Documente Academic
Documente Profesional
Documente Cultură
Category
Specialty Area Title and Definition
Sample Job Titles
Securely Provision Specialty Areas responsible Secure Acquisition Manages and supports the
acquisition life cycle, including planning, determining
Chief Information Security Officer (CISO)
for conceptualizing,
specifications, selecting, and procuring information and
Contracting Officer (CO)
designing, and building
communications technology (ICT) and
Contracting Officer Technical
secure information
cybersecurityproducts used in the organizations design, Representative (COTR)
technology (IT) systems, with development, and maintenance of its infrastructure to
Information Technology (IT) Director
minimize potential risks and vulnerabilities.
responsibility for some
aspect of the systems'
development.
Analyst Programmer
Securely Provision
Computer Programmer
Configuration Manager
Database Developer/Engineer/Architect
Information Assurance (IA) Engineer
Information Assurance (IA) Software
Secure Software Engineering Develops, modifies,
Developer
enhances, and sustains new or existing computer
Information Assurance (IA) Software
applications, software, or utility programs following
Engineer
software assurance best practices throughout the software
Research & Development Engineer
lifecycle.
Secure Software Engineer
Security Engineer
Software Developer
Software Engineer/Architect
Systems Analyst
Web Application Developer
Link to
Tasks
Link to
KSAs
Securely Provision
Securely Provision
Technology Research
Technology
and Development
Research(Task
and
Link to
Tasks
Link to
KSAs
Category
Securely Provision
Business Analyst
Business Process Analyst
Systems Requirements Planning - Consults with
Computer Systems Analyst
stakeholders to guide, gather, and evaluate functional and
Human Factors Engineer
security requirements. Translates these requirements into
Requirements Analyst
guidance to stakeholders about the applicability of
Solutions Architect
information systems to meet their needs.
Systems Consultant
Systems Engineer
Securely Provision
Securely Provision
Systems Requirements
Systems
Planning
Requirements
(Task)
Pl
Systems Development
Systems
(Task)
Development
Data Administration
Data
(Task)
Administration (KS
Link to
Tasks
Link to
KSAs
Cabling Technician
Converged Network Engineer
Network Administrator
Network Analyst
Network Designer
Network Engineer
Network Systems and Data
Communications Analyst
Network Systems Engineer
Systems Engineer
Telecommunications Engineer, Personnel,
or Specialist
System Administration
System
(Task)
Administration (
Link to
Tasks
Link to
KSAs
Incident ResponseIncident
(Task) Response (KSA
Investigate - Specialty
Areas responsible for
investigating cyber events or
crimes related to information
technology (IT) systems,
networks, and digital
evidence.
Link to
Tasks
Link to
KSAs
Vulnerability Assessment and Management Conducts threat and vulnerability assessments and
determines deviations from acceptable configurations or
policies. Assesses the level of risk and develops and/or
recommends appropriate mitigation countermeasures in
operational and non-operational situations.
Investigate
Cyber InvestigationCyber
(Task)
Investigation (KS
Link to
Tasks
Link to
KSAs
Strategic PlanningStrategic
and Policy
Planning
Developmen
and
Training, Education,
Training,
and Awareness
Education,
(Task
and
Link to
Tasks
Accreditor
Analyst/Manager
Auditor
Authorizing Official Designated
Representative
Certification Agent
Certifying Official
Compliance Manager
Designated Accrediting Authority
Information Assurance (IA) Auditor
Information Assurance (IA) Compliance
Information Assurance (IA) Manager
Information Assurance (IA) Officer
Portfolio Manager
Quality Assurance (QA) Specialist
Risk/Vulnerability Analyst
Security Control Assessor
Systems Analyst
Validator
Risk ManagementRisk
(Task)
Management (KSA
Business Analyst
Business Intelligence Manager
Content Administrator
Document Steward
Freedom of Information Act Official
Information Manager
Information Owner
Information Resources Manager
Knowledge Manager
Knowledge Management
Knowledge
(Task)
Managemen
Category
Link to
KSAs
Due to the unique and highly specialized nature of this work, sample job titles, tasks, and knowledge, skills, and abilities (KSA)
Link to
Tasks
Link to
KSAs
Due to the unique and highly specialized nature of this work, sample job titles, tasks, and knowledge, skills, and abilities (KSA)
Analyze
Analyze
Analyze
Secure Acquisition Secure Acquisition Manages and supports the acquisition life
cycle, including planning, determining specifications, selecting, and procuring information
and communications technology (ICT) and cybersecurityproducts used in the
organizations design, development, and maintenance of its infrastructure to minimize
potential risks and vulnerabilities.
Item Tas
ID
k
Statement
680
Task Lead and oversee information security budget, staffing, and contracting.
801
Task
949
Provide enterprise information assurance (IA) and supply chain risk management
guidance for development of the Continuity of Operations Plans.
Evaluate the effectiveness of procurement function in addressing information security
Task requirements and supply chain risks through procurement activities and recommend
improvements.
955
Task Draft and publish a supply chain security and risk management policy.
970
Task
1003 Task Develop and document supply chain risks for critical system elements, as appropriate.
1017 Task
1018 Task
Develop contract language to ensure supply chain, system, network, and operational
security are met.
Item
KSA
ID
Statement
Competency
Infrastructure Design
22
KSA
108
KSA
Risk Management
1157 KSA
Information
Systems/Network Security
Vulnerabilities Assessment
Item
KSA
ID
Statement
107
296
KSA
325
954
979
Competency
Project Management
Telecommunications
Contracting/Procurement
Contracting/Procurement
Risk Management
1004 KSA
Contracting/Procurement
1005 KSA
Contracting/Procurement
1039 KSA Skill in evaluating the trustworthiness of the supplier and/or product.
1061 KSA Knowledge of the life cycle process.
Risk Management
Risk Management
Contracting/Procurement
Systems Life Cycle
Item
KSA
ID
Statement
Competency
Computer Network Defense
Legal, Government, and
Jurisprudence
Item Tas
ID
k
Statement
408
Task
414
Task
Analyze user needs and software requirements to determine feasibility of design within
time and cost constraints.
417
Task
Apply coding and testing standards, security testing tools (including fuzzing staticanalysis code scanning tools), and conduct code reviews.
418
432
Capture security controls used during the requirements phase to integrate security within
Task the process, identify key security objectives, and maximize software security while
minimizing disruption to plans and schedules.
446
Task
459
Task
461
Conduct trial runs of programs and software applications to ensure the desired
information is produced and instructions are correct.
Confer with systems analysts, engineers, programmers, and others to design applications
Task and obtain information on project limitations and capabilities, performance requirements,
and interfaces.
465
467
Task Consult with engineering staff to evaluate interface between hardware and software.
477
Task
Correct errors by making appropriate changes and rechecking the program to ensure
desired results are produced.
506
Task
Design, develop, and modify software systems using scientific analysis and mathematical
models to predict and measure outcome and consequences of design.
515
Task
Develop and direct software system testing and validation procedures, programming, and
documentation.
543
Item Tas
ID
k
Statement
Evaluate factors such as reporting formats required, cost constraints, and need for
security restrictions to determine hardware configuration.
602
Task
634
644
645
709
756
Task
Perform integrated quality assurance testing for security functionality and resiliency
attacks.
764
Task
770
Task
Perform risk analysis (e.g., threat, vulnerability, and probability of occurrence) whenever
an application or system undergoes a major change.
785
Task
826
865
Prepare detailed workflow charts and diagrams that describe input, output, and logical
operation, and convert them into a series of instructions coded in a computer language.
Recognize security implications in the software acceptance phase, including completion
Task criteria, risk acceptance and documentation, common criteria, and methods of
independent testing.
Translate security requirements into application design elements, including documenting
Task the elements of the software attack surfaces, conducting threat modeling, and defining
any specific security criteria.
969
970
Task
971
Task
972
Task
Determine and document critical numbers of software patches or the extent of releases
that would leave software vulnerable.
Item Tas
ID
k
Statement
Enable applications with public keying by leveraging existing public key infrastructure
(PKI) libraries and incorporating certificate management and encryption functionalities.
Identify and leverage the enterprise-wide security services while designing and
1150 Task developing secure applications (e.g. Enterprise PKI, Federated Identity server, Enterprise
AV solution).
Identify and leverage the enterprise-wide version control system while designing and
1151 Task
developing secure applications.
1149 Task
Item
KSA
ID
Statement
Competency
Infrastructure Design
22
KSA
108
KSA
Risk Management
1157 KSA
Information
Systems/Network Security
Vulnerabilities Assessment
Item
KSA
ID
3
KSA
Statement
Skill in conducting vulnerability scans and recognizing vulnerabilities in
security systems.
Competency
Vulnerabilities Assessment
20
23
KSA
Object Technology
38
KSA
Information Assurance
40
43
56
KSA
63
Information Assurance
74
Computer Languages
81
Infrastructure Design
90
Object Technology
Operating Systems
Item
KSA
ID
95
KSA
Statement
Knowledge of penetration testing principles, tools, and techniques (e.g.,
metasploit, neosploit).
Competency
Vulnerabilities Assessment
100
102
Computer Languages
109
116
Software Development
117
Software Development
118
KSA
119
121
123
124
KSA
149
KSA
168
172
174
177
185
KSA
191
197
KSA
238
Skill in writing code that is compatible with legacy code (e.g., Common
KSA Business-Oriented Language [COBOL], FORTRAN IV) in a modern
programming language (e.g., Java, C++).
Computer Languages
904
Computer Languages
905
Computer Languages
Configuration Management
Software Engineering
Software Engineering
Logical Systems Design
Vulnerabilities Assessment
Logical Systems Design
Web Technology
Software Development
Modeling and Simulation
Software Testing and
Evaluation
Vulnerabilities Assessment
Software Development
Identity Management
Information
Systems/Network Security
Item
KSA
ID
Statement
Competency
968
973
974
975
KSA
976
Software Engineering
978
Incident Management
979
KSA
980
Skill in integrating black box security testing tools into quality assurance
process of software releases.
1020 KSA Skill in secure test plan design (i.e., unit, integration, system, acceptance).
Information
Systems/Network Security
Software Development
Software Testing and
Evaluation
Quality Assurance
Risk Management
Incident Management
Systems Testing and
Evaluation
1034 KSA
Security
1037 KSA
Risk Management
Infrastructure Design
Software Engineering
Information
Systems/Network Security
Enterprise Architecture
Skill in deploying Service Gateway at the network edge as the first point of
1137 KSA contact or proxy into enterprise infrastructure handling layer 7 protocols
(e.g., web, XML SOAP, REST, or legacy protocols [EDI]).
Infrastructure Design
Encryption
Systems Security Architecture - Designs and develops system concepts and works on
the capabilities phases of the systems development lifecycle. Translates technology and
environmental conditions (e.g., laws, regulations, best practices) into system and security
designs and processes.
Item Tas
ID
k
Statement
413
437
Task
Collaborate with system developers to select appropriate design solutions or ensure the
compatibility of system components.
483
Task
Define and prioritize essential system capabilities or business functions required for
partial or full system restoration after a catastrophic failure event.
484
Define appropriate levels of system availability based on critical system functions and
ensure system requirements identify appropriate disaster recovery and continuity of
Task operations requirements, to include any appropriate fail-over/alternate site requirements,
backup requirements, and material supportability requirements for system
recovery/restoration.
502
Task Design system architecture or system components required to meet user needs.
534
Develop information assurance (IA) designs for systems and networks with multilevel
Task security requirements or requirements for the processing of multiple classification levels
of data (primarily applicable to government organizations).
561
563
568
569
Ensure all definition and architecture activities (e.g., system lifecycle support plans,
Task concept of operations, operational procedures and maintenance training materials) are
properly documented and updated as necessary.
579
Task
Item Tas
ID
k
Statement
601
Task
603
Task
Evaluate interface between hardware and software and operational and performance
requirements of overall system.
631
Task
646
Task
Identify the protection needs (i.e. security controls) for information system(s), network(s)
and document appropriately.
765
Task
Perform security reviews, identify gaps in security architecture, and develop a security
risk management plan.
780
Task
Plan system implementation to ensure that all system components can be integrated and
aligned (e.g., procedures, databases, policies, software, hardware).
797
807
Task
809
Provide input to the Risk Management Framework (RMF) process activities and related
Task documentation (e.g., system lifecycle support plans, concept of operations, operational
procedures, and maintenance training materials).
849
Task
864
994
Task
Define and document how the implementation of a new system or new interfaces
between systems impacts the security posture of the current environment.
995
Task
Document and manage an enterprise technical risk register prioritizing and managing
technical risks throughout the system lifecycle.
996
Task Assess and design key management functions (as related to information assurance [IA]).
Specify power supply and heating, ventilation, and air conditioning (HVAC) requirements
and configuration based on system performance expectations and design specifications.
Item
KSA
ID
Statement
Competency
Infrastructure Design
22
KSA
108
KSA
Risk Management
1157 KSA
Information
Systems/Network Security
Vulnerabilities Assessment
Item
KSA
ID
8
Statement
Competency
Identity Management
21
25
Cryptography
27
Cryptography
34
38
KSA
40
43
Embedded Computers
46
Information Assurance
51
KSA
52
Mathematical Reasoning
Database Management
Systems
Information Assurance
Systems Testing and
Evaluation
Systems Integration
Human Factors
Item
KSA
ID
Statement
53
62
KSA
63
65
KSA
68
KSA
70
KSA
78
79
KSA
81
82
KSA
90
92
94
Competency
Information Assurance
Logical Systems Design
Information Assurance
Mathematical Reasoning
Information Technology
Architecture
Information
Systems/Network Security
Computers and Electronics
Identity Management
Infrastructure Design
Infrastructure Design
Operating Systems
Infrastructure Design
Information Assurance
109
110
KSA
111
113
119
124
KSA
130
132
Systems Integration
Configuration Management
Information Assurance
Information
Systems/Network Security
Operating Systems
Software Engineering
Logical Systems Design
Item
KSA
ID
Statement
Knowledge of key telecommunication concepts (e.g., Routing Algorithms,
Fiber Optics Systems Link Budgeting, Add/Drop Multiplexers).
133
KSA
141
143
KSA
144
155
KSA
180
183
197
KSA
224
KSA
Skill in design modeling and building use cases (e.g., unified modeling
language).
904
993
Competency
Telecommunications
Information Technology
Architecture
Enterprise Architecture
Systems Life Cycle
Technology Awareness
Systems Integration
Information Assurance
Information
Systems/Network Security
Modeling and Simulation
Computer Languages
Enterprise Architecture
1034 KSA
Security
1037 KSA
Risk Management
Information
Systems/Network Security
Process Control
Infrastructure Design
Network Management
1133 KSA
1141 KSA
Information Management
1142 KSA
Enterprise Architecture
Network Management
Item Tas
ID
k
Statement
455
520
Task
925
927
Task
Research and evaluate all available technologies and standards to meet customer
requirements.
934
Task
Identify cyber capabilities strategies for custom hardware and software development
based on mission requirements.
Review and validate data mining and data warehousing programs, processes, and
requirements.
1076 Task Collaborate with stakeholders to identify and/or develop appropriate solutions technology.
1077 Task Design and develop new tools/technologies as related to information assurance (IA).
1078 Task
Troubleshoot prototype design and process issues throughout the product design,
development, and post-launch phases.
1079 Task
Identify functional- and security-related features to find opportunities for new capability
development to exploit or mitigate cyberspace vulnerabilities.
1080 Task Identify and/or develop reverse engineering tools to detect cyberspace vulnerabilities.
1145 Task Develop and implement credentialing and identity management programs.
1147 Task
Item
KSA
ID
Statement
Competency
Infrastructure Design
22
KSA
108
KSA
Risk Management
1157 KSA
Information
Systems/Network Security
Vulnerabilities Assessment
Item
KSA
ID
Statement
Competency
KSA
Vulnerabilities Assessment
KSA
Vulnerabilities Assessment
10
15
Hardware
27
Cryptography
42
88
KSA
Technology Awareness
95
KSA
Vulnerabilities Assessment
129
KSA
132
133
KSA
144
155
KSA
172
180
238
Skill in writing code that is compatible with legacy code (e.g., Common
KSA Business-Oriented Language [COBOL], FORTRAN IV) in a modern
programming language (e.g., Java, C++).
Computer Languages
321
Technology Awareness
Vulnerabilities Assessment
Hardware Engineering
Item
KSA
ID
Statement
371
905
1037 KSA
Competency
Operating Systems
Computer Languages
Risk Management
Infrastructure Design
Criminal Law
Requirements Analysis
Computer Forensics
Software Development
Telecommunications
Vulnerabilities Assessment
Software Development
Public Safety and Security
Infrastructure Design
Vulnerabilities Assessment
Operating Systems
Infrastructure Design
Vulnerabilities Assessment
Information
Systems/Network Security
Computer Network Defense
Enterprise Architecture
Item Tas
ID
k
Statement
Conduct risk analysis, feasibility study, and/or trade-off analysis to develop, document,
and refine functional requirements and specifications.
458
Task
466
476
Task
487
511
517
Task
528
669
Task
Integrate and align information security and/or information assurance (IA) policies to
ensure system analysis meets security requirements.
700
Task
Manage information technology (IT) projects to ensure that developed solutions meet
customer requirements.
726
760
Task
789
Task Prepare use cases to justify the need for specific information technology (IT) solutions.
863
Develop and document requirements, capabilities, and constraints for design procedures
and processes.
Perform needs analysis to determine opportunities for new and improved business
process solutions.
Item Tas
ID
k
Statement
1003 Task Develop and document supply chain risks for critical system elements, as appropriate.
1144 Task
Item
KSA
ID
Statement
Competency
Infrastructure Design
22
KSA
108
KSA
Risk Management
1157 KSA
Information
Systems/Network Security
Vulnerabilities Assessment
Item
KSA
ID
9
KSA
Statement
Knowledge of applicable business processes and operations of customer
organizations.
Competency
Requirements Analysis
16
25
Cryptography
27
Cryptography
46
51
KSA
Systems Integration
53
Information Assurance
55
62
63
64
65
KSA
Requirements Analysis
Information Assurance
Information Assurance
Logical Systems Design
Information Assurance
Information
Systems/Network Security
Mathematical Reasoning
Item
KSA
ID
Statement
Knowledge of information technology (IT) architectural concepts and
frameworks.
Competency
Information Technology
Architecture
68
KSA
78
79
KSA
81
82
KSA
Infrastructure Design
88
KSA
Technology Awareness
90
92
94
Infrastructure Design
Operating Systems
Infrastructure Design
Information Assurance
Personnel Safety and
Security
100
101
110
KSA
Information Assurance
124
KSA
126
129
KSA
130
133
KSA
143
KSA
144
155
KSA
156
158
KSA
Requirements Analysis
Item
KSA
ID
Statement
162
224
KSA
229
911
KSA
Skill in design modeling and building use cases (e.g., unified modeling
language).
Competency
Requirements Analysis
Modeling and Simulation
Incident Management
Requirements Analysis
Information Technology
Performance Assessment
1004 KSA
Contracting/Procurement
1005 KSA
Contracting/Procurement
Criminal Law
Risk Management
Infrastructure Design
Contracting/Procurement
1040 KSA
Criminal Law
1073 KSA
Network Management
1133 KSA
Network Management
1141 KSA
Information Management
Test and Evaluation - Develops and conducts processes and procedures (e.g., testing)
to evaluate compliance with security requirements.
Item Tas
ID
k
Statement
Analyze the results of end-to-end testing (e.g., software, hardware, transport, seams,
interfaces).
412
Task
508
550
694
747
Task
748
757
Task
761
773
Task
858
Develop test bed environment to test and verify hardware and support peripherals to
Task ensure that they meet specifications and requirements by recording and analyzing test
data.
951
Task
Determine scope, infrastructure, resources, and data sample size to ensure system
requirements are adequately demonstrated.
Item Tas
ID
k
1156 Task
Statement
Conduct and monitor Independent Validation and Verification (IV&V) testing for software
applications and systems.
Item
KSA
ID
Statement
Competency
Infrastructure Design
22
KSA
108
KSA
Risk Management
1157 KSA
Information
Systems/Network Security
Vulnerabilities Assessment
Item
KSA
ID
Statement
Knowledge of organization's enterprise information security architecture
system.
Competency
38
KSA
Information Assurance
40
53
Information Assurance
63
Information Assurance
Item
KSA
ID
Statement
81
83
Competency
Infrastructure Design
Hardware
127
Operating Systems
144
169
176
KSA
182
KSA Skill in determining an appropriate level of test rigor for a given system.
190
220
239
904
Computer Languages
950
1034 KSA
Skill in designing a data analysis structure (i.e., the types of data your test
must generate and how to analyze those data).
Security
Item
KSA
ID
1037 KSA
Statement
Knowledge of information technology (IT) supply chain security and risk
management policies, requirements, and procedures.
Competency
Risk Management
Infrastructure Design
Information
Systems/Network Security
Item Tas
ID
k
Statement
416
Task
Analyzes design constraints, trade-offs, and detailed system and security designs to
identify necessary lifecycle support.
419
Task
Apply security policies to applications that interface with one another, such as Businessto-Business (B2B) applications.
425
426
Task
431
Task Build, test, and modify product prototypes using working models or theoretical models.
457
Conduct Privacy Impact Analysis (PIA) of the applications security design for the
Task appropriate security controls, which protect the confidentiality and integrity of Personal
Identifiable Information (PII).
494
495
Task Design and develop secure interface specifications between interconnected systems.
496
Design, develop, integrate, and update system security measures (including policies and
Task requirements) that provide confidentiality, integrity, availability, authentication, and nonrepudiation.
500
Task
501
Design or integrate appropriate data backup capabilities into overall system designs, and
Task ensure appropriate technical and procedural processes exist for secure system backups
and protected storage of backup data.
503
Task
Design systems to the minimum security requirements to ensure requirements are met
for all systems and/or applications.
Item Tas
ID
k
Statement
516
Task Develop and oversee system testing and validation procedures and documentation.
527
530
Task
531
Task
Develop disaster recovery and continuity of operations plans for systems under
development, and ensure testing prior to systems entering a production environment.
542
Task
547
Task
626
Task
630
632
648
Identify and direct the remediation of technical problems encountered during testing and
Task implementation of new systems (e.g., identify and find work-arounds for communication
protocols that are not interoperable).
Identify and prioritize essential system functions or sub-systems, as may be necessary to
support essential capabilities or business functions; in the event of system failure or
Task
system recovery, observe, and adhere to overall system requirements for continuity and
availability.
Identify, assess, and recommend information assurance (IA) or IA-enabled products for
Task use within a system and ensure recommended products are in compliance with
organization's evaluation and validation requirements.
659
662
Task
Incorporate information assurance (IA) vulnerability solutions into system designs (e.g.,
IA Vulnerability Alerts).
737
Task
Item Tas
ID
k
Statement
766
Task Perform security reviews and identify security gaps in security architecture.
770
Task
Perform risk analysis (e.g., threat, vulnerability, and probability of occurrence) whenever
an application or system undergoes a major change.
803
Task
808
809
Provide input to the Risk Management Framework (RMF) process activities and related
Task documentation (e.g., system lifecycle support plans, concept of operations, operational
procedures, and maintenance training materials).
850
Task Store, retrieve, and manipulate data for analysis of system capabilities and requirements.
856
860
874
Task
877
997
Task
998
Task
999
Utilize models and simulations to analyze or predict system performance under different
operating conditions.
Analyze user needs and requirements to plan and conduct system security development
around user experience (UX).
Develop information assurance (IA) designs to meet specific operational needs and
environmental factors (e.g., access controls, automated applications, networked
Task operations, high integrity and availability requirements, multilevel security/processing of
multiple classification levels, and processing Sensitive Compartmented Information
[SCI]).
Item Tas
ID
k
Statement
Ensure security design and information assurance (IA) development activities are
1000 Task properly documented, providing a functional description of security implementation, and
updated as necessary.
1152 Task
Implement and integrate system development life cycle (SLDC) methodologies (e.g., IBM
Rational Unified Process) into development environment.
Item
KSA
ID
Statement
Competency
Infrastructure Design
22
KSA
108
KSA
Risk Management
1157 KSA
Information
Systems/Network Security
Vulnerabilities Assessment
Item
KSA
ID
Statement
Skill in conducting vulnerability scans and recognizing vulnerabilities in
security systems.
KSA
Competency
Vulnerabilities Assessment
Identity Management
21
25
Cryptography
27
Cryptography
34
38
KSA
40
42
Hardware Engineering
43
Embedded Computers
46
Information Assurance
51
KSA
Mathematical Reasoning
Database Management
Systems
Information Assurance
Systems Testing and
Evaluation
Systems Integration
Item
KSA
ID
Statement
Competency
52
63
64
65
KSA
Mathematical Reasoning
70
KSA
Information
Systems/Network Security
72
KSA
Knowledge of local area network (LAN) and wide area network (WAN)
principles and concepts, including bandwidth management.
Infrastructure Design
75
KSA
Mathematical Reasoning
78
79
KSA
81
82
KSA
90
92
94
Information Assurance
98
Identity Management
100
101
109
110
KSA
Information Assurance
118
KSA
Software Engineering
119
Human Factors
Information Assurance
Information
Systems/Network Security
Infrastructure Design
Infrastructure Design
Operating Systems
Infrastructure Design
Software Engineering
Item
KSA
ID
Statement
Competency
121
124
KSA
126
129
KSA
130
133
KSA
144
173
Information Systems
Security Certification
177
Vulnerabilities Assessment
179
KSA
180
191
197
KSA
199
224
KSA
904
Skill in design modeling and building use cases (e.g., unified modeling
language).
Requirements Analysis
Information Assurance
Systems Integration
Identity Management
Information
Systems/Network Security
Vulnerabilities Assessment
Modeling and Simulation
Computer Languages
Information Technology
Performance Assessment
1034 KSA
Security
1037 KSA
Risk Management
Infrastructure Design
Information
Systems/Network Security
Item
KSA
ID
Statement
Competency
1073 KSA
Network Management
1133 KSA
Network Management
1141 KSA
Information Management
1142 KSA
Enterprise Architecture
Item Tas
ID
k
Statement
400
401
Task Analyze and plan for anticipated changes in data capacity requirements.
498
520
Task
529
664
684
688
Task
690
Task
Maintain information exchanges through publish, subscribe, and alert functions that
enable users to send and receive critical information as required.
702
Task Manage the compilation, cataloging, caching, distribution, and retrieval of data.
712
740
Review and validate data mining and data warehousing programs, processes, and
requirements.
Item Tas
ID
k
Statement
Provide a managed flow of relevant information (via web-based portals or other means)
based on a mission requirements.
796
Task
815
1154 Task
Item
KSA
ID
Statement
Competency
Infrastructure Design
22
KSA
108
KSA
Risk Management
1157 KSA
Information
Systems/Network Security
Vulnerabilities Assessment
Item
KSA
ID
Statement
28
KSA
29
KSA
31
32
KSA
35
44
79
KSA
90
98
Competency
Data Management
Computer Forensics
Data Management
Database Management
Systems
Encryption
Enterprise Architecture
Identity Management
Operating Systems
Identity Management
Database Management
Systems
104
120
KSA
Data Management
137
KSA
Data Management
Item
KSA
ID
Statement
Competency
152
KSA
Database Administration
166
KSA
Database Management
Systems
178
186
187
188
201
Database Management
Systems
208
Database Management
Systems
213
910
1034 KSA
1141 KSA
Database Administration
Data Management
Modeling and Simulation
Data Management
Database Administration
Data Management
Security
Database Management
Systems
Database Administration
Database Management
Systems
Information Management
Customer Service and Technical Support - Provides end users tiered-level customer
support by coordinating software, hardware, network, and security issue resolution. May
install, configure, troubleshoot, and provide maintenance and training.
Item Tas
ID
k
Statement
428
Task Assist in the execution of disaster recovery and continuity of operations plans.
554
639
665
Task Install and configure hardware, software, and peripheral equipment for system users.
695
Task Manage accounts, network rights, and access to systems and equipment.
698
714
813
830
859
866
Customer Service and Technical Support - Provides end users tieredlevel customer support by coordinating software, hardware, network, and
security issue resolution. May install, configure, troubleshoot, and provide
maintenance and training.
Item
KSA
ID
Statement
Competency
Infrastructure Design
22
KSA
108
KSA
Risk Management
1157 KSA
Information Systems/Network
Security
Vulnerabilities Assessment
Item
KSA
ID
7
33
Statement
37
76
KSA
Competency
Knowledge Management
Incident Management
Incident Management
Information Technology
Performance Assessment
127
142
KSA
145
KSA
165
Skill in conducting open source research for troubleshooting novel clientKSA level problems (e.g., online development communities, system security
blogging sites).
204
KSA
221
222
235
KSA
264
Skill in using the appropriate tools for repairing software, hardware, and
peripheral equipment of a system.
Operating Systems
Knowledge Management
Item
KSA
ID
281
Statement
Competency
Hardware
Security
Information Systems/Network
Security
Information Management
Item Tas
ID
k
Statement
Configure and optimize network hubs, routers, and switches (e.g., higher-level protocols,
tunneling).
462
Task
522
555
617
Task Expand or modify network infrastructure to serve new purposes or improve work flow.
656
Task Implement new system design procedures, test procedures, and quality standards.
666
Task
667
673
718
736
Task
802
Install and maintain network infrastructure device operating system software (e.g.,
Interwork Operating System [IOS], firmware).
829
857
Task Test and maintain network infrastructure including software and hardware devices.
Item
KSA
ID
Statement
Competency
Infrastructure Design
22
KSA
108
KSA
Risk Management
1157 KSA
Information
Systems/Network Security
Vulnerabilities Assessment
Item
KSA
ID
Statement
Knowledge of communication methods, principles, and concepts (e.g.,
encoding, signaling, multiplexing) that support the network infrastructure.
Competency
12
KSA
15
Hardware
27
Cryptography
41
KSA
55
70
KSA
72
KSA
Knowledge of local area network (LAN) and wide area network (WAN)
principles and concepts, including bandwidth management.
76
KSA
Information Technology
Performance Assessment
81
Infrastructure Design
92
Infrastructure Design
106
Infrastructure Design
Infrastructure Design
Information Assurance
Information
Systems/Network Security
Infrastructure Design
Information Technology
Architecture
Item
KSA
ID
Statement
Competency
112
KSA
133
KSA
148
154
Capacity Management
193
KSA
Information Assurance
198
205
KSA
207
KSA
Infrastructure Design
231
KSA
Network Management
234
Infrastructure Design
261
Telecommunications
271
KSA
Infrastructure Design
278
347
KSA Knowledge of Windows command line (e.g., ipconfig, netstat, dir, nbtstat).
Operating Systems
891
KSA
Configuration Management
893
896
900
901
Network Management
902
Network Management
Infrastructure Design
Information
Systems/Network Security
Telecommunications
Information Assurance
Computer Network Defense
Web Technology
Item
KSA
ID
Statement
903
985
989
990
1034 KSA
Competency
Network Management
Configuration Management
Telecommunications
Computer Network Defense
Security
Information
Systems/Network Security
Network Management
Web Technology
Network Management
Encryption
1141 KSA
Information Management
1142 KSA
Enterprise Architecture
Item Tas
ID
k
Statement
434
452
456
Task
499
Task
Design group policies and access control lists to ensure compatibility with organizational
standards, business rules, and needs.
518
521
Task Develop and implement local network usage policies and procedures.
668
683
695
Task Manage accounts, network rights, and access to systems and equipment.
701
Task
713
728
Item Tas
ID
k
Statement
763
776
Task
781
Task Plan, execute, and verify data redundancy and system recovery procedures.
811
835
Plan and coordinate the installation of new or modified hardware, operating systems, and
other baseline software.
1153 Task Install, update, and troubleshoot virtual and remote access servers.
Item
KSA
ID
Statement
Competency
Infrastructure Design
22
KSA
108
KSA
Risk Management
1157 KSA
Information
Systems/Network Security
Vulnerabilities Assessment
Item
KSA
ID
Statement
Competency
70
KSA
72
KSA
Knowledge of local area network (LAN) and wide area network (WAN)
principles and concepts, including bandwidth management.
76
KSA
Information Technology
Performance Assessment
81
Infrastructure Design
89
Technology Awareness
96
99
Information
Systems/Network Security
Infrastructure Design
Information Technology
Performance Assessment
Systems Integration
112
KSA
113
Operating Systems
114
Computer Forensics
Item
KSA
ID
Statement
Competency
127
141
145
KSA
148
167
Network Management
170
Software Engineering
171
KSA
194
Network Management
195
Network Management
202
KSA
206
209
211
216
219
Operating Systems
286
KSA Knowledge of file extensions (e.g., .dll, .bat, .zip, .pcap, .gzip).
Operating Systems
287
KSA
342
KSA Knowledge of Unix command line (e.g., mkdir, mv, ls, passwd, grep).
344
KSA
386
892
KSA
Operating Systems
Information Technology
Architecture
Systems Life Cycle
Encryption
Network Management
Information Technology
Performance Assessment
Systems Life Cycle
Identity Management
Information Technology
Performance Assessment
Incident Management
Operating Systems
Computer Languages
Operating Systems
Operating Systems
Configuration Management
Item
KSA
ID
986
KSA
Statement
Knowledge of organizational information technology (IT) user security
policies (e.g., account creation, password rules, access control).
Competency
Identity Management
1033 KSA
1034 KSA
Security
Item Tas
ID
k
Statement
Apply security policies to applications that interface with one another, such as Businessto-Business (B2B) applications.
419
Task
420
421
Task
525
Task
Develop and test system fail-over or system operations transfer to an alternate site
based on system availability requirements.
559
Task Discover organizational trends with regard to the security posture of systems.
571
Task
572
Ensure application of security patches for commercial products integrated into system
Task design meet the timelines dictated by the management authority for the intended
operational environment.
576
Task
593
Task
Establish adequate access controls based on principles of least privilege and need-toknow
616
Task Exercise the system disaster recovery and continuity of operations plans.
652
Task
Implement and/or integrate security measures for use in system(s) and ensure that
system designs incorporate security configuration guidelines.
653
Task
Implement security designs and approaches to resolve vulnerabilities, mitigate risks, and
recommend security changes to system or system components as needed.
Ensure all systems security operations and maintenance activities are properly
documented and updated as necessary.
Item Tas
ID
k
Statement
660
Task
661
Task
670
Task
671
708
717
Task
729
Task Oversee minimum security requirements are in place for all applications.
754
Task
767
Task
Perform security reviews and identify security gaps in security architecture, resulting in
recommendations for the inclusion into the risk mitigation strategy.
782
Task
795
Task
806
809
Provide input to the Risk Management Framework (RMF) process activities and related
Task documentation (e.g., system lifecycle support plans, concept of operations, operational
procedures, and maintenance training materials).
Item Tas
ID
k
Statement
Verify and update security documentation reflecting the application/system security
design features.
876
Task
880
Task Work with others to resolve computer security incidents and vulnerability compliance.
938
Task
Ensure recovery and continuity plans are executable in the system operational
environment.
Item
KSA
ID
Statement
Competency
Infrastructure Design
22
KSA
108
KSA
Risk Management
1157 KSA
Information
Systems/Network Security
Vulnerabilities Assessment
Item
KSA
ID
3
KSA
Statement
Skill in conducting vulnerability scans and recognizing vulnerabilities in
security systems.
Competency
Vulnerabilities Assessment
18
25
Cryptography
27
Cryptography
34
Database Management
Systems
42
Hardware Engineering
43
Embedded Computers
46
Information Assurance
51
KSA
52
58
KSA
Systems Integration
Human Factors
Information
Systems/Network Security
Item
KSA
ID
Statement
Competency
63
65
KSA
Mathematical Reasoning
70
KSA
Information
Systems/Network Security
75
KSA
78
79
KSA
Identity Management
82
KSA
Infrastructure Design
90
92
94
Information Assurance
Mathematical Reasoning
Computers and Electronics
Operating Systems
Infrastructure Design
Information Assurance
109
110
KSA
111
119
Software Engineering
130
133
KSA
144
160
Vulnerabilities Assessment
177
Vulnerabilities Assessment
179
KSA
183
Configuration Management
Information Assurance
Information
Systems/Network Security
Telecommunications
Systems Life Cycle
Information Assurance
Information Assurance
Item
KSA
ID
Statement
Competency
191
Identity Management
199
904
Computer Languages
922
Vulnerabilities Assessment
Vulnerabilities Assessment
1034 KSA
Security
1037 KSA
Risk Management
1132 KSA
1133 KSA
1138 KSA Skill in developing and applying user credential management system.
Infrastructure Design
Contracting/Procurement
Criminal Law
Information
Systems/Network Security
Network Management
Operations Support
Network Management
Identity Management
1139 KSA
1141 KSA
Information Management
1142 KSA
Enterprise Architecture
Infrastructure Design
Item Tas
ID
k
Statement
427
433
Task
472
Task Coordinate with Enterprise Network Defense (END) staff to validate network alerts.
716
Monitor external data sources (e.g., Enterprise Network Defense (END) vendor sites,
Computer Emergency Response Teams, SANS, Security Focus) to maintain currency of
Task
END threat condition and determine which security issues may have an impact on the
enterprise.
723
Task
745
750
Perform event correlation using information gathered from a variety of sources within the
Task enterprise to gain situational awareness and determine the effectiveness of an observed
attack.
800
Task
Provide daily summary reports of network events and activity relevant to Enterprise
Network Defense (END) practices.
823
Task
Receive and analyze network alerts from various sources within the enterprise and
determines possible causes of such alerts.
956
958
Task
Use cyber defense tools for continual monitoring and analysis of system activity to
identify malicious activity.
959
Task
Characterize and analyze network traffic to identify anomalous activity and potential
threats to network resources.
Document and escalate incidents, including event's history, status, and potential impact
for further action, that may cause ongoing and immediate impact to the environment.
Item Tas
ID
k
961
Task
Statement
Employ approved defense-in-depth principles and practices (e.g., defense-in-multiple
places, layered defenses, security robustness).
1010 Task
1102 Task
1103 Task Determine tactics, techniques and procedures (TTPs) for intrusion sets.
1104 Task Examine network topologies to understand data flows through the network.
1105 Task Recommend computing environment vulnerability corrections.
1107 Task Identify and analyze anomalies in network traffic using metadata.
1108 Task
Conduct research, analysis, and correlation across a wide variety of all source data sets
(e.g., indications and warnings).
1109 Task
Validate Intrusion Detection System (IDS) alerts against network traffic using packet
analysis tools.
Item
KSA
ID
Statement
Competency
Infrastructure Design
22
KSA
108
KSA
Risk Management
1157 KSA
Information
Systems/Network Security
Vulnerabilities Assessment
Item
KSA
ID
Statement
Competency
KSA
Vulnerabilities Assessment
19
KSA
27
Cryptography
29
KSA
Computer Forensics
49
KSA
Information
Systems/Network Security
59
61
63
66
81
87
Infrastructure Design
Information
Systems/Network Security
Item
KSA
ID
Statement
Knowledge of new and emerging Information Technology (IT) and cyber
security technologies.
Competency
88
KSA
92
95
KSA
98
Identity Management
Computer Languages
102
105
110
115
138
KSA
148
150
KSA
165
Skill in conducting open source research for troubleshooting novel clientKSA level problems (e.g., online development communities, system security
blogging sites).
175
181
KSA
212
214
KSA
229
233
234
270
271
KSA
Technology Awareness
Infrastructure Design
Vulnerabilities Assessment
Vulnerabilities Assessment
Information Assurance
Computer Network Defense
Information
Systems/Network Security
Encryption
Information
Systems/Network Security
Knowledge Management
Information
Systems/Network Security
Skill in detecting host and network based intrusions via intrusion detection
Computer Network Defense
technologies (e.g., Snort).
Infrastructure Design
Vulnerabilities Assessment
Incident Management
Vulnerabilities Assessment
Infrastructure Design
Computer Network Defense
Infrastructure Design
Item
KSA
ID
Statement
Knowledge of defense-in-depth principles and network security
architecture.
Competency
277
KSA
278
286
KSA Knowledge of file extensions (e.g., .dll, .bat, .zip, .pcap, .gzip).
342
KSA Knowledge of Unix command line (e.g., mkdir, mv, ls, passwd, grep).
347
KSA Knowledge of Windows command line (e.g., ipconfig, netstat, dir, nbtstat).
353
895
KSA
912
KSA
Configuration Management
915
KSA
Information
Systems/Network Security
922
965
KSA
984
985
Configuration Management
990
991
KSA
992
Telecommunications
Operating Systems
Computer Languages
Operating Systems
Computer Network Defense
Information Assurance
Vulnerabilities Assessment
Risk Management
Data Management
Operating Systems
Risk Management
Item
KSA
ID
Statement
Competency
Cryptography
Computer Languages
Computer Languages
Operating Systems
Information
Systems/Network Security
Information
Systems/Network Security
1120 KSA Ability to interpret and incorporate data from multiple tool sources.
Data Management
Operating Systems
1133 KSA
Network Management
Item Tas
ID
k
Statement
470
Task
478
Task
716
738
Monitor external data sources (e.g., Enterprise Network Defense (END) vendor sites,
Computer Emergency Response Teams, SANS, Security Focus) to maintain currency of
Task
END threat condition and determine which security issues may have an impact on the
enterprise.
Perform analysis of log files from a variety of sources (e.g., individual host logs, network
Task traffic logs, firewall logs, and intrusion detection system [IDS] logs) to identify possible
threats to network security.
741
743
Perform Enterprise Network Defense (END) incident triage, to include determining scope,
Task urgency, and potential impact; identifying the specific vulnerability; and making
recommendations that enable expeditious remediation.
755
Task
762
Perform real-time Enterprise Network Defense (END) incident handling (e.g., forensic
Task collections, intrusion correlation and tracking, threat analysis, and direct system
remediation) tasks to support deployable Incident Response Teams (IRTs).
823
Task
Receive and analyze network alerts from various sources within the enterprise and
determines possible causes of such alerts.
861
Task
Track and document Enterprise Network Defense (END) incidents from initial detection
through final resolution.
882
Task
Write and publish cyber defense techniques, guidance, and reports on incident findings
to appropriate constituencies.
Perform initial, forensically sound collection of images and inspect to discern possible
mitigation/remediation on enterprise systems.
Item Tas
ID
k
961
Task
Statement
Employ approved defense-in-depth principles and practices (e.g., defense-in-multiple
places, layered defenses, security robustness).
Collect intrusion artifacts (e.g., source code, malware, trojans) and use discovered data
1030 Task to enable mitigation of potential Enterprise Network Defense (END) incidents within the
enterprise.
1031 Task
Serve as technical expert and liaison to law enforcement personnel and explain incident
details as required.
Item
KSA
ID
Statement
Competency
Infrastructure Design
22
KSA
108
KSA
Risk Management
1157 KSA
Information
Systems/Network Security
Vulnerabilities Assessment
Item
KSA
ID
Statement
Competency
29
KSA
50
KSA
Infrastructure Design
60
KSA
Incident Management
61
66
81
87
Information
Systems/Network Security
93
Vulnerabilities Assessment
105
150
Computer Forensics
Incident Management
Computer Network Defense
Infrastructure Design
Vulnerabilities Assessment
Information
Systems/Network Security
Item
KSA
ID
Statement
153
217
KSA
893
895
KSA
896
897
923
984
991
KSA
992
Competency
Computer Network Defense
Computer Forensics
Information Assurance
Information Assurance
Computer Network Defense
Information Assurance
Information
Systems/Network Security
Computer Network Defense
Computer Network Defense
Computer Network Defense
Computer Network Defense
Item Tas
ID
k
Statement
393
Administer Enterprise Network Defense (END) test bed(s), and test and evaluate new
Task cyber defense applications, rules/signatures, access controls, and configurations of
platforms managed by service provider(s).
471
Coordinate with Enterprise Network Defense (END) Analysts to manage and administer
Task the updating of rules and signatures (e.g., intrusion detection/protection systems, antivirus, and content blacklists) for specialized cyber defense applications.
481
643
Create, edit, and manage changes to network access control lists on specialized
Task Enterprise Network Defense (END) systems (e.g., firewalls and intrusion prevention
systems).
Identify potential conflicts with implementation of any cyber defense tools within the
Task Enterprise Network Defense (END) provider area of responsibility (e.g., tool and signature
testing and optimization).
654
769
960
Task
Item
KSA
ID
Statement
Competency
Infrastructure Design
22
KSA
108
KSA
Risk Management
1157 KSA
Information
Systems/Network Security
Vulnerabilities Assessment
Item
KSA
ID
Statement
Competency
29
KSA
Computer Forensics
49
KSA
Information
Systems/Network Security
59
61
Incident Management
63
Information Assurance
81
87
92
93
Vulnerabilities Assessment
Vulnerabilities Assessment
105
Infrastructure Design
Information
Systems/Network Security
Infrastructure Design
Item
KSA
ID
Statement
Knowledge of the types of Intrusion Detection System (IDS) hardware and
software.
146
KSA
148
150
KSA
157
KSA Skill in applying host/network access controls (e.g., access control list).
227
229
237
KSA Skill in using Virtual Private Network (VPN) devices and encryption.
893
896
900
984
989
1011 KSA Knowledge of processes for reporting network security related incidents.
1012 KSA
Competency
Computer Network Defense
Encryption
Information
Systems/Network Security
Network Management
Computer Network Defense
Incident Management
Encryption
Information Assurance
Computer Network Defense
Web Technology
Computer Network Defense
Telecommunications
Security
Internal Controls
Enterprise Architecture
Item Tas
ID
k
Statement
Analyze organization's Enterprise Network Defense (END) policies and configurations and
evaluate compliance with regulations and organizational directives.
411
Task
448
Task Conduct and/or support authorized penetration testing on enterprise network assets.
685
Task
Maintain deployable cyber defense audit toolkit (e.g., specialized cyber defense software
and hardware) to support Enterprise Network Defense (END) audit missions.
692
Task
784
Task
Prepare audit reports that identify technical and procedural findings, and provide
recommended remediation strategies/solutions.
939
Task
940
941
Task
Assist with the selection of cost-effective security controls to mitigate risk (e.g.,
protection of information, systems and processes).
Item
KSA
ID
Statement
Competency
Infrastructure Design
22
KSA
108
KSA
Risk Management
1157 KSA
Information
Systems/Network Security
Vulnerabilities Assessment
Item
KSA
ID
Statement
Competency
KSA
Vulnerabilities Assessment
KSA
Vulnerabilities Assessment
10
27
29
KSA
63
79
KSA
81
Infrastructure Design
92
Infrastructure Design
95
KSA
102
Vulnerabilities Assessment
Cryptography
Computer Forensics
Information Assurance
Identity Management
Vulnerabilities Assessment
Computer Languages
Item
KSA
ID
Statement
Competency
105
Vulnerabilities Assessment
115
123
Vulnerabilities Assessment
128
150
KSA
157
KSA Skill in applying host/network access controls (e.g., access control list).
160
181
KSA
210
214
KSA
225
226
897
Information Assurance
904
Computer Languages
922
Vulnerabilities Assessment
991
KSA
992
Infrastructure Design
Network Management
Vulnerabilities Assessment
Skill in detecting host and network based intrusions via intrusion detection
Computer Network Defense
technologies (e.g., Snort).
1039 KSA Skill in evaluating the trustworthiness of the supplier and/or product.
1040 KSA
Information
Systems/Network Security
Contracting/Procurement
Criminal Law
Item
KSA
ID
Statement
Competency
Information Management
1142 KSA
Enterprise Architecture
Item Tas
ID
k
Statement
Assist in the gathering and preservation of evidence used in the prosecution of computer
crimes.
429
Task
438
Collect and analyze intrusion artifacts (e.g., source code, malware, and trojans) and use
Task discovered data to enable mitigation of potential Enterprise Network Defense (END)
incidents within the enterprise.
447
Task
Conduct analysis of log files, evidence, and other information in order to determine best
methods for identifying the perpetrator(s) of a network intrusion.
463
Task
Confirm what is known about an intrusion and discover new information, if possible, after
identifying intrusion via dynamic analysis.
480
Create a forensically sound duplicate of the evidence (i.e., forensic image) that ensures
the original evidence is not unintentionally modified, to use for data recovery and
Task analysis processes. This includes, but is not limited to, hard drives, floppy diskettes,
compact discs (CDs), personal digital assistants (PDAs), mobile phones, global positioning
satellite devices (GPSs), and all tape formats.
482
541
Task
564
Task
Document original condition of digital and/or associated evidence (e.g., via digital
photographs, written reports, etc.).
573
Task
Ensure chain of custody is followed for all digital media acquired in accordance with the
Federal Rules of Evidence.
613
Task Examine recovered data for information of relevance to the issue at hand.
620
Task
Employ IT systems and digital storage media to solve and prosecute cybercrimes and
fraud committed against people and property.
Item Tas
ID
k
Statement
622
Formulate a strategy to ensure chain of custody is maintained in such a way that the
Task evidence is not altered (e.g., phones/PDAs need a power source, hard drives need
protection from shock and strong magnetic fields).
636
Task
743
Perform Enterprise Network Defense (END) incident triage, to include determining scope,
Task urgency, and potential impact; identifying the specific vulnerability; and making
recommendations that enable expeditious remediation.
749
Task
752
753
758
Task Perform real-time forensic analysis (e.g., using Helix in conjunction with LiveView).
759
768
771
786
Task
Prepare digital media for imaging by ensuring data integrity (e.g., write blockers in
accordance with standard operating procedures).
799
Task
817
819
Identify digital evidence for examination and analysis in such a way as to avoid
unintentional alteration.
Perform dynamic analysis to boot an image of a drive (without necessarily having the
original drive) to see the intrusion as the user may have seen it in a native environment.
Item Tas
ID
k
Statement
825
Task
839
Task
Review forensic images and other data sources for recovery of potentially relevant
information.
846
Task
Serve as technical experts and liaisons to law enforcement personnel and explain
incident details, provide testimony, etc.
868
Task Extract data using data carving techniques (e.g., Forensic Tool Kit [FTK], Foremost).
870
Task
Capture and analyze network traffic associated with malicious activities using network
monitoring tools.
871
Task
872
Task
882
Task
Write and publish cyber defense techniques, guidance, and reports on incident findings
to appropriate constituencies.
944
Perform static analysis to mount an "image" of a drive (without necessarily having the
original drive).
Item
KSA
ID
Statement
Competency
Infrastructure Design
22
KSA
108
KSA
Risk Management
1157 KSA
Information
Systems/Network Security
Vulnerabilities Assessment
Item
KSA
ID
24
25
29
Statement
61
90
Competency
Data Management
Cryptography
Computer Forensics
Incident Management
Operating Systems
105
113
Operating Systems
114
Computer Forensics
139
Infrastructure Design
193
KSA
Vulnerabilities Assessment
Information Assurance
Item
KSA
ID
Statement
Competency
214
KSA
Vulnerabilities Assessment
217
KSA
Computer Forensics
264
287
KSA
290
KSA
294
KSA
302
KSA
310
KSA
316
340
345
KSA
346
KSA
Knowledge of which system files (e.g., log files, registry files, configuration
files) contain relevant information and where to find those system files.
350
360
KSA
364
369
374
381
KSA
386
389
888
KSA Knowledge of types of digital forensics data and how to recognize them.
Skill in using forensic tool suites (e.g., EnCase, Sleuthkit, Forensic Tool Kit
[FTK]).
Operating Systems
Forensics
Surveillance
Computer Forensics
Criminal Law
Criminal Law
Computer Forensics
Web Technology
Computer Forensics
Reasoning
Computer Forensics
Operating Systems
Forensics
Forensics
Computer Forensics
Operating Systems
Computers and Electronics
Computer Forensics
Item
KSA
ID
Statement
Competency
889
890
KSA
908
923
982
Criminal Law
983
Criminal Law
1033 KSA
Computer Forensics
Computer Forensics
Computer Forensics
Information
Systems/Network Security
Computer Forensics
1087 KSA Skill in deep analysis of captured malicious code (e.g., malware forensics). Computer Network Defense
1088 KSA
Skill in using binary analysis tools (e.g., Hexedit, command code xxd,
hexdump).
Skill in one way hash functions (e.g., Secure Hash Algorithm [SHA],
Message Direct Algorithm [MD5]).
Computer Languages
Vulnerabilities Assessment
Data Management
Computer Forensics
Computer Forensics
Software Development
1095 KSA Knowledge of how different file types can be used for anomalous behavior. Vulnerabilities Assessment
1096 KSA Knowledge of malware analysis tools (e.g., Oily Debug, Ida Pro).
1097 KSA
Item
KSA
ID
Statement
Competency
Computer Network Defense
Computer Forensics
Computer Network Defense
Computer Network Defense
Item Tas
ID
k
Statement
402
429
Task
Assist in the gathering and preservation of evidence used in the prosecution of computer
crimes.
447
Task
Conduct analysis of log files, evidence, and other information in order to determine best
methods for identifying the perpetrator(s) of a network intrusion.
454
Task
507
Task
Determine and develop leads and identify sources of information in order to identify and
prosecute the responsible parties to an intrusion.
512
Task
564
Task
Document original condition of digital and/or associated evidence (e.g., via digital
photographs, written reports, etc.).
597
Establish relationships, if applicable, between the incident response team and other
Task groups, both internal (e.g., legal department) and external (e.g., law enforcement
agencies, vendors, and public relations professionals).
613
Task Examine recovered data for information of relevance to the issue at hand.
620
Task
Employ information technology (IT) systems and digital storage media to solve and
prosecute cybercrimes and fraud committed against people and property.
623
Task
633
Task
Item Tas
ID
k
Statement
635
Task
636
Task
Identify digital evidence for examination and analysis in such a way as to avoid
unintentional alteration.
637
642
Task
Identify outside attackers accessing the system from Internet or insider attackers (e.g.,
authorized users attempting to gain and misuse non-authorized privileges).
649
Task
Identify, collect, and seize documentary or physical evidence, to include digital media
and logs associated with cyber intrusion incidents, investigations, and operations.
663
Task
788
792
843
871
Task
Item
KSA
ID
Statement
Competency
Infrastructure Design
22
KSA
108
KSA
Risk Management
1157 KSA
Information
Systems/Network Security
Vulnerabilities Assessment
Item
KSA
ID
105
217
Statement
Competency
Vulnerabilities Assessment
Computer Forensics
281
290
KSA
310
KSA
316
340
369
Forensics
383
Reasoning
917
Hardware
Forensics
Criminal Law
Criminal Law
Computer Forensics
External Awareness
Item
KSA
ID
Statement
Competency
Criminal Law
Contracting/Procurement
Item Tas
ID
k
Statement
Acquire and maintain a working knowledge of relevant laws, regulations, policies,
standards, or procedures.
390
Task
398
451
Task
539
574
Task
599
Task Evaluate contracts to ensure compliance with funding, legal, and program requirements.
607
612
Task
Evaluate the impact (e.g., costs or benefits) of changes to laws, regulations, policies,
standards, or procedures.
618
Task
655
Task
675
Task Interpret and apply laws, regulations, policies, standards, or procedures to specific issues.
787
Task
Item Tas
ID
k
834
Statement
Item
KSA
ID
Statement
Competency
Infrastructure Design
22
KSA
108
KSA
Risk Management
1157 KSA
Information
Systems/Network Security
Vulnerabilities Assessment
Item
KSA
ID
Statement
27
88
KSA
105
282
Competency
Cryptography
Technology Awareness
Vulnerabilities Assessment
Technology Awareness
297
KSA
300
338
KSA
339
377
KSA
Skill in tracking and analyzing technical and legal trends that will impact
cyber activities.
954
KSA
Contracting/Procurement
981
KSA
Technology Awareness
Organizational Awareness
Reasoning
Organizational Awareness
Criminal Law
Item
KSA
ID
Statement
Competency
Criminal Law
Item Tas
ID
k
Statement
410
424
Task
485
492
Task
524
539
565
594
629
Task
641
720
Task
724
Assess policy needs and collaborate with stakeholders to develop policies to govern
information technology (IT) activities.
Design a cybersecurity strategy that outlines the vision, mission, and goals that align
with the organizations strategic plan.
Identify and address information technology (IT) workforce planning and management
issues, such as recruitment, retention, and training.
Item Tas
ID
k
Statement
812
Task Provide policy guidance to information technology (IT) management, staff, and users.
838
840
Task Review or conduct audits of information technology (IT) programs and projects.
847
854
Task
884
919
Task
Promote awareness of security issues among management and ensure sound security
principles are reflected in the organization's vision and goals.
946
Task
955
Task Draft and publish a supply chain security and risk management policy.
Support the Chief Information Officer (CIO) in the formulation of information technology
(IT)-related policies.
1023 Task Identify and track the status of protected information assets.
1024 Task Apply knowledge of assessment data of identified threats to decision-making processes.
1025 Task Triage protected assets.
1026 Task Oversee development and implementation of high-level control architectures.
1027 Task Translate applicable laws, statutes, and regulatory documents and integrate into policy.
Item Tas
ID
k
1041 Task
Statement
Define and/or implement policies and procedures to ensure protection of critical
infrastructure as appropriate.
Item
KSA
ID
Statement
Competency
Infrastructure Design
22
KSA
108
KSA
Risk Management
1157 KSA
Information
Systems/Network Security
Vulnerabilities Assessment
Item
KSA
ID
Statement
Competency
19
KSA
63
Information Assurance
88
KSA
Technology Awareness
105
244
282
KSA
Technology Awareness
297
KSA
Technology Awareness
320
KSA
External Awareness
336
KSA
Telecommunications
377
KSA
Skill in tracking and analyzing technical and legal trends that will impact
cyber activities.
942
Vulnerabilities Assessment
Technology Awareness
Item
KSA
ID
954
KSA
Statement
Knowledge of import/export control regulations and responsible agencies
for the purposes of reducing supply chain risk.
Competency
Contracting/Procurement
Risk Management
1022 KSA Knowledge of the nature and function of the relevant information structure.
Enterprise Architecture
Criminal Law
1037 KSA
1141 KSA
Risk Management
Infrastructure Design
Criminal Law
Information Management
Item Tas
ID
k
Statement
453
479
490
Task Deliver training courses tailored to the audience and physical environment.
491
Task
504
510
538
Task
551
Task Develop the goals and objectives for cybersecurity training, education, or awareness.
567
Task
606
624
778
Task
779
Task
Plan non-classroom educational techniques and formats (e.g., video courses, personal
coaching, web-based courses).
841
Task
Review training documentation (e.g., Course Content Documents [CCD], lesson plans,
student texts, examinations, Schedules of Instruction [SOI], and course descriptions).
842
Task Revise curriculum end course content based on feedback from previous training sessions.
845
Task
855
885
Task
953
Task
Coordinate with human resources to ensure job announcements are written to reflect
required training, education, and/or experience.
Develop new or identify existing awareness and training materials that are appropriate
for intended audiences.
Serve as an internal consultant and advisor in own area of expertise (e.g., technical,
copyright, print media, electronic media, cartography).
Item
KSA
ID
Statement
Competency
Infrastructure Design
22
KSA
108
KSA
Risk Management
1157 KSA
Information
Systems/Network Security
Vulnerabilities Assessment
Item
KSA
ID
Statement
Knowledge of cyber defense mitigation techniques and vulnerability
assessment tools, including open source tools, and their capabilities.
19
KSA
81
88
KSA
90
Competency
Computer Network Defense
Infrastructure Design
Technology Awareness
Operating Systems
246
KSA
252
KSA
264
282
KSA
314
KSA
Teaching Others
332
KSA
Teaching Others
344
KSA
Multimedia Technologies
Computer Network Defense
Technology Awareness
Operating Systems
Item
KSA
ID
Statement
Competency
359
KSA Skill in developing and executing technical training programs and curricula.
363
376
918
942
Organizational Awareness
952
Technology Awareness
Computer Forensics
Teaching Others
Oral Communication
Teaching Others
Information
Systems/Network Security
Item Tas
ID
k
Statement
Advise appropriate senior leadership or authorizing official of charges affecting the
organization's information assurance (IA) posture.
397
Task
440
Task Collect and maintain data needed to meet system information assurance (IA) reporting.
584
Task
Ensure that information assurance (IA) inspections, tests, and reviews are coordinated for
the network environment.
585
Task
Ensure that information assurance (IA) requirements are integrated into the continuity
planning for that system and/or organization(s).
590
Ensure that protection and detection capabilities are acquired or developed using the
Task Information system security engineering approach and are consistent with organizationlevel information assurance (IA) architecture.
598
Task
600
731
Task
Participate in information security risk assessment during the Security Assessment and
Authorization (SA&A) process.
733
Task
790
Task
Prepare, distribute, and maintain plans, instructions, guidance, and standard operating
procedures concerning the security of network system(s) operations.
Evaluate and approve development efforts to ensure that baseline security safeguards
are appropriately installed.
Item Tas
ID
k
Statement
816
Task
824
Task
Recognize a possible security violation and take appropriate action to report the incident,
as required.
828
Task
852
Task
869
Task
962
Task
963
Task
Ensure plans of actions and milestones or remediation plans are in place for
vulnerabilities identified during risk assessments, audits, inspections, etc.
964
1016 Task
1017 Task
1041 Task
Item
KSA
ID
Statement
Competency
Infrastructure Design
22
KSA
108
KSA
Risk Management
1157 KSA
Information
Systems/Network Security
Vulnerabilities Assessment
Item
KSA
ID
9
KSA
Statement
Knowledge of applicable business processes and operations of customer
organizations.
Competency
Requirements Analysis
37
Incident Management
55
Information Assurance
58
KSA
Information
Systems/Network Security
62
KSA
69
76
KSA
77
88
KSA
Technology Awareness
112
KSA
Information Systems
Security Certification
Information Technology
Performance Assessment
Information
Systems/Network Security
Item
KSA
ID
Statement
Competency
113
121
126
Requirements Analysis
129
KSA
143
KSA
173
183
325
965
KSA
966
KSA
967
1004 KSA
1034 KSA
Operating Systems
Contracting/Procurement
Risk Management
Incident Management
Information
Systems/Network Security
Contracting/Procurement
Security
Criminal Law
Risk Management
Infrastructure Design
Contracting/Procurement
Criminal Law
Information
Systems/Network Security
Item
KSA
ID
1073 KSA
Statement
Knowledge of network systems management principles, models, methods
(e.g., end-to-end systems performance monitoring), and tools.
Competency
Network Management
Item Tas
ID
k
Statement
391
Acquire and manage the necessary resources, including leadership support, financial
Task resources, and key security personnel, to support information technology (IT) security
goals, and reduce overall organizational risk.
392
Task
395
Task
Advise senior management (e.g., Chief Information Officer [CIO]) on risk levels and
security posture.
396
Task
Advise senior management (e.g., Chief Information Officer [CIO]) on cost-benefit analysis
of information security programs, policies, processes, systems, and elements.
445
Task
Communicate the value of information technology (IT) security throughout all levels of
the organization's stakeholders.
473
475
Task
578
Task
596
Task
600
628
Task
640
Task
Item Tas
ID
k
Statement
674
Task
676
Task
677
Task
679
Task
680
Task Lead and oversee information security budget, staffing, and contracting.
705
Task
706
Task
Publish cyber defense techniques and guidance (e.g., Time Compliance Network Orders
[TCNOs], concept of operations, net analyst reports) for the organization.
707
Task
Manage threat or target analysis of adversary's cyber activity information and production
of threat information within the enterprise.
711
Task
Monitor and evaluate the effectiveness of the enterprise's information assurance (IA)
security safeguards to ensure they provide the intended level of protection.
730
801
Task
810
818
Task
848
Provide enterprise information assurance (IA) and supply chain risk management
guidance for development of the Continuity of Operations Plans.
Item Tas
ID
k
Statement
862
Task
Track audit findings and recommendations to ensure appropriate mitigation actions are
taken.
919
Task
Promote awareness of security issues among management and ensure sound security
principles are reflected in the organization's vision and goals.
947
Task
948
Task
Participate in Risk Governance process to provide security risks, mitigations, and input on
other technical risk.
949
1018 Task
1032 Task
1035 Task
Forecast ongoing service demands and ensure security assumptions are reviewed as
necessary.
1041 Task
Item
KSA
ID
Statement
Competency
Infrastructure Design
22
KSA
108
KSA
Risk Management
1157 KSA
Information
Systems/Network Security
Vulnerabilities Assessment
Item
KSA
ID
9
KSA
Statement
Knowledge of applicable business processes and operations of customer
organizations.
Competency
Requirements Analysis
25
29
KSA
37
49
KSA
55
Information Assurance
61
Incident Management
62
KSA
66
81
87
Cryptography
Computer Forensics
Incident Management
Information
Systems/Network Security
Infrastructure Design
Information
Systems/Network Security
Item
KSA
ID
Statement
Knowledge of new and emerging Information Technology (IT) and cyber
security technologies.
88
KSA
92
95
KSA
105
107
110
KSA
112
KSA
113
126
129
KSA
132
150
KSA
299
KSA
916
1033 KSA
Technology Awareness
Infrastructure Design
Vulnerabilities Assessment
Vulnerabilities Assessment
Project Management
Information Assurance
Systems Life Cycle
Operating Systems
Requirements Analysis
Competency
Criminal Law
Risk Management
Infrastructure Design
Contracting/Procurement
Item
KSA
ID
Statement
Competency
1040 KSA
Criminal Law
Information
Systems/Network Security
1073 KSA
Network Management
1131 KSA
Enterprise Architecture
1141 KSA
Information Management
Item Tas
ID
k
Statement
537
Task Develop methods to monitor and measure risk, compliance, and assurance efforts.
548
Develop specifications to ensure risk, compliance, and assurance efforts conform with
Task security, resilience, and dependability requirements at the software application, system,
and network environment level.
566
Task Draft statements of preliminary or residual security risks for system operation.
691
696
Task
710
Task
Monitor and evaluate a systems compliance with information technology (IT) security,
resilience, and dependability requirements.
772
Task
Perform validation steps, comparing actual results with expected results and analyze the
differences to identify impact and risks.
775
Task
Plan and conduct security authorization reviews and assurance case development for
initial installation of systems and networks.
798
827
Task
836
Task
Review authorization and assurance documents to confirm that the level of risk is within
acceptable limits for each software application, system, and network.
878
Item Tas
ID
k
Statement
879
Task
936
Task
Develop security compliance processes and/or audits for external services (e.g., cloud
service providers, data centers).
937
Task
Inspect continuous monitoring results to confirm that the level of risk is within acceptable
limits for the software application, network, or system.
Develop and Implement information assurance (IA) independent audit processes for
application software/networks/systems and oversee ongoing independent audits to
1146 Task ensure that operational processes and procedures are in compliance with organizational
and mandatory IA requirements and accurately followed by Systems Administrators and
other cybersecurity staff when performing their day-to-day activities.
Item
KSA
ID
Statement
Competency
Infrastructure Design
22
KSA
108
KSA
Risk Management
1157 KSA
Information
Systems/Network Security
Vulnerabilities Assessment
Item
KSA
ID
Statement
Competency
19
KSA
27
Cryptography
58
KSA
63
69
77
88
KSA
121
128
143
KSA
Information
Systems/Network Security
Information Assurance
Information Systems
Security Certification
Information
Systems/Network Security
Technology Awareness
Logical Systems Design
Systems Testing and
Evaluation
Enterprise Architecture
Item
KSA
ID
Statement
Competency
183
203
Information Technology
Performance Assessment
942
Organizational Awareness
1034 KSA
Information Assurance
Security
Criminal Law
Risk Management
Infrastructure Design
Contracting/Procurement
Criminal Law
Information
Systems/Network Security
1131 KSA
1141 KSA
Information Management
1142 KSA
Enterprise Architecture
Enterprise Architecture
Item Tas
ID
k
Statement
394
464
Task
Construct access paths to suites of information (e.g., link pages) to facilitate access by
end-users.
505
Task
Design, build, implement, and maintain a knowledge management system that provides
end-users access to the organizations intellectual capital.
513
519
Task
721
Task Monitor and report the usage of knowledge management assets and resources.
777
794
814
Task
Develop and implement control procedures into the testing and development of core
information technology (IT) based knowledge management systems.
Provide recommendations on data structures and databases that ensure correct and
quality production of reports/management information.
Item
KSA
ID
Statement
Competency
Infrastructure Design
22
KSA
108
KSA
Risk Management
1157 KSA
Information
Systems/Network Security
Vulnerabilities Assessment
Item
KSA
ID
Statement
KSA
19
KSA
77
134
Competency
Knowledge Management
Computer Network Defense
Information
Systems/Network Security
Technology Awareness
135
136
KSA
163
164
KSA
223
Knowledge Management
230
Knowledge Management
338
KSA
Data Management
Technology Awareness
Computer Skills
Knowledge Management
Reasoning
Item
KSA
ID
Statement
Competency
907
Data Management
910
Data Management
942
1034 KSA
1129 KSA
1136 KSA
1141 KSA
Organizational Awareness
Security
Distributed Systems
Data Management
Communications Security
Management
Infrastructure Design
Information Management