructure Design

92

Knowledge of how traffic flows across the network (e.g., Transmission


KSA Control Protocol and Internet Protocol [TCP/IP], Open System
Interconnection model [OSI]).

Infrastructure Design

95

KSA

102

Knowledge of data backup, types of backups (e.g., full, incremental), and


recovery concepts and tools.

Knowledge of network access, identity, and access management (e.g.,


public key infrastructure [PKI]).

Knowledge of penetration testing principles, tools, and techniques (e.g.,


metasploit, neosploit).

KSA Knowledge of programming language structures and logic.

Vulnerabilities Assessment
Cryptography
Computer Forensics
Information Assurance
Identity Management

Vulnerabilities Assessment
Computer Languages

Item
KSA
ID

Statement

Competency

105

Knowledge of system and application security threats and vulnerabilities


(e.g., buffer overflow, mobile code, cross-site scripting, Procedural
KSA Language/Structured Query Language [PL/SQL] and injections, race
conditions, covert channel, replay, return-oriented attacks, malicious
code).

Vulnerabilities Assessment

115

KSA Knowledge of content development.

Computer Network Defense

123

KSA Knowledge of system and application security threats and vulnerabilities.

Vulnerabilities Assessment

128

KSA Knowledge of system diagnostic tools and fault identification techniques.

Systems Testing and


Evaluation

150

KSA

157

KSA Skill in applying host/network access controls (e.g., access control list).

160

KSA Skill in assessing the robustness of security systems and designs.

181

KSA

210

KSA Skill in mimicking threat behaviors.

214

KSA

225

KSA Skill in the use of penetration testing tools and techniques.

226

KSA Skill in the use of social engineering techniques.

897

KSA Skill in performing damage assessments.

Information Assurance

904

KSA Knowledge of interpreted and compiled computer languages.

Computer Languages

922

KSA Skill in using network analysis tools to identify vulnerabilities.

Vulnerabilities Assessment

991

KSA

992

Knowledge of different operational threat environments (e.g., first


KSA generation [script kiddies], second generation [non-nation state
sponsored], and third generation [nation state sponsored]).

Computer Network Defense

Knowledge of local specialized system requirements (e.g., critical


1038 KSA infrastructure systems that may not use standard information technology
[IT]) for safety, performance, and reliability.

Infrastructure Design

Knowledge of what constitutes a network attack and the relationship to


both threats and vulnerabilities.

Network Management
Vulnerabilities Assessment

Skill in detecting host and network based intrusions via intrusion detection
Computer Network Defense
technologies (e.g., Snort).

Skill in performing packet-level analysis using appropriate tools (e.g.,


Wireshark, tcpdump).

Knowledge of different classes of attacks (e.g., passive, active, insider,


close-in, distribution).

1039 KSA Skill in evaluating the trustworthiness of the supplier and/or product.
1040 KSA

Information
Systems/Network Security

Knowledge of relevant laws, policies, procedures, or governance related to


work impacting critical infrastructure.

Computer Network Defense


Vulnerabilities Assessment
Vulnerabilities Assessment
Human Factors

Computer Network Defense

Contracting/Procurement
Criminal Law

Item
KSA
ID

Statement

Competency

Knowledge of general attack stages (e.g., foot printing and scanning,


1069 KSA enumeration, gaining access, escalation or privileges, maintaining access, Computer Network Defense
network exploitation, covering tracks).
Knowledge of network security architecture concepts, including topology,
Information
1072 KSA protocols, components, and principles (e.g., application of defense-inSystems/Network Security
depth).
1141 KSA

Knowledge of an organization's information classification program and


procedures for level information loss.

Information Management

1142 KSA

Knowledge of security models (e.g., Bell-LaPadula model, Biba integrity


model, Clark-Wilson integrity model).

Enterprise Architecture

Digital Forensics - Collects, processes, preserves, analyzes, and presents digital-related


evidence to support network vulnerability mitigation and/or civil, workplace,
counterintelligence, or law enforcement (e.g., criminal, fraud) investigations.

Item Tas
ID
k

Statement
Assist in the gathering and preservation of evidence used in the prosecution of computer
crimes.

429

Task

438

Collect and analyze intrusion artifacts (e.g., source code, malware, and trojans) and use
Task discovered data to enable mitigation of potential Enterprise Network Defense (END)
incidents within the enterprise.

447

Task

Conduct analysis of log files, evidence, and other information in order to determine best
methods for identifying the perpetrator(s) of a network intrusion.

463

Task

Confirm what is known about an intrusion and discover new information, if possible, after
identifying intrusion via dynamic analysis.

480

Create a forensically sound duplicate of the evidence (i.e., forensic image) that ensures
the original evidence is not unintentionally modified, to use for data recovery and
Task analysis processes. This includes, but is not limited to, hard drives, floppy diskettes,
compact discs (CDs), personal digital assistants (PDAs), mobile phones, global positioning
satellite devices (GPSs), and all tape formats.

482

Task Decrypt seized data using technical means.

541

Task

Provide technical summary of findings in accordance with established reporting


procedures.

564

Task

Document original condition of digital and/or associated evidence (e.g., via digital
photographs, written reports, etc.).

573

Task

Ensure chain of custody is followed for all digital media acquired in accordance with the
Federal Rules of Evidence.

613

Task Examine recovered data for information of relevance to the issue at hand.

620

Task

Employ IT systems and digital storage media to solve and prosecute cybercrimes and
fraud committed against people and property.

Go Back to All Specialty Areas

Item Tas
ID
k

Statement

622

Formulate a strategy to ensure chain of custody is maintained in such a way that the
Task evidence is not altered (e.g., phones/PDAs need a power source, hard drives need
protection from shock and strong magnetic fields).

636

Task

743

Perform Enterprise Network Defense (END) incident triage, to include determining scope,
Task urgency, and potential impact; identifying the specific vulnerability; and making
recommendations that enable expeditious remediation.

749

Task

752

Task Perform file signature analysis.

753

Task Perform hash comparison against established database.

758

Task Perform real-time forensic analysis (e.g., using Helix in conjunction with LiveView).

759

Task Perform timeline analysis.

768

Task Perform static media analysis.

771

Task Perform tier 1, 2, and 3 malware analysis.

786

Task

Prepare digital media for imaging by ensuring data integrity (e.g., write blockers in
accordance with standard operating procedures).

799

Task

Provide consultation to investigators and prosecuting attorneys regarding the findings of


computer examinations.

817

Task Provide technical assistance on digital evidence matters to appropriate personnel.

819

Task Provide testimony related to computer examinations.

Identify digital evidence for examination and analysis in such a way as to avoid
unintentional alteration.

Perform dynamic analysis to boot an image of a drive (without necessarily having the
original drive) to see the intrusion as the user may have seen it in a native environment.

Item Tas
ID
k

Statement

825

Task

Recognize and accurately report forensic artifacts indicative of a particular operating


system.

839

Task

Review forensic images and other data sources for recovery of potentially relevant
information.

846

Task

Serve as technical experts and liaisons to law enforcement personnel and explain
incident details, provide testimony, etc.

868

Task Extract data using data carving techniques (e.g., Forensic Tool Kit [FTK], Foremost).

870

Task

Capture and analyze network traffic associated with malicious activities using network
monitoring tools.

871

Task

Use specialized equipment and techniques to catalog, document, extract, collect,


package, and preserve digital evidence.

872

Task

Resolve investigations through the use of specialized computer investigative techniques


and programs.

882

Task

Write and publish cyber defense techniques, guidance, and reports on incident findings
to appropriate constituencies.

944

Task Conduct cursory binary analysis.

1081 Task Perform virus scanning on digital media.


1082 Task Perform file system forensic analysis.
1083 Task

Perform static analysis to mount an "image" of a drive (without necessarily having the
original drive).

1084 Task Perform static malware analysis.


1085 Task Utilize deployable forensics toolkit to support operations as necessary.

Digital Forensics - Collects, processes, preserves, analyzes, and presents


digital-related evidence to support network vulnerability mitigation and/or
civil, workplace, counterintelligence, or law enforcement (e.g., criminal,
fraud) investigations.

Item
KSA
ID

Go Back to All Specialty Areas

General Knowledge Areas: Reflect basic types of knowledge for


cybersecurity professionals and reside within multiple Specialty Areas.
Designated with an asterisk (*).

Statement

Competency
Infrastructure Design

22

KSA

* Knowledge of computer networking concepts and protocols, and network


security methodologies.

108

KSA

* Knowledge of risk management processes (e.g., methods for assessing


and mitigating risk).

Risk Management

1157 KSA

* Knowledge of national and international laws, regulations, policies, and


ethics as they relate to cybersecurity.

Legal, Government, and


Jurisprudence

1158 KSA * Knowledge of cybersecurity principles.

Information
Systems/Network Security

1159 KSA * Knowledge of cyber threats and vulnerabilities.

Vulnerabilities Assessment

Specialty Area Knowledge, Skill, and Abilities (KSA).

Item
KSA
ID
24

25

29

Statement

KSA Knowledge of concepts and practices of processing digital forensic data.


Knowledge of encryption algorithms (e.g., Internet Protocol Security
[IPSEC], Advanced Encryption Standard [AES], Generic Routing
KSA Encapsulation [GRE], Internet Key Exchange [IKE], Message Digest
Algorithm [MD5], Secure Hash Algorithm [SHA], Triple Data Encryption
Standard [3DES]).
Knowledge of data backup, types of backups (e.g., full, incremental), and
KSA
recovery concepts and tools.

61

KSA Knowledge of incident response and handling methodologies.

90

KSA Knowledge of operating systems.

Competency
Data Management

Cryptography

Computer Forensics
Incident Management
Operating Systems

105

Knowledge of system and application security threats and vulnerabilities


(e.g., buffer overflow, mobile code, cross-site scripting, Procedural
KSA Language/Structured Query Language [PL/SQL] and injections, race
conditions, covert channel, replay, return-oriented attacks, malicious
code).

113

KSA Knowledge of server and client operating systems.

Operating Systems

114

KSA Knowledge of server diagnostic tools and fault identification techniques.

Computer Forensics

139

Knowledge of common networking protocols (e.g., Transmission Control


Protocol and Internet Protocol [TCP/IP]) and services (e.g., web, mail,
KSA
Domain Name System [DNS]) and how they interact to provide network
communications.

Infrastructure Design

193

KSA

Skill in developing, testing, and implementing network infrastructure


contingency and recovery plans.

Vulnerabilities Assessment

Information Assurance

Item
KSA
ID

Statement

Competency

214

KSA

Skill in performing packet-level analysis using appropriate tools (e.g.,


Wireshark, tcpdump).

Vulnerabilities Assessment

217

KSA

Skill in preserving evidence integrity according to standard operating


procedures or national standards.

Computer Forensics

264

Knowledge of basic physical computer components and architectures,


including the functions of various components and peripherals (e.g.,
KSA
central processing units [CPUs], network interface cards [NICs], data
storage).

287

KSA

Knowledge of file system implementations (e.g., New Technology File


System [NTFS], File Allocation Table [FAT], File Extension [EXT]).

290

KSA

Knowledge of processes for seizing and preserving digital evidence (e.g.,


chain of custody).

294

KSA

Knowledge of hacking methodologies in Windows or Unix/Linux


environment.

302

KSA

Knowledge of investigative implications of hardware, operating systems,


and network technologies.

310

KSA

Knowledge of legal governance related to admissibility (e.g., Federal Rules


of Evidence).

316

Knowledge of processes for collecting, packaging, transporting, and storing


KSA electronic evidence to avoid alteration, loss, physical damage, or
destruction of data.

340

KSA Knowledge of types and collection of persistent data.

345

KSA

Knowledge of webmail collection, searching/analyzing techniques, tools,


and cookies.

346

KSA

Knowledge of which system files (e.g., log files, registry files, configuration
files) contain relevant information and where to find those system files.

350

KSA Skill in analyzing memory dumps to extract information.

360

KSA

364
369

Skill in identifying and extracting data of forensic interest in diverse media


(i.e., media forensics).

Skill in identifying, modifying, and manipulating applicable system


KSA components within Windows, Unix, or Linux (e.g., passwords, user
accounts, files).
Skill in collecting, processing, packaging, transporting, and storing
KSA electronic evidence to avoid alteration, loss, physical damage, or
destruction of data.

374

KSA Skill in setting up a forensic workstation.

381

KSA

386

KSA Skill in using virtual machines.

389

KSA Skill in physically disassembling personal computers (PCs).

888

KSA Knowledge of types of digital forensics data and how to recognize them.

Skill in using forensic tool suites (e.g., EnCase, Sleuthkit, Forensic Tool Kit
[FTK]).

Computers and Electronics

Operating Systems
Forensics
Surveillance
Computer Forensics
Criminal Law
Criminal Law
Computer Forensics
Web Technology
Computer Forensics
Reasoning
Computer Forensics
Operating Systems
Forensics
Forensics
Computer Forensics
Operating Systems
Computers and Electronics
Computer Forensics

Item
KSA
ID

Statement

Competency

889

KSA Knowledge of deployable forensics.

890

KSA

908

KSA Ability to decrypt digital data collections.

923

KSA Knowledge of security event correlation tools.

982

KSA Knowledge of electronic evidence law.

Criminal Law

983

KSA Knowledge of legal rules of evidence and court procedure.

Criminal Law

1033 KSA

Skill in conducting forensic analyses in multiple operating system


environments (e.g., mobile device systems).

Computer Forensics
Computer Forensics
Computer Forensics
Information
Systems/Network Security

Knowledge of basic system administration, network, and operating system


Information
hardening techniques.
Systems/Network Security

Knowledge of applicable laws (e.g., Electronic Communications Privacy Act,


Foreign Intelligence Surveillance Act, Protect America Act, search and
seizure laws, civil liberties and privacy laws), U.S. Statutes (e.g., Titles 10,
1036 KSA
Criminal Law
18, 32, 50 in U.S. Code), Presidential Directives, executive branch
guidelines, and/or administrative/criminal legal guidelines and procedures
relevant to work performed.
Knowledge of network security architecture concepts, including topology,
Information
1072 KSA protocols, components, and principles (e.g., application of defense-inSystems/Network Security
depth).
1086 KSA Knowledge of data carving tools and techniques (e.g., Foremost).

Computer Forensics

1087 KSA Skill in deep analysis of captured malicious code (e.g., malware forensics). Computer Network Defense
1088 KSA

Skill in using binary analysis tools (e.g., Hexedit, command code xxd,
hexdump).

1089 KSA Knowledge of reverse engineering concepts.


1091 KSA

Skill in one way hash functions (e.g., Secure Hash Algorithm [SHA],
Message Direct Algorithm [MD5]).

1092 KSA Knowledge of anti-forensics tactics, techniques, and procedures (TTPs).


1093 KSA

Knowledge of common forensic tool configuration and support applications


(e.g., VMware, Wireshark).

1094 KSA Knowledge of debugging procedures and tools.

Computer Languages
Vulnerabilities Assessment
Data Management
Computer Forensics
Computer Forensics
Software Development

1095 KSA Knowledge of how different file types can be used for anomalous behavior. Vulnerabilities Assessment
1096 KSA Knowledge of malware analysis tools (e.g., Oily Debug, Ida Pro).
1097 KSA

Knowledge of virtual machine aware malware, debugger aware malware,


and packing.

Computer Network Defense


Computer Network Defense

Item
KSA
ID

Statement

1098 KSA Skill in analyzing anomalous code as malicious or benign.


1099 KSA Skill in analyzing volatile data.
1100 KSA Skill in identifying obfuscation techniques.
1101 KSA

Skill in interpreting results of debugger to ascertain tactics, techniques,


and procedures (TTP).

Competency
Computer Network Defense
Computer Forensics
Computer Network Defense
Computer Network Defense

Cyber Investigation Applies tactics, techniques, and procedures to a full range of


tools and processes related to administrative, criminal, and counter intelligence
gathering (e.g., in-depth case analyses, continuous monitoring, malware analysis, clear
documentation).

Item Tas
ID
k

Statement

402

Task Analyze computer-generated threats.

429

Task

Assist in the gathering and preservation of evidence used in the prosecution of computer
crimes.

447

Task

Conduct analysis of log files, evidence, and other information in order to determine best
methods for identifying the perpetrator(s) of a network intrusion.

454

Task

Conduct interviews of victims and witnesses and conduct interviews or interrogations of


suspects.

507

Task

Determine and develop leads and identify sources of information in order to identify and
prosecute the responsible parties to an intrusion.

512

Task

Develop a plan to investigate alleged crime, violation, or suspicious activity utilizing


computers and the internet.

564

Task

Document original condition of digital and/or associated evidence (e.g., via digital
photographs, written reports, etc.).

597

Establish relationships, if applicable, between the incident response team and other
Task groups, both internal (e.g., legal department) and external (e.g., law enforcement
agencies, vendors, and public relations professionals).

613

Task Examine recovered data for information of relevance to the issue at hand.

620

Task

Employ information technology (IT) systems and digital storage media to solve and
prosecute cybercrimes and fraud committed against people and property.

623

Task

Fuse computer network attack analyses with criminal and counterintelligence


investigations and operations.

633

Task

Identify and/or determine whether a security incident is indicative of a violation of law


that requires specific legal action.

Go Back to All Specialty Areas

Item Tas
ID
k

Statement

635

Task

Identify data or intelligence of evidentiary value to support counterintelligence and


criminal investigations.

636

Task

Identify digital evidence for examination and analysis in such a way as to avoid
unintentional alteration.

637

Task Identify elements of proof of the crime.

642

Task

Identify outside attackers accessing the system from Internet or insider attackers (e.g.,
authorized users attempting to gain and misuse non-authorized privileges).

649

Task

Identify, collect, and seize documentary or physical evidence, to include digital media
and logs associated with cyber intrusion incidents, investigations, and operations.

663

Task

Conduct large-scale investigations of criminal activities involving complicated computer


programs and networks.

788

Task Prepare reports to document analysis.

792

Task Process crime scenes.

843

Task Secure the electronic device or information source.

871

Task

Use specialized equipment and techniques to catalog, document, extract, collect,


package, and preserve digital evidence.

Cyber Investigation Applies tactics, techniques, and procedures to a


full range of tools and processes related to administrative, criminal, and
counter intelligence gathering (e.g., in-depth case analyses, continuous
monitoring, malware analysis, clear documentation).

Item
KSA
ID

Go Back to All Specialty Areas

General Knowledge Areas: Reflect basic types of knowledge for


cybersecurity professionals and reside within multiple Specialty Areas.
Designated with an asterisk (*).

Statement

Competency
Infrastructure Design

22

KSA

* Knowledge of computer networking concepts and protocols, and network


security methodologies.

108

KSA

* Knowledge of risk management processes (e.g., methods for assessing


and mitigating risk).

Risk Management

1157 KSA

* Knowledge of national and international laws, regulations, policies, and


ethics as they relate to cybersecurity.

Legal, Government, and


Jurisprudence

1158 KSA * Knowledge of cybersecurity principles.

Information
Systems/Network Security

1159 KSA * Knowledge of cyber threats and vulnerabilities.

Vulnerabilities Assessment

Specialty Area Knowledge, Skill, and Abilities (KSA).

Item
KSA
ID
105

217

Statement

Knowledge of system and application security threats and vulnerabilities


(e.g., buffer overflow, mobile code, cross-site scripting, Procedural
KSA Language/Structured Query Language [PL/SQL] and injections, race
conditions, covert channel, replay, return-oriented attacks, malicious
code).
Skill in preserving evidence integrity according to standard operating
KSA
procedures or national standards.

Competency

Vulnerabilities Assessment

Computer Forensics

281

Knowledge of electronic devices (e.g., computer systems/components,


access control devices, digital cameras, electronic organizers, hard drives,
KSA memory cards, modems, network components, printers, removable
storage devices, scanners, telephones, copiers, credit card skimmers,
facsimile machines, global positioning systems [GPSs]).

290

KSA

Knowledge of processes for seizing and preserving digital evidence (e.g.,


chain of custody).

310

KSA

Knowledge of legal governance related to admissibility (e.g., Federal Rules


of Evidence).

316

Knowledge of processes for collecting, packaging, transporting, and storing


KSA electronic evidence to avoid alteration, loss, physical damage, or
destruction of data.

340

KSA Knowledge of types and collection of persistent data.

369

Skill in collecting, processing, packaging, transporting, and storing


KSA electronic evidence to avoid alteration, loss, physical damage, or
destruction of data.

Forensics

383

KSA Skill in using scientific rules and methods to solve problems.

Reasoning

917

KSA Knowledge of social dynamics of computer attackers in a global context.

Hardware

Forensics
Criminal Law
Criminal Law
Computer Forensics

External Awareness

Item
KSA
ID

Statement

Knowledge of applicable laws (e.g., Electronic Communications Privacy Act,


Foreign Intelligence Surveillance Act, Protect America Act, search and
seizure laws, civil liberties and privacy laws), U.S. Statutes (e.g., Titles 10,
1036 KSA
18, 32, 50 in U.S. Code), Presidential Directives, executive branch
guidelines, and/or administrative/criminal legal guidelines and procedures
relevant to work performed.
1039 KSA Skill in evaluating the trustworthiness of the supplier and/or product.

Competency

Criminal Law

Contracting/Procurement

Legal Advice and Advocacy - Provides legal advice and recommendations to


leadership and staff on relevant topics within the pertinent subject domain. Advocates
legal and policy changes, and makes a case on behalf of the client via written and oral
work products, including legal briefs and proceedings.

Item Tas
ID
k

Statement
Acquire and maintain a working knowledge of relevant laws, regulations, policies,
standards, or procedures.

390

Task

398

Task Advocate organization's official position in legal and legislative proceedings.

451

Task

539

Task Develop policy, programs, and guidelines for implementation.

574

Task

599

Task Evaluate contracts to ensure compliance with funding, legal, and program requirements.

607

Task Evaluate the effectiveness of laws, regulations, policies, standards, or procedures.

612

Task

Evaluate the impact (e.g., costs or benefits) of changes to laws, regulations, policies,
standards, or procedures.

618

Task

Explain or provide guidance on laws, regulations, policies, standards, or procedures to


management, personnel, or clients.

655

Task

Implement new or revised laws, regulations, executive orders, policies, standards, or


procedures.

675

Task Interpret and apply laws, regulations, policies, standards, or procedures to specific issues.

787

Task

Conduct framing of allegations to determine proper identification of law, regulatory or


policy/guidance of violation.

Evaluate, monitor, and ensure compliance with information communication technology


(ICT) security policies and relevant legal and regulatory requirements.

Prepare legal documents (e.g., depositions, briefs, affidavits, declarations, appeals,


pleadings, discovery).

Go Back to All Specialty Areas

Item Tas
ID
k
834

Statement

Task Resolve conflicts in laws, regulations, policies, standards, or procedures.

Legal Advice and Advocacy - Provides legal advice and


recommendations to leadership and staff on relevant topics within the
pertinent subject domain. Advocates legal and policy changes, and makes
a case on behalf of the client via written and oral work products, including
legal briefs and proceedings.

Item
KSA
ID

Go Back to All Specialty Areas

General Knowledge Areas: Reflect basic types of knowledge for


cybersecurity professionals and reside within multiple Specialty Areas.
Designated with an asterisk (*).

Statement

Competency
Infrastructure Design

22

KSA

* Knowledge of computer networking concepts and protocols, and network


security methodologies.

108

KSA

* Knowledge of risk management processes (e.g., methods for assessing


and mitigating risk).

Risk Management

1157 KSA

* Knowledge of national and international laws, regulations, policies, and


ethics as they relate to cybersecurity.

Legal, Government, and


Jurisprudence

1158 KSA * Knowledge of cybersecurity principles.

Information
Systems/Network Security

1159 KSA * Knowledge of cyber threats and vulnerabilities.

Vulnerabilities Assessment

Specialty Area Knowledge, Skill, and Abilities (KSA).

Item
KSA
ID

Statement

27

KSA Knowledge of cryptography and cryptographic key management concepts.

88

KSA

105

282

Knowledge of new and emerging Information Technology (IT) and cyber


security technologies.
Knowledge of system and application security threats and vulnerabilities
(e.g., buffer overflow, mobile code, cross-site scripting, Procedural
KSA Language/Structured Query Language [PL/SQL] and injections, race
conditions, covert channel, replay, return-oriented attacks, malicious
code).
Knowledge of emerging computer-based technology that has potential for
KSA
exploitation by adversaries.
Knowledge of key industry indicators that are useful for identifying
technology trends.

Competency
Cryptography
Technology Awareness

Vulnerabilities Assessment

Technology Awareness

297

KSA

300

Knowledge of intelligence reporting principles, policies, procedures, and


KSA vehicles, including report formats, reportable criteria (requirements and
priorities), dissemination practices, and legal authorities and restrictions.

338

KSA

339

Knowledge of the structure and intent of business or military operation


KSA plans, concept operation plans, orders, policies, and standing rules of
engagement.

377

KSA

Skill in tracking and analyzing technical and legal trends that will impact
cyber activities.

Legal, Government, and


Jurisprudence

954

KSA

Knowledge of import/export control regulations and responsible agencies


for the purposes of reducing supply chain risk.

Contracting/Procurement

981

KSA

Knowledge of International Traffic in Arms Regulation (ITARs) and relevance


to cybersecurity.

Knowledge of the principal methods, procedures, and techniques of


gathering information and producing, reporting, and sharing intelligence.

Technology Awareness

Organizational Awareness

Reasoning
Organizational Awareness

Criminal Law

Item
KSA
ID

Statement

Knowledge of applicable laws (e.g., Electronic Communications Privacy Act,


Foreign Intelligence Surveillance Act, Protect America Act, search and
seizure laws, civil liberties and privacy laws), U.S. Statutes (e.g., Titles 10,
1036 KSA
18, 32, 50 in U.S. Code), Presidential Directives, executive branch
guidelines, and/or administrative/criminal legal guidelines and procedures
relevant to work performed.
1070 KSA

Ability to determine impact of technology trend data on laws, regulations,


and/or policies.

Competency

Criminal Law

Legal, Government, and


Jurisprudence

Strategic Planning and Policy Development - Applies technical and organizational


knowledge to define an entitys strategic direction, determine resource allocations,
establish priorities, and identify programs or infrastructure required to achieve desired
goals. Develops policy or advocates for policy change that will support new initiatives or
required changes and enhancements.

Item Tas
ID
k

Statement

410

Task Analyze organizational information security policy.

424

Task

485

Task Define current and future business environments.

492

Task

524

Task Develop and maintain strategic plans.

539

Task Develop policy, programs, and guidelines for implementation.

565

Task Draft and publish security policy.

594

Task Establish and maintain communication channels with stakeholders.

629

Task

641

Task Identify organizational policy stakeholders.

720

Task

724

Task Obtain consensus on proposed policy change from stakeholders.

Assess policy needs and collaborate with stakeholders to develop policies to govern
information technology (IT) activities.

Design a cybersecurity strategy that outlines the vision, mission, and goals that align
with the organizations strategic plan.

Identify and address information technology (IT) workforce planning and management
issues, such as recruitment, retention, and training.

Monitor the rigorous application of information security/information assurance (IA)


policies, principles, and practices in the delivery of planning and management services.

Go Back to All Specialty Areas

Item Tas
ID
k

Statement

812

Task Provide policy guidance to information technology (IT) management, staff, and users.

838

Task Review existing and proposed policies with stakeholders.

840

Task Review or conduct audits of information technology (IT) programs and projects.

847

Task Serve on agency and interagency policy boards.

854

Task

884

Task Write information assurance (IA) policy and instructions.

919

Task

Promote awareness of security issues among management and ensure sound security
principles are reflected in the organization's vision and goals.

946

Task

Ensure established cybersecurity strategy is intrinsically linked to organizational mission


objectives.

955

Task Draft and publish a supply chain security and risk management policy.

Support the Chief Information Officer (CIO) in the formulation of information technology
(IT)-related policies.

1023 Task Identify and track the status of protected information assets.
1024 Task Apply knowledge of assessment data of identified threats to decision-making processes.
1025 Task Triage protected assets.
1026 Task Oversee development and implementation of high-level control architectures.
1027 Task Translate applicable laws, statutes, and regulatory documents and integrate into policy.

Item Tas
ID
k
1041 Task

Statement
Define and/or implement policies and procedures to ensure protection of critical
infrastructure as appropriate.

Item
KSA
ID

Strategic Planning and Policy Development - Applies technical and


organizational knowledge to define an entitys strategic direction,
determine resource allocations, establish priorities, and identify programs
or infrastructure required to achieve desired goals. Develops policy or
advocates for policy change that will support new initiatives or required
changes and enhancements.
General Knowledge Areas: Reflect basic types of knowledge for
cybersecurity professionals and reside within multiple Specialty Areas.
Designated with an asterisk (*).

Go Back to All Specialty Areas

Statement

Competency
Infrastructure Design

22

KSA

* Knowledge of computer networking concepts and protocols, and network


security methodologies.

108

KSA

* Knowledge of risk management processes (e.g., methods for assessing


and mitigating risk).

Risk Management

1157 KSA

* Knowledge of national and international laws, regulations, policies, and


ethics as they relate to cybersecurity.

Legal, Government, and


Jurisprudence

1158 KSA * Knowledge of cybersecurity principles.

Information
Systems/Network Security

1159 KSA * Knowledge of cyber threats and vulnerabilities.

Vulnerabilities Assessment

Specialty Area Knowledge, Skill, and Abilities (KSA).

Item
KSA
ID

Statement

Competency

19

KSA

Knowledge of cyber defense mitigation techniques and vulnerability


assessment tools, including open source tools, and their capabilities.

Computer Network Defense

63

Knowledge of information assurance (IA) principles and organizational


KSA requirements to protect confidentiality, integrity, availability, authenticity,
and non-repudiation of information and data.

Information Assurance

88

KSA

Knowledge of new and emerging Information Technology (IT) and cyber


security technologies.

Technology Awareness

105

Knowledge of system and application security threats and vulnerabilities


(e.g., buffer overflow, mobile code, cross-site scripting, Procedural
KSA Language/Structured Query Language [PL/SQL] and injections, race
conditions, covert channel, replay, return-oriented attacks, malicious
code).

244

KSA Ability to determine the validity of technology trend data.

282

KSA

Knowledge of emerging computer-based technology that has potential for


exploitation by adversaries.

Technology Awareness

297

KSA

Knowledge of key industry indicators that are useful for identifying


technology trends.

Technology Awareness

320

KSA

Knowledge of external organizations and academic institutions dealing


with cybersecurity issues.

External Awareness

336

KSA

Knowledge of the nature and function of the relevant information structure


(e.g., National Information Infrastructure [NII]).

Telecommunications

377

KSA

Skill in tracking and analyzing technical and legal trends that will impact
cyber activities.

942

KSA Knowledge of the organization's core business/mission processes.

Vulnerabilities Assessment

Technology Awareness

Legal, Government, and


Jurisprudence
Organizational Awareness

Item
KSA
ID
954

KSA

Statement
Knowledge of import/export control regulations and responsible agencies
for the purposes of reducing supply chain risk.

1021 KSA Knowledge of risk threat assessment.

Competency
Contracting/Procurement
Risk Management

1022 KSA Knowledge of the nature and function of the relevant information structure.

Enterprise Architecture

Knowledge of applicable laws (e.g., Electronic Communications Privacy Act,


Foreign Intelligence Surveillance Act, Protect America Act, search and
seizure laws, civil liberties and privacy laws), U.S. Statutes (e.g., Titles 10,
1036 KSA
18, 32, 50 in U.S. Code), Presidential Directives, executive branch
guidelines, and/or administrative/criminal legal guidelines and procedures
relevant to work performed.

Criminal Law

1037 KSA

Knowledge of information technology (IT) supply chain security and risk


management policies, requirements, and procedures.

Knowledge of local specialized system requirements (e.g., critical


1038 KSA infrastructure systems that may not use standard information technology
[IT]) for safety, performance, and reliability.
1040 KSA

Knowledge of relevant laws, policies, procedures, or governance related to


work impacting critical infrastructure.

1141 KSA

Knowledge of an organization's information classification program and


procedures for level information loss.

Risk Management

Infrastructure Design

Criminal Law
Information Management

Training, Education, and Awareness (TEA) - Develops, plans, coordinates, delivers,


and/or evaluates instructional cybersecurity content using various formats, techniques,
and venues.

Item Tas
ID
k

Statement

453

Task Conduct interactive training exercises to create an effective learning environment.

479

Task Correlate business or mission requirements to training.

490

Task Deliver training courses tailored to the audience and physical environment.

491

Task

504

Task Design training curriculum and course content.

510

Task Determine training requirements (e.g., subject matter, format, location).

538

Task

551

Task Develop the goals and objectives for cybersecurity training, education, or awareness.

567

Task

606

Task Evaluate the effectiveness and comprehensiveness of existing training programs.

624

Task Guide employees through relevant development and training choices.

778

Task

Plan classroom techniques and formats (e.g., lectures, demonstrations, interactive


exercises, multimedia presentations) for most effective learning environment.

779

Task

Plan non-classroom educational techniques and formats (e.g., video courses, personal
coaching, web-based courses).

841

Task

Review training documentation (e.g., Course Content Documents [CCD], lesson plans,
student texts, examinations, Schedules of Instruction [SOI], and course descriptions).

842

Task Revise curriculum end course content based on feedback from previous training sessions.

845

Task

855

Task Support the design and execution of exercise scenarios.

885

Task

Write instructional materials (e.g., standard operating procedures, production manual) to


provide detailed guidance to relevant portion of the workforce.

953

Task

Coordinate with human resources to ensure job announcements are written to reflect
required training, education, and/or experience.

Demonstrate concepts, procedures, software, equipment, technology applications to


coworkers, subordinates, or others.

Develop new or identify existing awareness and training materials that are appropriate
for intended audiences.

Educate customers in established procedures and processes to ensure professional


media standards are met.

Serve as an internal consultant and advisor in own area of expertise (e.g., technical,
copyright, print media, electronic media, cartography).

Go Back to All Specialty Areas

Training, Education, and Awareness (TEA) - Develops, plans,


coordinates, delivers, and/or evaluates instructional cybersecurity content
using various formats, techniques, and venues.

Item
KSA
ID

Go Back to All Specialty Areas

General Knowledge Areas: Reflect basic types of knowledge for


cybersecurity professionals and reside within multiple Specialty Areas.
Designated with an asterisk (*).

Statement

Competency
Infrastructure Design

22

KSA

* Knowledge of computer networking concepts and protocols, and network


security methodologies.

108

KSA

* Knowledge of risk management processes (e.g., methods for assessing


and mitigating risk).

Risk Management

1157 KSA

* Knowledge of national and international laws, regulations, policies, and


ethics as they relate to cybersecurity.

Legal, Government, and


Jurisprudence

1158 KSA * Knowledge of cybersecurity principles.

Information
Systems/Network Security

1159 KSA * Knowledge of cyber threats and vulnerabilities.

Vulnerabilities Assessment

Specialty Area Knowledge, Skill, and Abilities (KSA).

Item
KSA
ID

Statement
Knowledge of cyber defense mitigation techniques and vulnerability
assessment tools, including open source tools, and their capabilities.

19

KSA

81

Knowledge of network protocols (e.g., Transmission Critical


KSA Protocol/Internet Protocol [TCP/IP], Dynamic Host Configuration Protocol
[DHCP]), and directory services (e.g., Domain Name System [DNS]).

88

KSA

90

KSA Knowledge of operating systems.

Knowledge of new and emerging Information Technology (IT) and cyber


security technologies.

Competency
Computer Network Defense

Infrastructure Design

Technology Awareness
Operating Systems

246

KSA

Knowledge and experience in the Instructional System Design (ISD)


methodology.

252

KSA

Knowledge of and experience in Insider Threat investigations, reporting,


investigative tools and laws/regulations.

264

Knowledge of basic physical computer components and architectures,


including the functions of various components and peripherals (e.g.,
KSA
central processing units [CPUs], network interface cards [NICs], data
storage).

282

KSA

Knowledge of emerging computer-based technology that has potential for


exploitation by adversaries.

314

KSA

Knowledge of multiple cognitive domains and appropriate tools and


methods for learning in each domain.

Teaching Others

332

KSA

Ability to develop curriculum that speaks to the topic at the appropriate


level for the target audience.

Teaching Others

344

KSA

Knowledge of virtualization technologies and virtual machine development


and maintenance.

Multimedia Technologies
Computer Network Defense

Computers and Electronics

Technology Awareness

Operating Systems

Item
KSA
ID

Statement

Competency

359

KSA Skill in developing and executing technical training programs and curricula.

363

KSA Skill in identifying gaps in technical capabilities.

376

KSA Skill in talking to others to convey information effectively.

918

Ability to prepare and deliver education and awareness briefings to ensure


KSA that systems, network, and data users are aware of and adhere to systems
security policies and procedures.

942

KSA Knowledge of the organization's core business/mission processes.

Organizational Awareness

952

KSA Knowledge of emerging security issues, risks, and vulnerabilities.

Technology Awareness

Knowledge of network security architecture concepts, including topology,


1072 KSA protocols, components, and principles (e.g., application of defense-indepth).

Computer Forensics
Teaching Others
Oral Communication

Teaching Others

Information
Systems/Network Security

Information Systems Security Operations - Oversees and ensures that the


appropriate operational security posture (e.g., network and system security, physical and
environmental protection, personnel security, incident handling, security training and
awareness) is implemented and maintained for an information system or program.
Advises the Authorizing Official (AO), an information system owner, or the Chief
Information Security Officer (CISO) on the security of an information system or program.

Item Tas
ID
k

Statement
Advise appropriate senior leadership or authorizing official of charges affecting the
organization's information assurance (IA) posture.

397

Task

440

Task Collect and maintain data needed to meet system information assurance (IA) reporting.

584

Task

Ensure that information assurance (IA) inspections, tests, and reviews are coordinated for
the network environment.

585

Task

Ensure that information assurance (IA) requirements are integrated into the continuity
planning for that system and/or organization(s).

590

Ensure that protection and detection capabilities are acquired or developed using the
Task Information system security engineering approach and are consistent with organizationlevel information assurance (IA) architecture.

598

Task

600

Task Evaluate cost-benefit, economic, and risk analysis in decision-making process.

731

Task

Participate in information security risk assessment during the Security Assessment and
Authorization (SA&A) process.

733

Task

Participate in the development or modification of the computer environment information


assurance (IA) security program plans and requirements.

790

Task

Prepare, distribute, and maintain plans, instructions, guidance, and standard operating
procedures concerning the security of network system(s) operations.

Evaluate and approve development efforts to ensure that baseline security safeguards
are appropriately installed.

Go Back to All Specialty Areas

Item Tas
ID
k

Statement

816

Task

Provide system related input on information assurance (IA) security requirements to be


included in statements of work and other appropriate procurement documents.

824

Task

Recognize a possible security violation and take appropriate action to report the incident,
as required.

828

Task

Recommend resource allocations required to securely operate and maintain an


organizations information assurance (IA) requirements.

852

Task

Supervise or manage protective or corrective measures when an information assurance


(IA) incident or vulnerability is discovered.

869

Task

Use federal and organization-specific published documents to manage operations of their


computing environment system(s).

962

Task

Identify security requirements specific to an information technology (IT) system in all


phases of the system lifecycle.

963

Task

Ensure plans of actions and milestones or remediation plans are in place for
vulnerabilities identified during risk assessments, audits, inspections, etc.

964

Assure successful implementation and functionality of security requirements and


Task appropriate information technology (IT) policies and procedures consistent with the
organization's mission and goals.

1016 Task

Support necessary compliance activities (e.g., ensure system security configuration


guidelines are followed; compliance monitoring occurs).

1017 Task

Participate in the acquisition process as necessary, following appropriate supply chain


risk management practices.

1041 Task

Define and/or implement policies and procedures to ensure protection of critical


infrastructure as appropriate.

Information Systems Security Operations - Oversees and ensures that


the appropriate operational security posture (e.g., network and system
security, physical and environmental protection, personnel security,
incident handling, security training and awareness) is implemented and
maintained for an information system or program. Advises the Authorizing
Official (AO), an information system owner, or the Chief Information
Security Officer (CISO) on the security of an information system or
program.

Item
KSA
ID

Go Back to All Specialty Areas

General Knowledge Areas: Reflect basic types of knowledge for


cybersecurity professionals and reside within multiple Specialty Areas.
Designated with an asterisk (*).

Statement

Competency
Infrastructure Design

22

KSA

* Knowledge of computer networking concepts and protocols, and network


security methodologies.

108

KSA

* Knowledge of risk management processes (e.g., methods for assessing


and mitigating risk).

Risk Management

1157 KSA

* Knowledge of national and international laws, regulations, policies, and


ethics as they relate to cybersecurity.

Legal, Government, and


Jurisprudence

1158 KSA * Knowledge of cybersecurity principles.

Information
Systems/Network Security

1159 KSA * Knowledge of cyber threats and vulnerabilities.

Vulnerabilities Assessment

Specialty Area Knowledge, Skill, and Abilities (KSA).

Item
KSA
ID
9

KSA

Statement
Knowledge of applicable business processes and operations of customer
organizations.

Competency
Requirements Analysis

37

KSA Knowledge of disaster recovery and continuity of operations plans.

Incident Management

55

Knowledge of Information assurance (IA) principles used to manage risks


KSA related to the use, processing, storage, and transmission of information or
data.

Information Assurance

58

KSA

Knowledge of known vulnerabilities from alerts, advisories, errata, and


bulletins.

Information
Systems/Network Security

62

KSA

Knowledge of industry-standard and organizationally accepted analysis


principles and methods.

Logical Systems Design

69

KSA Knowledge of Risk Management Framework (RMF) requirements.

76

KSA

77

Knowledge of current industry methods for evaluating, implementing, and


disseminating information technology (IT) security assessment,
KSA
monitoring, detection, and remediation tools and procedures, utilizing
standards-based concepts, and capabilities.

88

KSA

Knowledge of new and emerging Information Technology (IT) and cyber


security technologies.

Technology Awareness

112

KSA

Knowledge of server administration and systems engineering theories,


concepts, and methods.

Systems Life Cycle

Knowledge of measures or indicators of system performance and


availability.

Information Systems
Security Certification
Information Technology
Performance Assessment
Information
Systems/Network Security

Item
KSA
ID

Statement

Competency

113

KSA Knowledge of server and client operating systems.

121

KSA Knowledge of structured analysis principles and methods.

Logical Systems Design

126

Knowledge of system software and organizational design standards,


KSA policies, and authorized approaches (e.g., International Organization for
Standardization [ISO] guidelines) relating to system design.

Requirements Analysis

129

KSA

Knowledge of system life cycle management principles, including software


security and usability.

143

KSA

Knowledge of the organizations enterprise information technology (IT)


goals and objectives.

173

KSA Skill in creating policies that reflect system security objectives.

183

Skill in determining how a security system should work, including its


KSA resilience and dependability capabilities, and how changes in conditions,
operations, or the environment will affect these outcomes.

325

Knowledge of secure acquisitions (e.g., relevant Contracting Officer's


KSA Technical Representative [COTR] duties, secure procurement, supply chain
risk management).

965

KSA

Knowledge of organization's risk tolerance and/or risk management


approach.

966

KSA

Knowledge of enterprise incident response program, roles, and


responsibilities.

967

KSA Knowledge of current and emerging threats/threat vectors.

1004 KSA

Knowledge of critical information technology (IT) procurement


requirements.

1034 KSA

Knowledge of Personally Identifiable Information (PII) and Payment Card


Industry (PCI) data security standards.

Knowledge of applicable laws (e.g., Electronic Communications Privacy Act,


Foreign Intelligence Surveillance Act, Protect America Act, search and
seizure laws, civil liberties and privacy laws), U.S. Statutes (e.g., Titles 10,
1036 KSA
18, 32, 50 in U.S. Code), Presidential Directives, executive branch
guidelines, and/or administrative/criminal legal guidelines and procedures
relevant to work performed.
1037 KSA

Knowledge of information technology (IT) supply chain security and risk


management policies, requirements, and procedures.

Knowledge of local specialized system requirements (e.g., critical


1038 KSA infrastructure systems that may not use standard information technology
[IT]) for safety, performance, and reliability).
1039 KSA Skill in evaluating the trustworthiness of the supplier and/or product.
1040 KSA

Knowledge of relevant laws, policies, procedures, or governance related to


work impacting critical infrastructure.

Knowledge of network security architecture concepts, including topology,


1072 KSA protocols, components, and principles (e.g., application of defense-indepth).

Operating Systems

Systems Life Cycle


Enterprise Architecture
Information Systems
Security Certification
Information Assurance

Contracting/Procurement
Risk Management
Incident Management
Information
Systems/Network Security
Contracting/Procurement
Security

Criminal Law

Risk Management

Infrastructure Design

Contracting/Procurement
Criminal Law
Information
Systems/Network Security

Item
KSA
ID
1073 KSA

Statement
Knowledge of network systems management principles, models, methods
(e.g., end-to-end systems performance monitoring), and tools.

Competency
Network Management

Security Program Management - Oversees and manages information security


program implementation within the organization or other area of responsibility. Manages
strategy, personnel, infrastructure, policy enforcement, emergency planning, security
awareness, and/or other resources.

Item Tas
ID
k

Statement

391

Acquire and manage the necessary resources, including leadership support, financial
Task resources, and key security personnel, to support information technology (IT) security
goals, and reduce overall organizational risk.

392

Task

Acquire necessary resources, including financial resources, to conduct an effective


enterprise continuity of operations program.

395

Task

Advise senior management (e.g., Chief Information Officer [CIO]) on risk levels and
security posture.

396

Task

Advise senior management (e.g., Chief Information Officer [CIO]) on cost-benefit analysis
of information security programs, policies, processes, systems, and elements.

445

Task

Communicate the value of information technology (IT) security throughout all levels of
the organization's stakeholders.

473

Task Collaborate with organizational managers to support organizational objectives.

475

Task

Collaborate with stakeholders to establish the enterprise continuity of operations


program, strategy, and mission assurance.

578

Task

Ensure security improvement actions are evaluated, validated, and implemented as


required.

596

Task

Establish overall enterprise information security architecture (EISA) with the


organization's overall security strategy.

600

Task Evaluate cost-benefit, economic, and risk analysis in decision-making process.

628

Task

Identify alternative information security strategies to address organizational security


objective.

640

Task

Identify information technology (IT) security program implications of new technologies or


technology upgrades.

Go Back to All Specialty Areas

Item Tas
ID
k

Statement

674

Task

Interface and disseminate necessary cyber event information to appropriate external


organizations and audiences.

676

Task

Interpret and/or approve security requirements relative to the capabilities of new


information technologies.

677

Task

Interpret patterns of non-compliance to determine their impact on the enterprise's levels


of risk and/or the information assurance (IA) program's overall effectiveness.

679

Task

Manage alignment of information technology (IT) security priorities with the


organization's security strategy.

680

Task Lead and oversee information security budget, staffing, and contracting.

705

Task

Manage the monitoring of information security data sources to maintain organizational


situational awareness.

706

Task

Publish cyber defense techniques and guidance (e.g., Time Compliance Network Orders
[TCNOs], concept of operations, net analyst reports) for the organization.

707

Task

Manage threat or target analysis of adversary's cyber activity information and production
of threat information within the enterprise.

711

Task

Monitor and evaluate the effectiveness of the enterprise's information assurance (IA)
security safeguards to ensure they provide the intended level of protection.

730

Task Oversee the information security training and awareness program.

801

Task

810

Provide leadership and direction to information technology (IT) personnel by ensuring


Task that information assurance (IA) security awareness, basics, literacy, and training are
provided to operations personnel commensurate with their responsibilities.

818

Task

848

Task Recommend policy and coordinate review and approval.

Provide enterprise information assurance (IA) and supply chain risk management
guidance for development of the Continuity of Operations Plans.

Provide technical documents, incident reports, findings from computer examinations,


summaries, and other situational awareness information to higher headquarters.

Item Tas
ID
k

Statement

862

Task

Track audit findings and recommendations to ensure appropriate mitigation actions are
taken.

919

Task

Promote awareness of security issues among management and ensure sound security
principles are reflected in the organization's vision and goals.

947

Task

Oversee policy standards and implementation strategies to ensure procedures and


guidelines comply with cybersecurity policies.

948

Task

Participate in Risk Governance process to provide security risks, mitigations, and input on
other technical risk.

949

Evaluate the effectiveness of procurement function in addressing information security


Task requirements and supply chain risks through procurement activities and recommend
improvement.

1018 Task

Ensure all acquisitions, procurements, and outsourcing efforts address information


security requirements consistent with organization goals.

1032 Task

Continuously validate the organization against


policies/guidelines/procedures/regulations/laws to ensure compliance.

1035 Task

Forecast ongoing service demands and ensure security assumptions are reviewed as
necessary.

1041 Task

Define and/or implement policies and procedures to ensure protection of critical


infrastructure as appropriate.

Security Program Management - Oversees and manages information


security program implementation within the organization or other area of
responsibility. Manages strategy, personnel, infrastructure, policy
enforcement, emergency planning, security awareness, and/or other
resources.

Item
KSA
ID

Go Back to All Specialty Areas

General Knowledge Areas: Reflect basic types of knowledge for


cybersecurity professionals and reside within multiple Specialty Areas.
Designated with an asterisk (*).

Statement

Competency
Infrastructure Design

22

KSA

* Knowledge of computer networking concepts and protocols, and network


security methodologies.

108

KSA

* Knowledge of risk management processes (e.g., methods for assessing


and mitigating risk).

Risk Management

1157 KSA

* Knowledge of national and international laws, regulations, policies, and


ethics as they relate to cybersecurity.

Legal, Government, and


Jurisprudence

1158 KSA * Knowledge of cybersecurity principles.

Information
Systems/Network Security

1159 KSA * Knowledge of cyber threats and vulnerabilities.

Vulnerabilities Assessment

Specialty Area Knowledge, Skill, and Abilities (KSA).

Item
KSA
ID
9

KSA

Statement
Knowledge of applicable business processes and operations of customer
organizations.

Competency
Requirements Analysis

25

Knowledge of encryption algorithms (e.g., Internet Protocol Security


[IPSEC], Advanced Encryption Standard [AES], Generic Routing
KSA Encapsulation [GRE], Internet Key Exchange [IKE], Message Digest
Algorithm [MD5], Secure Hash Algorithm [SHA], Triple Data Encryption
Standard [3DES]).

29

KSA

37

KSA Knowledge of disaster recovery and continuity of operations plans.

49

KSA

55

Knowledge of information assurance (IA) principles used to manage risks


KSA related to the use, processing, storage, and transmission of information or
data.

Information Assurance

61

KSA Knowledge of incident response and handling methodologies.

Incident Management

62

KSA

66

Knowledge of intrusion detection methodologies and techniques for


KSA detecting host-and network-based intrusions via intrusion detection
technologies.

81

Knowledge of network protocols (e.g., Transmission Critical


KSA Protocol/Internet Protocol [TCP/IP], Dynamic Host Configuration Protocol
[DHCP]), and directory services (e.g., Domain Name System [DNS]).

87

KSA Knowledge of network traffic analysis methods.

Knowledge of data backup, types of backups (e.g., full, incremental), and


recovery concepts and tools.

Knowledge of host and network access control mechanisms (e.g., access


control list).

Knowledge of industry-standard and organizationally accepted analysis


principles and methods.

Cryptography

Computer Forensics
Incident Management
Information
Systems/Network Security

Logical Systems Design


Computer Network Defense

Infrastructure Design
Information
Systems/Network Security

Item
KSA
ID

Statement
Knowledge of new and emerging Information Technology (IT) and cyber
security technologies.

88

KSA

92

Knowledge of how traffic flows across the network (e.g., Transmission


KSA Control Protocol and Internet Protocol [TCP/IP], Open System
Interconnection model [OSI]).

95

KSA

Knowledge of penetration testing principles, tools, and techniques (e.g.,


metasploit, neosploit).

105

Knowledge of system and application security threats and vulnerabilities


(e.g., buffer overflow, mobile code, cross-site scripting, Procedural
KSA Language/Structured Query Language [PL/SQL] and injections, race
conditions, covert channel, replay, return-oriented attacks, malicious
code).

107

KSA Knowledge of resource management principles and techniques.

110

KSA

Knowledge of key concepts in security management (e.g., Release


Management, Patch Management).

112

KSA

Knowledge of server administration and systems engineering theories,


concepts, and methods.

113

KSA Knowledge of server and client operating systems.

126

Knowledge of system software and organizational design standards,


KSA policies, and authorized approaches (e.g., International Organization for
Standardization [ISO] guidelines) relating to system design.

129

KSA

132

KSA Knowledge of technology integration processes.

150

KSA

Knowledge of what constitutes a network attack and the relationship to


both threats and vulnerabilities.

299

KSA

Knowledge of information security program management and project


management principles and techniques.

916

KSA Skill in deconflicting cyber operations and activities.

1033 KSA

Knowledge of system life cycle management principles, including software


security and usability.

Technology Awareness
Infrastructure Design
Vulnerabilities Assessment

Vulnerabilities Assessment

Project Management
Information Assurance
Systems Life Cycle
Operating Systems

Requirements Analysis

Systems Life Cycle


Systems Integration
Information
Systems/Network Security
Project Management
Political Savvy

Knowledge of basic system administration, network, and operating system


Information
hardening techniques.
Systems/Network Security

Knowledge of applicable laws (e.g., Electronic Communications Privacy Act,


Foreign Intelligence Surveillance Act, Protect America Act, search and
seizure laws, civil liberties and privacy laws), U.S. Statutes (e.g., Titles 10,
1036 KSA
18, 32, 50 in U.S. Code), Presidential Directives, executive branch
guidelines, and/or administrative/criminal legal guidelines and procedures
relevant to work performed.
1037 KSA

Competency

Knowledge of information technology (IT) supply chain security and risk


management policies, requirements, and procedures.

Knowledge of local specialized system requirements (e.g., critical


1038 KSA infrastructure systems that may not use standard information technology
[IT]) for safety, performance, and reliability.
1039 KSA Skill in evaluating the trustworthiness of the supplier and/or product.

Criminal Law

Risk Management

Infrastructure Design

Contracting/Procurement

Item
KSA
ID

Statement

Competency

1040 KSA

Knowledge of relevant laws, policies, procedures, or governance related to


work impacting critical infrastructure.

Criminal Law

Knowledge of network security architecture concepts, including topology,


1072 KSA protocols, components, and principles (e.g., application of defense-indepth).

Information
Systems/Network Security

1073 KSA

Knowledge of network systems management principles, models, methods


(e.g., end-to-end systems performance monitoring), and tools.

Network Management

1131 KSA

Knowledge of security architecture concepts and enterprise architecture


reference models (e.g., Zackman, Federal Enterprise Architecture [FEA]).

Enterprise Architecture

1141 KSA

Knowledge of an organization's information classification program and


procedures for level information loss.

Information Management

Risk Management - Oversees, evaluates, and supports the documentation, validation,


and accreditation processes necessary to ensure new and existing information
technology (IT) systems meet the organizations information assurance (IA) and security
requirements. Ensures appropriate treatment of risk, compliance, and monitoring
assurance from internal and external perspectives.

Item Tas
ID
k

Statement

537

Task Develop methods to monitor and measure risk, compliance, and assurance efforts.

548

Develop specifications to ensure risk, compliance, and assurance efforts conform with
Task security, resilience, and dependability requirements at the software application, system,
and network environment level.

566

Task Draft statements of preliminary or residual security risks for system operation.

691

Task Maintain information systems assurance and accreditation materials.

696

Task

Manage and approve Accreditation Packages (e.g., International Organization for


Standardization/International Electrotechnical Commission [ISO/IEC] 15026-2).

710

Task

Monitor and evaluate a systems compliance with information technology (IT) security,
resilience, and dependability requirements.

772

Task

Perform validation steps, comparing actual results with expected results and analyze the
differences to identify impact and risks.

775

Task

Plan and conduct security authorization reviews and assurance case development for
initial installation of systems and networks.

798

Provide an accurate technical evaluation of the software application, system, or network,


Task documenting the security posture, capabilities, and vulnerabilities against relevant
information assurance (IA) compliances.

827

Task

Recommend new or revised security, resilience, and dependability measures based on


the results of reviews.

836

Task

Review authorization and assurance documents to confirm that the level of risk is within
acceptable limits for each software application, system, and network.

878

Verify that application software/network/system security postures are implemented as


Task stated, document deviations, and recommend required actions to correct those
deviations.

Go Back to All Specialty Areas

Item Tas
ID
k

Statement

879

Task

Verify that the software application/network/system accreditation and assurance


documentation is current.

936

Task

Develop security compliance processes and/or audits for external services (e.g., cloud
service providers, data centers).

937

Task

Inspect continuous monitoring results to confirm that the level of risk is within acceptable
limits for the software application, network, or system.

Develop and Implement information assurance (IA) independent audit processes for
application software/networks/systems and oversee ongoing independent audits to
1146 Task ensure that operational processes and procedures are in compliance with organizational
and mandatory IA requirements and accurately followed by Systems Administrators and
other cybersecurity staff when performing their day-to-day activities.

Risk Management -Oversees, evaluates, and supports the


documentation, validation, and accreditation processes necessary to
ensure new and existing information technology (IT) systems meet the
organizations information assurance (IA) and security requirements.
Ensures appropriate treatment of risk, compliance, and monitoring
assurance from internal and external perspectives.

Item
KSA
ID

Go Back to All Specialty Areas

General Knowledge Areas: Reflect basic types of knowledge for


cybersecurity professionals and reside within multiple Specialty Areas.
Designated with an asterisk (*).

Statement

Competency
Infrastructure Design

22

KSA

* Knowledge of computer networking concepts and protocols, and network


security methodologies.

108

KSA

* Knowledge of risk management processes (e.g., methods for assessing


and mitigating risk).

Risk Management

1157 KSA

* Knowledge of national and international laws, regulations, policies, and


ethics as they relate to cybersecurity.

Legal, Government, and


Jurisprudence

1158 KSA * Knowledge of cybersecurity principles.

Information
Systems/Network Security

1159 KSA * Knowledge of cyber threats and vulnerabilities.

Vulnerabilities Assessment

Specialty Area Knowledge, Skill, and Abilities (KSA).

Item
KSA
ID

Statement

Competency

19

KSA

Knowledge of cyber defense mitigation techniques and vulnerability


assessment tools, including open source tools, and their capabilities.

Computer Network Defense

27

KSA Knowledge of cryptography and cryptographic key management concepts.

Cryptography

58

KSA

63

Knowledge of information assurance (IA) principles and organizational


KSA requirements to protect confidentiality, integrity, availability, authenticity,
and non-repudiation of information and data.

69

KSA Knowledge of Risk Management Framework (RMF) requirements.

77

Knowledge of current industry methods for evaluating, implementing, and


disseminating information technology (IT) security assessment,
KSA
monitoring, detection, and remediation tools and procedures, utilizing
standards-based concepts, and capabilities.

88

KSA

Knowledge of known vulnerabilities from alerts, advisories, errata, and


bulletins.

Knowledge of new and emerging Information Technology (IT) and cyber


security technologies.

121

KSA Knowledge of structured analysis principles and methods.

128

KSA Knowledge of system diagnostic tools and fault identification techniques.

143

KSA

Knowledge of the organizations enterprise information technology (IT)


goals and objectives.

Information
Systems/Network Security
Information Assurance
Information Systems
Security Certification
Information
Systems/Network Security
Technology Awareness
Logical Systems Design
Systems Testing and
Evaluation
Enterprise Architecture

Item
KSA
ID

Statement

Competency

183

Skill in determining how a security system should work, including its


KSA resilience and dependability capabilities, and how changes in conditions,
operations, or the environment will affect these outcomes.

203

Skill in identifying measures or indicators of system performance and the


KSA actions needed to improve or correct performance, relative to the goals of
the system.

Information Technology
Performance Assessment

942

KSA Knowledge of the organization's core business/mission processes.

Organizational Awareness

1034 KSA

Knowledge of Personally Identifiable Information (PII) and Payment Card


Industry (PCI) data security standards.

Knowledge of applicable laws (e.g., Electronic Communications Privacy Act,


Foreign Intelligence Surveillance Act, Protect America Act, search and
seizure laws, civil liberties and privacy laws), U.S. Statutes (e.g., Titles 10,
1036 KSA
18, 32, 50 in U.S. Code), Presidential Directives, executive branch
guidelines, and/or administrative/criminal legal guidelines and procedures
relevant to work performed.
1037 KSA

Knowledge of information technology (IT) supply chain security and risk


management policies, requirements, and procedures.

Knowledge of local specialized system requirements (e.g., critical


1038 KSA infrastructure systems that may not use standard information technology
[IT]) for safety, performance, and reliability.
1039 KSA Skill in evaluating the trustworthiness of the supplier and/or product.
1040 KSA

Knowledge of relevant laws, policies, procedures, or governance related to


work impacting critical infrastructure.

Knowledge of network security architecture concepts, including topology,


1072 KSA protocols, components, and principles (e.g., application of defense-indepth).

Information Assurance

Security

Criminal Law

Risk Management

Infrastructure Design

Contracting/Procurement
Criminal Law
Information
Systems/Network Security

1131 KSA

Knowledge of security architecture concepts and enterprise architecture


reference models (e.g., Zackman, Federal Enterprise Architecture [FEA]).

1141 KSA

Knowledge of an organization's information classification program and


procedures for level information loss.

Information Management

1142 KSA

Knowledge of security models (e.g., Bell-LaPadula model, Biba integrity


model, Clark-Wilson integrity model).

Enterprise Architecture

Enterprise Architecture

Knowledge Management - Manages and administers integrated methods, enabling the


organization to identify, capture, catalog, classify, retrieve, and share intellectual capital
and information content. The methods may include utilizing processes and tools (e.g.,
databases, documents, policies, procedures) and expertise pertaining to the organization.

Item Tas
ID
k

Statement

394

Task Administer the indexing/cataloguing, storage, and access of organizational documents.

464

Task

Construct access paths to suites of information (e.g., link pages) to facilitate access by
end-users.

505

Task

Design, build, implement, and maintain a knowledge management system that provides
end-users access to the organizations intellectual capital.

513

Task Develop an understanding of the needs and requirements of information end-users.

519

Task

721

Task Monitor and report the usage of knowledge management assets and resources.

777

Task Plan and manage the delivery of knowledge management projects.

794

Promote knowledge sharing through an organizations operational processes and systems


Task by strengthening links between knowledge sharing and information technology (IT)
systems.

814

Task

Develop and implement control procedures into the testing and development of core
information technology (IT) based knowledge management systems.

Provide recommendations on data structures and databases that ensure correct and
quality production of reports/management information.

Go Back to All Specialty Areas

Knowledge Management - Manages and administers integrated


methods, enabling the organization to identify, capture, catalog, classify,
retrieve, and share intellectual capital and information content. The
methods may include utilizing processes and tools (e.g., databases,
documents, policies, procedures) and expertise pertaining to the
organization.

Item
KSA
ID

Go Back to All Specialty Areas

General Knowledge Areas: Reflect basic types of knowledge for


cybersecurity professionals and reside within multiple Specialty Areas.
Designated with an asterisk (*).

Statement

Competency
Infrastructure Design

22

KSA

* Knowledge of computer networking concepts and protocols, and network


security methodologies.

108

KSA

* Knowledge of risk management processes (e.g., methods for assessing


and mitigating risk).

Risk Management

1157 KSA

* Knowledge of national and international laws, regulations, policies, and


ethics as they relate to cybersecurity.

Legal, Government, and


Jurisprudence

1158 KSA * Knowledge of cybersecurity principles.

Information
Systems/Network Security

1159 KSA * Knowledge of cyber threats and vulnerabilities.

Vulnerabilities Assessment

Specialty Area Knowledge, Skill, and Abilities (KSA).

Item
KSA
ID

Statement

KSA

Ability to match the appropriate knowledge repository technology for a


given application or environment.

19

KSA

Knowledge of cyber defense mitigation techniques and vulnerability


assessment tools, including open source tools, and their capabilities.

77

134

Knowledge of current industry methods for evaluating, implementing, and


disseminating information technology (IT) security assessment,
KSA
monitoring, detection, and remediation tools and procedures, utilizing
standards-based concepts and capabilities.
Knowledge of the capabilities and functionality associated with various
KSA
content creation technologies (e.g., wikis, social networking, blogs).

Competency
Knowledge Management
Computer Network Defense
Information
Systems/Network Security
Technology Awareness

135

Knowledge of the capabilities and functionality associated with various


KSA technologies for organizing and managing information (e.g., databases,
bookmarking engines).

136

KSA

163

KSA Skill in conducting information searches.

164

KSA

223

KSA Skill in the measuring and reporting of intellectual capital.

Knowledge Management

230

KSA Skill in using knowledge management technologies.

Knowledge Management

338

KSA

Knowledge of the capabilities and functionality of various collaborative


technologies (e.g., groupware, SharePoint).

Skill in conducting knowledge mapping (e.g., map of knowledge


repositories).

Knowledge of the principal methods, procedures, and techniques of


gathering information and producing, reporting, and sharing intelligence.

Data Management
Technology Awareness
Computer Skills
Knowledge Management

Reasoning

Item
KSA
ID

Statement

Competency

907

KSA Skill in data mining techniques.

Data Management

910

KSA Knowledge of database theory.

Data Management

942

KSA Knowledge of the organization's core business/mission processes.

1034 KSA

Knowledge of Personally Identifiable Information (PII) and Payment Card


Industry (PCI) data security standards.

Knowledge of Cloud-based knowledge management technologies and


1125 KSA concepts related to security, governance, procurement, and
administration.
1126 KSA

Knowledge of data classification standards and methodologies based on


sensitivity and other risk factors.

1129 KSA

Knowledge of multi-channel user access technologies and use cases


including mobile technology.

1136 KSA

Knowledge of use cases related to collaboration and content


synchronization across platforms (e.g., tables, PC, Cloud, etc.).

1141 KSA

Knowledge of an organization's information classification program and


procedures for level information loss.

Organizational Awareness
Security
Distributed Systems
Data Management
Communications Security
Management
Infrastructure Design
Information Management

S-ar putea să vă placă și