NICE Framework Components v1.0.0

NICE Framework Components Version 1.0.
0
March 2024
Note to readers:
This workbook contains components of the Workforce Framework for Cybersecurity (NICE Framework) published on
include all elements of the NICE Framework structure as described in NIST Special Publication 800-181, Revision 1, p
(1) Task, Knowledge, and Skill (TKS) Statements
(2) Work Role Categories and Work Roles
(3) Competency Areas
In addition, the spreadsheet identifies the connections between the TKS statements and the Work Roles. NICE Fram
in this version and statements associated with these areas are in development and not yet available.
Users of the previous version of the NICE Framework components may want to refer to the 2017 to v1.0.0 mapping
Additional information can be found on the NICE Framework Resource Center.
Additional Resources:
NICE Framework Components Mapping: 2017 to Version 1.0.0 (March 2024) (XLSX)
NICE Framework History & Change Logs
Workforce Framework for Cybersecurity (NICE Framework) (NIST Special Publication 800-181, revision 1)
NICE Framework Resource Center
Work Role Work Role Description Work Role ID
OVERSIGHT and GOVERNANCE (OG) – Provides leadership, management, direction, and advocacy so the organization may effectively manage cybersecurity-related r
cybersecurity work.
Communications Security (COMSEC) Responsible for managing the Communications Security (COMSEC) resources of an organization. OG-WRL-001
Management
Cybersecurity Policy and Planning Responsible for developing and maintaining cybersecurity plans, strategy, and policy to support and OG-WRL-002
align with organizational cybersecurity initiatives and regulatory compliance.
Responsible for developing cybersecurity workforce plans, assessments, strategies, and guidance,
Cybersecurity Workforce including cybersecurity-related staff training, education, and hiring processes. Makes adjustments in
Management response to or in anticipation of changes to cybersecurity-related policy, technology, and staffing OG-WRL-003
needs and requirements. Authors mandated workforce planning strategies to maintain compliance
with legislation, regulation, and policy.
Cybersecurity Curriculum Responsible for developing, planning, coordinating, and evaluating cybersecurity awareness,
Development training, or education content, methods, and techniques based on instructional needs and OG-WRL-004
requirements.
Cybersecurity Instruction Responsible for developing and conducting cybersecurity awareness, training, or education. OG-WRL-005
Cybersecurity Legal Advice Responsible for providing cybersecurity legal advice and recommendations, including monitoring OG-WRL-006
related legislation and regulations.
Responsible for establishing vision and direction for an organization's cybersecurity operations and
resources and their impact on digital and physical spaces. Possesses authority to make and execute
Executive Cybersecurity Leadership decisions that impact an organization broadly, including policy approval and stakeholder OG-WRL-007
engagement.
Responsible for developing and overseeing an organization’s privacy compliance program and staff,
Privacy Compliance including establishing and managing privacy-related governance, policy, and incident response OG-WRL-008
needs.
Responsible for planning, estimating costs, budgeting, developing, implementing, and managing
Product Support Management product support strategies in order to field and maintain the readiness and operational capability of OG-WRL-009
systems and components.
Program Management Responsible for leading, coordinating, and the overall success of a defined program. Includes
communicating about the program and ensuring alignment with agency or organizational priorities. OG-WRL-010
Responsible for overseeing and directly managing technology projects. Ensures cybersecurity is built
into projects to protect the organization’s critical infrastructure and assets, reduce risk, and meet
Secure Project Management organizational goals. Tracks and communicates project status and demonstrates project value to the OG-WRL-011
organization.
Responsible for conducting independent comprehensive assessments of management, operational,

Security Control Assessment and technical security controls and control enhancements employed within or inherited by a system OG-WRL-012
to determine their overall effectiveness.
Responsible for operating an information system at an acceptable level of risk to organizational

Systems Authorization operations, organizational assets, individuals, other organizations, and the nation. OG-WRL-013
Systems Security Management Responsible for managing the cybersecurity of a program, organization, system, or enclave. OG-WRL-014
Technology Portfolio Management Responsible for managing a portfolio of technology investments that align with the overall needs of OG-WRL-015
mission and enterprise priorities.
Technology Program Auditing Responsible for conducting evaluations of technology programs or their individual components to OG-WRL-016
determine compliance with published standards.
DESIGN and DEVELOPMENT (DD) – Conducts research, conceptualizes, designs, develops, and tests secure technology systems, including on perimeter and
Responsible for ensuring that security requirements are adequately addressed in all aspects of
Cybersecurity Architecture enterprise architecture, including reference models, segment and solution architectures, and the DD-WRL-001
resulting systems that protect and support organizational mission and business processes.
Responsible for developing and maintaining business, systems, and information processes to
Enterprise Architecture support enterprise mission needs. Develops technology rules and requirements that describe DD-WRL-002
baseline and target architectures.
Secure Software Development Responsible for developing, creating, modifying, and maintaining computer applications, software, DD-WRL-003
or specialized utility programs.
Secure Systems Development Responsible for the secure design, development, and testing of systems and the evaluation of DD-WRL-004
system security throughout the systems development life cycle.
Software Security Assessment Responsible for analyzing the security of new or existing computer applications, software, or DD-WRL-005
specialized utility programs and delivering actionable results.
Systems Requirements Planning Responsible for consulting with internal and external customers to evaluate and translate functional DD-WRL-006
requirements and integrating security policies into technical solutions.
Systems Testing and Evaluation Responsible for planning, preparing, and executing system tests; evaluating test results against DD-WRL-007
specifications and requirements; and reporting test results and findings.
Technology Research and Responsible for conducting software and systems engineering and software systems research to
Development develop new capabilities with fully integrated cybersecurity. Conducts comprehensive technology DD-WRL-008
research to evaluate potential vulnerabilities in cyberspace systems.
IMPLEMENTATION and OPERATION (IO) – Provides implementation, administration, configuration, operation, and maintenance to ensure effective and efficient technol
Responsible for analyzing data from multiple disparate sources to provide cybersecurity and privacy
Data Analysis insight. Designs and implements custom algorithms, workflow processes, and layouts for complex, IO-WRL-001
enterprise-scale data sets used for modeling, data mining, and research purposes.
Database Administration Responsible for administering databases and data management systems that allow for the secure IO-WRL-002
storage, query, protection, and utilization of data.
Knowledge Management Responsible for managing and administering processes and tools to identify, document, and access IO-WRL-003
an organization’s intellectual capital.
Network Operations Responsible for planning, implementing, and operating network services and systems, including IO-WRL-004
hardware and virtual environments.
Responsible for setting up and maintaining a system or specific components of a system in

adherence with organizational security policies and procedures. Includes hardware and software
Systems Administration installation, configuration, and updates; user account management; backup and recovery IO-WRL-005
management; and security control implementation.
Responsible for developing and analyzing the integration, testing, operations, and maintenance of
Systems Security Analysis systems security. Prepares, performs, and manages the security aspects of implementing and IO-WRL-006
operating a system.
Responsible for providing technical support to customers who need assistance utilizing client-level
Technical Support hardware and software in accordance with established or approved organizational policies and IO-WRL-007
processes.
PROTECTION and DEFENSE (PD) – Protects against, identifies, and analyzes risks to technology systems or networks. Includes investigation of cybersecurity events or crim
networks.
Defensive Cybersecurity Responsible for analyzing data collected from various cybersecurity defense tools to mitigate risks. PD-WRL-001
Digital Forensics Responsible for analyzing digital evidence from computer security incidents to derive useful PD-WRL-002
information in support of system and network vulnerability mitigation.
Incident Response Responsible for investigating, analyzing, and responding to network cybersecurity incidents. PD-WRL-003
Infrastructure Support Responsible for testing, implementing, deploying, maintaining, and administering infrastructure PD-WRL-004
hardware and software for cybersecurity.
Responsible for identifying and assessing the capabilities and activities of cybersecurity insider
Insider Threat Analysis threats; produces findings to help initialize and support law enforcement and counterintelligence PD-WRL-005
activities and investigations.
Responsible for collecting, processing, analyzing, and disseminating cybersecurity threat

Threat Analysis assessments. Develops cybersecurity indicators to maintain awareness of the status of the highly PD-WRL-006
dynamic operating environment.
Responsible for assessing systems and networks to identify deviations from acceptable
Vulnerability Analysis configurations, enclave policy, or local policy. Measure effectiveness of defense-in-depth PD-WRL-007
architecture against known vulnerabilities.
INVESTIGATION (IN) – Conducts national cybersecurity and cybercrime investigations, including the collection, management, and analysis of dig
Responsible for investigating cyberspace intrusion incidents and crimes. Applies tactics, techniques,
Cybercrime Investigation and procedures for a full range of investigative tools and processes and appropriately balances the IN-WRL-001
benefits of prosecution versus intelligence gathering.
Digital Evidence Analysis Responsible for identifying, collecting, examining, and preserving digital evidence using controlled IN-WRL-002
and documented analytical and investigative techniques.
CYBERSPACE INTELLIGENCE (CI) – Collects, processes, analyzes, and disseminates information from all sources of intelligence on foreign actors' cyberspace programs, in
development, and operational activities.
Responsible for analyzing data and information from one or multiple sources to conduct preparation
All-Source Analysis of the operational environment, respond to requests for information, and submit intelligence CI-WRL-001
collection and production requirements in support of intelligence planning and operations.
Responsible for identifying intelligence collection authorities and environment; incorporating

priority information requirements into intelligence collection management; and developing
All-Source Collection Management concepts to meet leadership's intent. Determines capabilities of available intelligence collection CI-WRL-002
assets; constructs and disseminates intelligence collection plans; and monitors execution of
intelligence collection tasks to ensure effective execution of collection plans.
Responsible for evaluating intelligence collection operations and developing effects-based collection
All-Source Collection Requirements requirements strategies using available sources and methods to improve collection. Develops,
Management processes, validates, and coordinates submission of intelligence collection requirements. Evaluates CI-WRL-003
performance of intelligence collection assets and operations.
Responsible for developing intelligence plans to satisfy cyber operation requirements. Identifies,
validates, and levies requirements for intelligence collection and analysis. Participates in targeting
Cyber Intelligence Planning selection, validation, synchronization, and execution of cyber actions. Synchronizes intelligence CI-WRL-004
activities to support organization objectives in cyberspace.
Responsible for applying language and cultural expertise with target, threat, and technical
knowledge to process, analyze, and disseminate intelligence information derived from lanugage,
Multi-Disciplined Language Analysis voice, and/or graphic materials. Creates and maintains language-specific databases and working aids CI-WRL-005
to support cyber action execution and ensure critical knowledge sharing. Provides subject matter
experise in foreign language-intensive or interdisciplinary projects.
CYBERSPACE EFFECTS (CE) – Plans, supports, and executes cyberspace capabilities where the primary purpose is to externally defend or conduct force projectio
Responsible for gathering evidence on criminal or foreign intelligence entities to mitigate and
protect against possible or real-time threats. Conducts collection, processing, and geolocation of
Cyberspace Operations systems to exploit, locate, and track targets. Performs network navigation and tactical forensic CE-WRL-001
analysis and executes on-net operations when directed.
Cyber Operations Planning Responsible for developing cybersecurity operations plans; participating in targeting selection, CE-WRL-002
validation, and synchronization; and enabling integration during the execution of cyber actions.
Responsible for identifying access and intelligence collection gaps that can be satisfied through
Exploitation Analysis cyber collection and/or preparation activities. Leverages all authorized resources and analytic CE-WRL-003
techniques to penetrate targeted networks.
Responsible for developing assessment plans and performance measures; conducting strategic and
Mission Assessment operational effectiveness assessments for cyber events; determining whether systems perform as CE-WRL-004
expected; and providing input to the determination of operational effectiveness.
Responsible for advancing cooperation across organizaitonal or national borders betwen cyber
Partner Integration Planning operations partners. Provides guidance, resources, and collaboration to develop best practices and CE-WRL-005
facilitate organizational support for achieving objectives in integrated cyber actions.
Responsible for conducting target development at the system, component, and entity levels. Builds
and maintains electronic target folders to include inputs from environment preparation and/or
Target Analysis internal or external intelligence sources. Coordinates with partner target working groups and CE-WRL-006
intelligence community members, and presents candidate targets for vetting and validation.
Assesses and reports on damage resulting from the application of military force and coordinates
federal support as required.
Responsible for conducting advanced analysis of collection and open-source data to ensure target
continuity; profiling targets and their activities; and developing techniques to gain target
Target Network Analysis information. Determines how targets communicate, move, operate, and live based on knowledge of CE-WRL-007
target technologies, digital networks, and applications.
TKS Statement ID
K0018
K0055
K0064
K0068
K0092
K0159
K0176
K0359
K0375
K0470
K0476
K0480
K0498
K0540
K0551
K0635
K0636
K0637
K0638
K0639
K0640
K0641
K0642
K0643
K0644
K0645
K0646
K0647
K0648
K0649
K0650
K0651
K0652
K0653
K0654
K0655
K0656
K0657
K0658
K0659
K0660
K0661
K0662
K0663
K0664
K0666
K0667
K0668
K0669
K0670
K0671
K0672
K0673
K0674
K0675
K0676
K0677
K0678
K0679
K0680
K0681
K0682
K0683
K0684
K0685
K0686
K0687
K0688
K0689
K0690
K0691
K0692
K0693
K0694
K0695
K0696
K0697
K0698
K0699
K0700
K0701
K0702
K0703
K0704
K0705
K0706
K0707
K0708
K0709
K0710
K0711
K0712
K0713
K0714
K0715
K0716
K0717
K0718
K0719
K0720
K0721
K0722
K0723
K0724
K0725
K0726
K0727
K0728
K0729
K0730
K0731
K0732
K0733
K0734
K0735
K0736
K0737
K0738
K0739
K0740
K0741
K0742
K0743
K0744
K0745
K0746
K0747
K0748
K0749
K0750
K0751
K0752
K0753
K0754
K0755
K0756
K0757
K0758
K0759
K0760
K0761
K0762
K0763
K0764
K0765
K0766
K0767
K0768
K0769
K0770
K0771
K0772
K0773
K0774
K0775
K0776
K0777
K0778
K0779
K0780
K0781
K0782
K0783
K0784
K0785
K0786
K0787
K0788
K0789
K0790
K0791
K0792
K0793
K0794
K0795
K0796
K0797
K0798
K0799
K0800
K0801
K0802
K0803
K0804
K0805
K0806
K0807
K0808
K0809
K0810
K0811
K0812
K0813
K0814
K0815
K0816
K0817
K0818
K0819
K0820
K0821
K0822
K0823
K0824
K0825
K0826
K0827
K0828
K0829
K0830
K0831
K0832
K0833
K0834
K0835
K0836
K0837
K0838
K0839
K0840
K0841
K0842
K0844
K0845
K0846
K0847
K0848
K0849
K0850
K0851
K0852
K0853
K0854
K0855
K0856
K0857
K0858
K0859
K0860
K0861
K0862
K0863
K0864
K0865
K0866
K0867
K0868
K0869
K0870
K0871
K0872
K0873
K0874
K0875
K0876
K0877
K0878
K0879
K0880
K0881
K0882
K0883
K0884
K0885
K0886
K0887
K0888
K0889
K0890
K0891
K0892
K0893
K0894
K0895
K0896
K0897
K0898
K0899
K0900
K0901
K0902
K0903
K0904
K0905
K0906
K0907
K0908
K0909
K0910
K0911
K0912
K0913
K0914
K0915
K0916
K0917
K0918
K0919
K0920
K0921
K0922
K0923
K0924
K0925
K0926
K0927
K0928
K0929
K0930
K0931
K0932
K0933
K0934
K0935
K0936
K0937
K0938
K0939
K0940
K0941
K0942
K0943
K0944
K0945
K0946
K0947
K0948
K0949
K0950
K0951
K0952
K0953
K0954
K0955
K0956
K0957
K0958
K0959
K0960
K0961
K0962
K0963
K0964
K0965
K0966
K0967
K0968
K0969
K0970
K0971
K0972
K0973
K0974
K0975
K0976
K0977
K0978
K0979
K0980
K0981
K0983
K0984
K0985
K0986
K0987
K0988
K0989
K0990
K0991
K0992
K0993
K0994
K0995
K0996
K0998
K0999
K1000
K1001
K1002
K1003
K1004
K1005
K1006
K1007
K1008
K1009
K1010
K1011
K1012
K1013
K1014
K1015
K1016
K1017
K1019
K1020
K1021
K1023
K1024
K1025
K1026
K1027
K1028
K1029
K1030
K1031
K1032
K1033
K1034
K1035
K1036
K1037
K1038
K1039
K1040
K1041
K1042
K1043
K1045
K1046
K1047
K1048
K1049
K1050
K1051
K1052
K1053
K1054
K1055
K1056
K1057
K1058
K1059
K1060
K1061
K1062
K1063
K1064
K1065
K1066
K1067
K1068
K1069
K1070
K1071
K1072
K1073
K1074
K1076
K1077
K1078
K1079
K1080
K1081
K1082
K1083
K1084
K1085
K1086
K1087
K1088
K1089
K1090
K1091
K1092
K1093
K1094
K1095
K1096
K1097
K1098
K1099
K1100
K1101
K1102
K1103
K1104
K1105
K1106
K1107
K1108
K1109
K1110
K1111
K1112
K1113
K1114
K1115
K1116
K1117
K1118
K1119
K1120
K1121
K1122
K1123
K1124
K1125
K1126
K1127
K1128
K1129
K1130
K1131
K1132
K1133
K1135
K1137
K1138
K1139
K1140
K1143
K1144
K1145
K1146
K1147
K1148
K1149
K1150
K1151
K1152
K1153
K1154
K1155
K1156
K1157
K1158
K1159
K1160
K1161
K1162
K1163
K1164
K1165
K1166
K1167
K1168
K1169
K1170
K1171
K1172
K1173
K1174
K1175
K1176
K1177
K1178
K1179
K1180
K1181
K1182
K1183
K1184
K1185
K1186
K1187
K1188
K1189
K1190
K1191
K1192
K1193
K1194
K1195
K1196
K1197
K1198
K1200
K1201
K1202
K1203
K1205
K1206
K1207
K1208
K1209
K1210
K1211
K1212
K1213
K1214
K1215
K1216
K1217
K1218
K1219
K1220
K1221
K1222
K1223
K1224
K1225
K1226
K1227
K1228
K1229
K1230
K1231
K1232
K1233
K1234
K1235
K1236
K1237
K1238
K1239
K1240
K1241
K1242
K1243
K1244
K1245
K1246
K1247
K1248
K1249
K1250
K1251
K1252
K1253
K1254
K1255
K1256
K1257
K1258
K1259
K1260
K1261
K1262
K1263
K1265
K1267
K1268
K1269
K1270
K1271
K1272
K1273
K1274
K1275
S0011
S0015
S0028
S0029
S0035
S0045
S0048
S0066
S0077
S0080
S0097
S0109
S0111
S0114
S0118
S0136
S0141
S0156
S0172
S0175
S0177
S0182
S0186
S0194
S0208
S0214
S0221
S0248
S0252
S0283
S0310
S0335
S0375
S0378
S0379
S0380
S0381
S0382
S0383
S0384
S0385
S0386
S0387
S0388
S0389
S0390
S0391
S0392
S0393
S0394
S0395
S0396
S0397
S0398
S0399
S0400
S0401
S0402
S0403
S0404
S0405
S0406
S0407
S0408
S0409
S0410
S0411
S0412
S0413
S0414
S0415
S0416
S0417
S0418
S0419
S0420
S0421
S0422
S0423
S0424
S0425
S0426
S0427
S0428
S0429
S0430
S0431
S0432
S0433
S0434
S0435
S0436
S0437
S0438
S0439
S0440
S0441
S0442
S0443
S0444
S0446
S0447
S0448
S0449
S0450
S0451
S0452
S0453
S0454
S0455
S0456
S0457
S0458
S0459
S0460
S0461
S0462
S0463
S0464
S0465
S0466
S0467
S0468
S0469
S0470
S0471
S0472
S0473
S0474
S0475
S0476
S0477
S0478
S0479
S0480
S0481
S0482
S0483
S0484
S0485
S0486
S0487
S0488
S0489
S0490
S0491
S0492
S0493
S0494
S0495
S0496
S0497
S0498
S0499
S0500
S0501
S0502
S0503
S0504
S0505
S0506
S0507
S0508
S0509
S0511
S0512
S0513
S0514
S0515
S0516
S0517
S0518
S0519
S0520
S0521
S0522
S0523
S0524
S0525
S0526
S0527
S0528
S0529
S0530
S0531
S0532
S0533
S0534
S0535
S0536
S0537
S0538
S0539
S0540
S0541
S0542
S0543
S0544
S0545
S0546
S0547
S0548
S0549
S0550
S0551
S0552
S0553
S0554
S0555
S0556
S0557
S0558
S0559
S0560
S0561
S0562
S0563
S0564
S0565
S0566
S0567
S0568
S0569
S0570
S0571
S0572
S0573
S0574
S0575
S0576
S0577
S0578
S0579
S0580
S0581
S0582
S0583
S0584
S0585
S0586
S0587
S0588
S0589
S0590
S0591
S0592
S0593
S0594
S0595
S0596
S0597
S0598
S0599
S0600
S0601
S0602
S0603
S0604
S0605
S0606
S0607
S0608
S0609
S0610
S0611
S0612
S0613
S0614
S0615
S0616
S0617
S0618
S0619
S0620
S0621
S0622
S0623
S0624
S0625
S0626
S0627
S0628
S0629
S0630
S0631
S0632
S0633
S0634
S0635
S0636
S0637
S0638
S0639
S0640
S0641
S0642
S0643
S0644
S0645
S0646
S0647
S0648
S0649
S0650
S0651
S0652
S0653
S0654
S0655
S0656
S0657
S0658
S0659
S0660
S0661
S0662
S0663
S0664
S0665
S0666
S0667
S0668
S0669
S0670
S0671
S0672
S0673
S0674
S0675
S0677
S0678
S0679
S0680
S0681
S0682
S0683
S0685
S0686
S0687
S0688
S0689
S0690
S0692
S0693
S0694
S0695
S0696
S0697
S0698
S0699
S0700
S0701
S0702
S0703
S0704
S0705
S0706
S0707
S0708
S0709
S0710
S0711
S0712
S0713
S0714
S0715
S0716
S0717
S0718
S0719
S0720
S0721
S0722
S0723
S0724
S0725
S0726
S0727
S0728
S0729
S0731
S0732
S0733
S0734
S0735
S0736
S0737
S0738
S0739
S0740
S0741
S0743
S0744
S0745
S0746
S0747
S0748
S0749
S0750
S0751
S0752
S0753
S0754
S0755
S0756
S0757
S0758
S0759
S0760
S0761
S0762
S0763
S0764
S0765
S0766
S0767
S0768
S0769
S0770
S0771
S0772
S0773
S0774
S0775
S0776
S0777
S0778
S0779
S0780
S0781
S0782
S0783
S0784
S0785
S0786
S0787
S0788
S0789
S0790
S0791
S0792
S0793
S0794
S0795
S0796
S0797
S0798
S0799
S0800
S0801
S0802
S0803
S0804
S0805
S0806
S0807
S0808
S0809
S0810
S0811
S0812
S0813
S0814
S0815
S0816
S0817
S0818
S0819
S0820
S0821
S0822
S0824
S0825
S0826
S0827
S0828
S0829
S0830
S0831
S0832
S0833
S0834
S0835
S0836
S0837
S0838
S0839
S0840
S0841
S0842
S0843
S0844
S0845
S0846
S0847
S0848
S0850
S0851
S0852
S0853
S0854
S0855
S0856
S0857
S0858
S0859
S0860
S0861
S0862
S0863
S0864
S0865
S0866
S0867
S0868
S0869
S0870
S0871
S0872
S0873
S0874
S0875
S0876
S0877
S0878
S0879
S0880
S0881
S0882
S0883
S0884
S0885
S0886
S0888
S0889
S0890
S0891
S0892
S0893
S0896
S0897
S0898
S0899
S0900
S0902
S0904
S0905
S0906
S0907
S0908
S0909
S0910
S0911
S0912
S0913
S0916
T0006
T0020
T0067
T0068
T0077
T0080
T0081
T0084
T0101
T0116
T0122
T0124
T0126
T0129
T0137
T0141
T0153
T0164
T0167
T0168
T0172
T0173
T0179
T0182
T0193
T0220
T0226
T0235
T0237
T0262
T0271
T0274
T0292
T0299
T0309
T0311
T0330
T0349
T0383
T0397
T0412
T0422
T0431
T0437
T0459
T0460
T0495
T0510
T0512
T0513
T0531
T0542
T0565
T0569
T0577
T0578
T0591
T0611
T0624
T0630
T0645
T0650
T0684
T0685
T0686
T0698
T0704
T0707
T0717
T0718
T0723
T0729
T0734
T0737
T0741
T0742
T0744
T0751
T0769
T0775
T0776
T0778
T0796
T0818
T0845
T0858
T0898
T0934
T0937
T0942
T0960
T1008
T1009
T1010
T1011
T1012
T1013
T1014
T1015
T1016
T1017
T1018
T1019
T1020
T1021
T1022
T1023
T1024
T1025
T1026
T1027
T1028
T1029
T1030
T1031
T1032
T1033
T1034
T1035
T1036
T1037
T1038
T1039
T1040
T1041
T1042
T1043
T1044
T1045
T1046
T1047
T1048
T1049
T1050
T1051
T1052
T1053
T1054
T1055
T1056
T1057
T1058
T1059
T1060
T1061
T1062
T1063
T1064
T1065
T1066
T1067
T1068
T1069
T1070
T1071
T1072
T1073
T1074
T1075
T1076
T1077
T1078
T1079
T1081
T1082
T1083
T1084
T1085
T1086
T1087
T1088
T1089
T1090
T1091
T1092
T1093
T1094
T1095
T1096
T1097
T1098
T1099
T1100
T1101
T1102
T1103
T1104
T1105
T1106
T1107
T1108
T1109
T1110
T1111
T1112
T1113
T1114
T1115
T1116
T1117
T1118
T1119
T1120
T1121
T1122
T1123
T1124
T1125
T1126
T1127
T1128
T1129
T1130
T1131
T1132
T1133
T1134
T1135
T1136
T1137
T1138
T1139
T1140
T1141
T1142
T1143
T1144
T1145
T1146
T1148
T1149
T1150
T1151
T1152
T1153
T1154
T1155
T1156
T1157
T1158
T1159
T1160
T1161
T1162
T1163
T1164
T1165
T1166
T1168
T1169
T1170
T1172
T1173
T1174
T1175
T1176
T1177
T1178
T1179
T1180
T1181
T1182
T1183
T1184
T1185
T1186
T1187
T1188
T1189
T1190
T1191
T1192
T1193
T1194
T1195
T1196
T1197
T1198
T1199
T1200
T1201
T1202
T1203
T1204
T1205
T1206
T1207
T1208
T1209
T1210
T1211
T1212
T1214
T1215
T1217
T1218
T1219
T1221
T1222
T1223
T1224
T1225
T1226
T1227
T1228
T1229
T1230
T1231
T1232
T1233
T1234
T1235
T1236
T1237
T1238
T1239
T1240
T1241
T1242
T1243
T1244
T1245
T1246
T1247
T1248
T1249
T1250
T1251
T1252
T1253
T1254
T1255
T1256
T1257
T1258
T1259
T1260
T1261
T1262
T1263
T1264
T1265
T1266
T1267
T1268
T1269
T1270
T1271
T1272
T1273
T1274
T1275
T1276
T1277
T1278
T1279
T1280
T1281
T1282
T1283
T1284
T1285
T1286
T1287
T1288
T1289
T1290
T1291
T1292
T1293
T1294
T1295
T1296
T1297
T1298
T1299
T1300
T1301
T1302
T1303
T1304
T1305
T1306
T1307
T1308
T1309
T1310
T1311
T1312
T1313
T1314
T1315
T1316
T1317
T1318
T1319
T1320
T1321
T1322
T1323
T1324
T1325
T1326
T1327
T1328
T1329
T1330
T1331
T1332
T1333
T1334
T1335
T1336
T1337
T1338
T1339
T1340
T1341
T1342
T1343
T1344
T1345
T1346
T1347
T1348
T1349
T1350
T1351
T1352
T1353
T1354
T1355
T1356
T1357
T1358
T1359
T1360
T1361
T1362
T1363
T1364
T1365
T1366
T1367
T1368
T1369
T1370
T1371
T1372
T1373
T1374
T1375
T1376
T1377
T1378
T1379
T1380
T1381
T1382
T1383
T1384
T1385
T1386
T1387
T1388
T1389
T1390
T1391
T1392
T1393
T1394
T1395
T1396
T1397
T1398
T1399
T1400
T1401
T1402
T1403
T1404
T1405
T1406
T1407
T1408
T1409
T1410
T1411
T1412
T1413
T1414
T1415
T1416
T1417
T1418
T1419
T1420
T1421
T1422
T1423
T1424
T1425
T1426
T1427
T1428
T1429
T1430
T1431
T1432
T1433
T1434
T1435
T1436
T1437
T1438
T1439
T1440
T1441
T1442
T1443
T1444
T1445
T1446
T1447
T1448
T1449
T1450
T1451
T1452
T1453
T1454
T1455
T1456
T1457
T1458
T1459
T1460
T1461
T1462
T1463
T1464
T1465
T1466
T1467
T1468
T1469
T1470
T1471
T1472
T1473
T1474
T1475
T1476
T1477
T1478
T1479
T1480
T1481
T1482
T1483
T1484
T1485
T1486
T1487
T1488
T1489
T1490
T1491
T1492
T1493
T1494
T1495
T1496
T1497
T1498
T1499
T1500
T1501
T1502
T1503
T1504
T1505
T1506
T1507
T1508
T1509
T1510
T1511
T1512
T1513
T1514
T1515
T1516
T1517
T1518
T1519
T1520
T1521
T1522
T1523
T1524
T1525
T1526
T1527
T1528
T1529
T1530
T1531
T1532
T1533
T1534
T1535
T1537
T1538
T1539
T1540
T1541
T1542
T1543
T1544
T1545
T1546
T1547
T1548
T1549
T1550
T1551
T1552
T1553
T1554
T1555
T1556
T1557
T1559
T1560
T1561
T1562
T1563
T1564
T1565
T1566
T1567
T1568
T1569
T1570
T1571
T1572
T1573
T1574
T1575
T1576
T1577
T1578
T1579
T1580
T1581
T1582
T1583
T1584
T1585
T1586
T1587
T1588
T1589
T1590
T1591
T1592
T1593
T1594
T1595
T1596
T1597
T1598
T1599
T1600
T1601
T1602
T1603
T1604
T1605
T1606
T1607
T1608
T1609
T1610
T1611
T1612
T1613
T1614
T1615
T1616
T1617
T1618
T1619
T1620
T1621
T1622
T1623
T1624
T1625
T1626
T1627
T1628
T1629
T1630
T1631
T1632
T1633
T1634
T1635
T1636
T1637
T1638
T1639
T1640
T1641
T1642
T1643
T1644
T1645
T1646
T1647
T1648
T1649
T1650
T1651
T1652
T1653
T1654
T1655
T1656
T1657
T1658
T1659
T1660
T1661
T1662
T1663
T1664
T1665
T1666
T1667
T1668
T1669
T1670
T1671
T1672
T1673
T1674
T1675
T1676
T1677
T1678
T1679
T1680
T1681
T1682
T1683
T1684
T1685
T1686
T1687
T1688
T1689
T1690
T1691
T1692
T1693
T1695
T1696
T1697
T1698
T1699
T1700
T1701
T1702
T1703
T1704
T1705
T1706
T1707
T1708
T1709
T1710
T1711
T1712
T1713
T1714
T1715
T1716
T1717
T1718
T1719
T1720
T1721
T1722
T1723
T1724
T1725
T1726
T1727
T1728
T1729
T1730
T1731
T1732
T1733
T1734
T1735
T1736
T1737
T1738
T1739
T1740
T1741
T1742
T1743
T1744
T1745
T1746
T1747
T1748
T1749
T1750
T1751
T1752
T1753
T1754
T1755
T1756
T1757
T1758
T1759
T1760
T1761
T1762
T1763
T1764
T1765
T1766
T1767
T1768
T1769
T1770
T1771
T1772
T1773
T1774
T1775
T1776
T1777
T1778
T1779
T1780
T1781
T1782
T1783
T1784
T1785
T1786
T1787
T1788
T1789
T1790
T1791
T1792
T1793
T1794
T1795
T1796
T1797
T1798
T1799
T1800
T1801
T1802
T1803
T1804
T1805
T1806
T1807
T1808
T1809
T1810
T1811
T1812
T1813
T1814
T1815
T1816
T1818
T1819
T1820
T1821
T1822
T1823
T1824
T1825
T1826
T1827
T1828
T1829
T1830
T1831
T1832
T1833
T1834
T1835
T1836
T1837
T1838
T1839
T1840
T1841
T1842
T1843
T1844
T1845
T1846
T1847
T1848
T1849
T1850
T1851
T1852
T1853
T1854
T1855
T1856
T1857
T1858
T1859
T1860
T1861
T1862
T1863
T1864
T1865
T1866
T1867
T1868
T1869
T1870
T1871
T1872
T1873
T1874
T1875
T1876
T1877
T1878
T1879
T1880
T1881
T1882
T1883
T1884
T1885
T1886
T1887
T1888
T1889
T1890
T1891
T1892
T1893
T1894
T1895
T1896
T1897
T1898
T1899
T1900
T1901
T1902
T1903
T1904
T1905
T1906
T1907
T1908
T1909
T1910
T1911
T1912
T1913
T1914
T1915
T1916
T1917
T1918
T1919
T1920
T1921
T1922
T1923
T1924
T1925
T1926
T1927
T1928
T1929
T1930
T1931
T1932
T1933
T1934
T1935
T1936
T1937
T1938
T1939
T1940
T1941
T1942
T1943
T1944
T1945
T1946
T1947
T1948
T1949
T1950
T1951
T1952
T1953
T1954
T1955
T1956
T1957
T1958
T1959
T1960
T1961
T1962
T1963
T1964
T1965
T1966
T1967
T1968
T1969
T1970
T1971
T1972
T1973
T1974
T1975
T1976
T1977
T1978
T1979
T1980
T1981
T1982
T1983
T1984
T1985
T1986
T1987
T1988
T1989
T1990
T1991
T1992
T1993
T1994
T1995
T1996
T1997
T1998
T1999
T2000
T2001
T2002
T2003
T2004
T2005
T2006
T2007
T2008
T2009
T2010
T2011
TKS Statement Description
Knowledge of encryption algorithms
Knowledge of microprocessors
Knowledge of performance tuning tools and techniques
Knowledge of programming language structures and logic
Knowledge of technology integration processes
Knowledge of Voice over IP (VoIP)
Knowledge of Extensible Markup Language (XML) schemas
Knowledge of approved intelligence dissemination processes
Knowledge of wireless applications vulnerabilities
Knowledge of Internet and routing protocols
Knowledge of language processing tools and techniques
Knowledge of malware
Knowledge of operational planning processes
Knowledge of target communication tools and techniques
Knowledge of targeting cycles
Knowledge of decryption
Knowledge of decryption tools and techniques
Knowledge of data repositories
Knowledge of security awareness programs
Knowledge of code tailoring tools and techniques
Knowledge of the organizational cybersecurity workforce
Knowledge of market research tools and techniques
Knowledge of pricing structures
Knowledge of virtual learning environments
Knowledge of cybersecurity operation policies and procedures
Knowledge of standard operating procedures (SOPs)
Knowledge of system optimization techniques
Knowledge of data visualization tools and techniques
Knowledge of career paths
Knowledge of organizational career progressions
Knowledge of supplier assessment criteria
Knowledge of trustworthiness principles
Knowledge of workforce trends
Knowledge of cybersecurity practices in the acquisition process
Knowledge of target audience requirements
Knowledge of intelligence fusion
Knowledge of network collection tools and techniques
Knowledge of network collection policies and procedures
Knowledge of cognitive biases
Knowledge of information privacy technologies
Knowledge of appropriate use policies and procedures
Knowledge of reauthorization processes
Knowledge of systems security engineering
Knowledge of industry standards and best practices
Knowledge of stakeholder management
Knowledge of system security plans
Knowledge of contracts
Knowledge of contract management
Knowledge of contractor management
Knowledge of life cycle development milestones
Knowledge of Communications Security (COMSEC) policies and procedures
Knowledge of the Communications Security (COMSEC) Material Control System (CMCS)
Knowledge of types of Communications Security (COMSEC) incidents
Knowledge of computer networking protocols
Knowledge of risk management processes
Knowledge of cybersecurity laws and regulations
Knowledge of cybersecurity policies and procedures
Knowledge of privacy laws and regulations
Knowledge of privacy policies and procedures
Knowledge of cybersecurity principles and practices
Knowledge of privacy principles and practices
Knowledge of cybersecurity threats
Knowledge of cybersecurity vulnerabilities
Knowledge of cybersecurity threat characteristics
Knowledge of access control principles and practices
Knowledge of authentication and authorization tools and techniques
Knowledge of business operations standards and best practices
Knowledge of common application vulnerabilities
Knowledge of network infrastructure principles and practices
Knowledge of requirements analysis principles and practices
Knowledge of cyber defense tools and techniques
Knowledge of vulnerability assessment tools and techniques
Knowledge of complex data structure capabilities and applications
Knowledge of computer algorithm capabilities and applications
Knowledge of programming principles and practices
Knowledge of digital forensic data principles and practices
Knowledge of encryption algorithm capabilities and applications
Knowledge of cryptographic key management principles and practices
Knowledge of data administration policies and procedures
Knowledge of data standardization policies and procedures
Knowledge of data backup and recovery policies and procedures
Knowledge of data warehousing principles and practices
Knowledge of data mining principles and practices
Knowledge of database management system (DBMS) principles and practices
Knowledge of database query language capabilities and applications
Knowledge of database schema capabilities and applications
Knowledge of database systems and software
Knowledge of digital rights management (DRM) tools and techniques
Knowledge of business continuity and disaster recovery (BCDR) policies and procedures
Knowledge of enterprise cybersecurity architecture principles and practices
Knowledge of evaluation and validation principles and practices
Knowledge of Local Area Networks (LAN)
Knowledge of Wide Area Networks (WAN)
Knowledge of electrical engineering principles and practices
Knowledge of resiliency and redundancy principles and practices
Knowledge of host access control (HAC) systems and software
Knowledge of network access control (NAC) systems and software
Knowledge of network communications principles and practices
Knowledge of human-computer interaction (HCI) principles and practices
Knowledge of Security Assessment and Authorization (SA&A) processes
Knowledge of risk management principles and practices
Knowledge of software development principles and practices
Knowledge of vulnerability data sources
Knowledge of incident response principles and practices
Knowledge of incident response tools and techniques
Knowledge of incident handling tools and techniques
Knowledge of analysis standards and best practices
Knowledge of Confidentiality, Integrity and Availability (CIA) principles and practices
Knowledge of non-repudiation principles and practices
Knowledge of cyber safety principles and practices
Knowledge of systems security engineering (SSE) principles and practices
Knowledge of intrusion detection tools and techniques
Knowledge of information technology (IT) architecture models and frameworks
Knowledge of Risk Management Framework (RMF) requirements
Knowledge of risk management models and frameworks
Knowledge of information technology (IT) security principles and practices
Knowledge of bandwidth management tools and techniques
Knowledge of low-level programming languages
Knowledge of mathematics principles and practices
Knowledge of system performance indicators
Knowledge of system availability measures
Knowledge of identity and access management (IAM) principles and practices
Knowledge of new and emerging technologies
Knowledge of operating system (OS) systems and software
Knowledge of parallel and distributed computing principles and practices
Knowledge of policy-based access controls
Knowledge of Risk Adaptive (Adaptable) Access Controls (RAdAC)
Knowledge of Privacy Impact Assessment (PIA) principles and practices
Knowledge of process engineering principles and practices
Knowledge of query languages
Knowledge of system threats
Knowledge of system vulnerabilities
Knowledge of remote access principles and practices
Knowledge of resource management principles and practices
Knowledge of configuration management (CM) tools and techniques
Knowledge of security management principles and practices
Knowledge of system design tools and techniques
Knowledge of server administration principles and practices
Knowledge of client and server architecture
Knowledge of server diagnostic tools and techniques
Knowledge of Fault Detection and Diagnostics (FDD) tools and techniques
Knowledge of software debugging principles and practices
Knowledge of software design tools and techniques
Knowledge of software development models and frameworks
Knowledge of software engineering principles and practices
Knowledge of data asset management principles and practices
Knowledge of structured analysis principles and practices
Knowledge of automated systems analysis tools and techniques
Knowledge of system design standards and best practices
Knowledge of system administration principles and practices
Knowledge of system life cycle management principles and practices
Knowledge of systems testing and evaluation tools and techniques
Knowledge of telecommunications principles and practices
Knowledge of content creation tools and techniques
Knowledge of information management tools and techniques
Knowledge of collaboration tools and techniques
Knowledge of data storage media characteristics
Knowledge of enterprise information technology (IT) architecture principles and practices
Knowledge of systems engineering processes
Knowledge of hardware maintenance policies and procedures
Knowledge of virtual private network (VPN) systems and software
Knowledge of web service protocols
Knowledge of network attack characteristics
Knowledge of insider threat laws and regulations
Knowledge of insider threat tools and techniques
Knowledge of physical computer components
Knowledge of computer peripherals
Knowledge of adversarial tactics principles and practices
Knowledge of adversarial tactics tools and techniques
Knowledge of adversarial tactics policies and procedures
Knowledge of defense-in-depth principles and practices
Knowledge of network configurations
Knowledge of file extensions
Knowledge of file system implementation principles and practices
Knowledge of digital evidence seizure policies and procedures
Knowledge of digital evidence preservation policies and procedures
Knowledge of ethical hacking tools and techniques
Knowledge of program management principles and practices
Knowledge of project management principles and practices
Knowledge of evidence admissibility laws and regulations
Knowledge of cognitive domain models and frameworks
Knowledge of chain of custody policies and procedures
Knowledge of supply chain risk management principles and practices
Knowledge of persistent data principles and practices
Knowledge of command-line tools and techniques
Knowledge of machine virtualization tools and techniques
Knowledge of web mail tools and techniques
Knowledge of system file characteristics
Knowledge of digital forensics data characteristics
Knowledge of deployable forensics principles and practices
Knowledge of web filtering systems and software
Knowledge of digital communication systems and software
Knowledge of interpreted and compiled programming language characteristics
Knowledge of secure coding tools and techniques
Knowledge of intelligence collection management processes
Knowledge of front-end intelligence collection systems and software
Knowledge of event correlation tools and techniques
Knowledge of new and emerging cybersecurity risks
Knowledge of import and export control laws and regulations
Knowledge of supply chain risks
Knowledge of federal agency roles and responsibilities
Knowledge of risk tolerance principles and practices
Knowledge of incident response policies and procedures
Knowledge of incident response roles and responsibilities
Knowledge of threat vector characteristics
Knowledge of software security principles and practices
Knowledge of software quality assurance (SQA) principles and practices
Knowledge of supply chain risk management standards and best practices
Knowledge of account creation policies and procedures
Knowledge of password policies and procedures
Knowledge of network attack vectors
Knowledge of cyberattack characteristics
Knowledge of cyberattack actor characteristics
Knowledge of technology procurement principles and practices
Knowledge of risk assessment principles and practices
Knowledge of threat assessment principles and practices
Knowledge of hardening tools and techniques
Knowledge of supply chain risk management policies and procedures
Knowledge of critical infrastructure systems and software
Knowledge of hardware reverse engineering tools and techniques
Knowledge of middleware software capabilities and applications
Knowledge of software reverse engineering tools and techniques
Knowledge of cyber attack stages
Knowledge of cyber intrusion activity phases
Knowledge of secure software deployment principles and practices
Knowledge of secure software deployment tools and techniques
Knowledge of network systems management principles and practices
Knowledge of network systems management tools and techniques
Knowledge of data carving tools and techniques
Knowledge of reverse engineering principles and practices
Knowledge of anti-forensics tools and techniques
Knowledge of forensics lab design principles and practices
Knowledge of forensics lab design systems and software
Knowledge of debugging tools and techniques
Knowledge of filename extension abuse
Knowledge of malware analysis tools and techniques
Knowledge of virtual machine detection tools and techniques
Knowledge of encryption tools and techniques
Knowledge of malware signature principles and practices
Knowledge of network port capabilities and applications
Knowledge of data remediation tools and techniques
Knowledge of cloud computing principles and practices
Knowledge of knowledge management principles and practices
Knowledge of data classification standards and best practices
Knowledge of data classification tools and techniques
Knowledge of database application programming interfaces (APIs)
Knowledge of process improvement principles and practices
Knowledge of process maturity models and frameworks
Knowledge of enterprise architecture (EA) reference models and frameworks
Knowledge of enterprise architecture (EA) principles and practices
Knowledge of service management principles and practices
Knowledge of service management standards and best practices
Knowledge of key management service (KMS) principles and practices
Knowledge of symmetric encryption principles and practices
Knowledge of key management service (KMS) key rotation policies and procedures
Knowledge of application firewall principles and practices
Knowledge of network firewall principles and practices
Knowledge of industry cybersecurity models and frameworks
Knowledge of access control models and frameworks
Knowledge of learning assessment tools and techniques
Knowledge of ethical hacking principles and practices
Knowledge of circuit analysis tools and techniques
Knowledge of covert communication tools and techniques
Knowledge of instructional design principles and practices
Knowledge of instructional design models and frameworks
Knowledge of training policies and procedures
Knowledge of Bloom's Taxonomy learning levels
Knowledge of learning management system (LMS) systems and software
Knowledge of learning modes
Knowledge of the Open Systems Interconnect (OSI) reference model
Knowledge of cyber defense laws and regulations
Knowledge of training systems and software
Knowledge of computer architecture principles and practices
Knowledge of taxonomy models and frameworks
Knowledge of semantic ontology models and frameworks
Knowledge of logging tools and technologies
Knowledge of cloud service models and frameworks
Knowledge of crisis management protocols
Knowledge of crisis management processes
Knowledge of crisis management tools and techniques
Knowledge of the NIST Workforce Framework for Cybersecurity (NICE Framework)
Knowledge of service desk principles and practices
Knowledge of machine learning principles and practices
Knowledge of media production tool and techniques
Knowledge of multi-level security (MLS) systems and software
Knowledge of cross-domain solutions
Knowledge of human resources policies and procedures
Knowledge of abnormal physical and physiological behaviors
Knowledge of needs assessment principles and practices
Knowledge of remote access tools and techniques
Knowledge of sustainment principles and practices
Knowledge of sustainment processes
Knowledge of binary analysis tools and techniques
Knowledge of network architecture principles and practices
Knowledge of malware analysis principles and practices
Knowledge of Personally Identifiable Information (PII) data security standards and best practices
Knowledge of Payment Card Industry (PCI) data security standards and best practices
Knowledge of Personal Health Information (PHI) data security standards and best practices
Knowledge of risk management policies and procedures
Knowledge of program protection plan (PPP) principles and practices
Knowledge of the acquisition life cycle models and frameworks
Knowledge of operating system structures and internals
Knowledge of network analysis tools and techniques
Knowledge of wireless communication tools and techniques
Knowledge of signal jamming tools and techniques
Knowledge of configuration management tools and techniques
Knowledge of systems engineering principles and practices
Knowledge of content synchronization tools and techniques
Knowledge of credential management systems and software
Knowledge of data-at-rest encryption (DARE) standards and best practices
Knowledge of cryptographic key storage systems and software
Knowledge of N-tier architecture principles and practices
Knowledge of data classification policies and procedures
Knowledge of incident, event, and problem management policies and procedures
Knowledge of network hardware threats and vulnerabilities
Knowledge of countermeasure design principles and practices
Knowledge of network mapping principles and practices
Knowledge of packet-level analysis tools and techniques
Knowledge of subnet tools and techniques
Knowledge of data concealment tools and techniques
Knowledge of cryptology principles and practices
Knowledge of industry indicators
Knowledge of intelligence data gathering principles and practices
Knowledge of intelligence data gathering policies and procedures
Knowledge of incident reporting policies and procedures
Knowledge of computer engineering principles and practices
Knowledge of embedded systems and software
Knowledge of fault tolerance tools and techniques
Knowledge of Intrusion Detection System (IDS) tools and techniques
Knowledge of Intrusion Prevention System (IPS) tools and techniques
Knowledge of information theory principles and practices
Knowledge of data mining tools and techniques
Knowledge of foreign disclosure policies and procedures
Knowledge of penetration testing principles and practices
Knowledge of penetration testing tools and techniques
Knowledge of root cause analysis tools and techniques
Knowledge of system integration principles and practices
Knowledge of operational design principles and practices
Knowledge of content management system (CMS) capabilities and applications
Knowledge of planning systems and software
Knowledge of targeting laws and regulations
Knowledge of exploitation laws and regulations
Knowledge of all-source intelligence reporting policies and procedures
Knowledge of language analysis tools and techniques
Knowledge of voice analysis tools and techniques
Knowledge of graphic materials analysis tools and techniques
Knowledge of analytic standards and frameworks Skill in assigning analytical confidence ratings
Knowledge of cyber-attack tools and techniques
Knowledge of auditing policies and procedures
Knowledge of logging policies and procedures
Knowledge of intelligence collection tasking tools and techniques
Knowledge of system persistence tools and techniques
Knowledge of intelligence collection development processes
Knowledge of software application vulnerabilities
Knowledge of intelligence collection principles and practices
Knowledge of intelligence collection management tools and techniques
Knowledge of intelligence collection planning processes
Knowledge of information searching tools and techniques
Knowledge of intelligence collection sources
Knowledge of intelligence collection systems and software
Knowledge of computer networking principles and practices
Knowledge of web security principles and practices
Knowledge of crisis action plan models and frameworks
Knowledge of target selection criticality factors
Knowledge of target selection vulnerability factors
Knowledge of active defense tools and techniques
Knowledge of intelligence information repositories
Knowledge of cyber operations principles and practices
Knowledge of database administration principles and practices
Knowledge of database maintenance principles and practices
Knowledge of deconfliction processes
Knowledge of denial and deception tools and techniques
Knowledge of dynamic targeting principles and practices
Knowledge of deliberate targeting principles and practices
Knowledge of Wireless Local Area Network (WLAN) tools and techniques
Knowledge of information management principles and practices
Knowledge of evasion principles and practices
Knowledge of evasion tools and techniques
Knowledge of supervisory control and data acquisition (SCADA) systems and software
Knowledge of targeting governing authorities
Knowledge of reporting policies and procedures
Knowledge of intelligence collection capabilities and applications
Knowledge of intelligence cycle principles and practices
Knowledge of intelligence requirements tasking systems and software
Knowledge of intelligence support activities
Knowledge of threat intelligence principles and practices
Knowledge of intelligence policies and procedures
Knowledge of network addressing principles and practices
Knowledge of malware characteristics
Knowledge of midpoint collection principles and practices
Knowledge of network security principles and practices
Knowledge of network topology principles and practices
Knowledge of code obfuscation tools and techniques
Knowledge of operational effectiveness assessment principles and practices
Knowledge of operations security (OPSEC) principles and practices
Knowledge of organization decision support tools and techniques
Knowledge of resource and asset readiness reporting policies and procedures
Knowledge of network exploitation tools and techniques
Knowledge of partnership policies and procedures
Knowledge of decision-making policies and procedures
Knowledge of requirements submission processes
Knowledge of post implementation review (PIR) processes
Knowledge of target development principles and practices
Knowledge of production exploitation principles and practices
Knowledge of operational planning tools and techniques
Knowledge of risk mitigation tools and techniques
Knowledge of satellite-based communication systems and software
Knowledge of scripting principles and practices
Knowledge of target language
Knowledge of target research tools and techniques
Knowledge of target organization structures
Knowledge of target critical capabilities
Knowledge of target critical vulnerabilities
Knowledge of target cultural references
Knowledge of target estimated recovery times
Knowledge of target intelligence gathering tools and techniques
Knowledge of target selection policies and procedures
Knowledge of target characteristics
Knowledge of tasking processes
Knowledge of terminal collection
Knowledge of environmental collection
Knowledge of intelligence collection requirements tools and techniques
Knowledge of routing protocols
Knowledge of critical information requirements
Knowledge of collection data flow from origin into repositories and tools
Knowledge of the Tasking, Collection, Processing, Exploitation and Dissemination (TCPED) process
Knowledge of the collection process feedback cycle
Knowledge of red team functions and capabilities
Knowledge of digital forensics principles and practices
Knowledge of language analysis principles and practices
Knowledge of Interactive On-Net (ION) operator roles and responsibilities
Knowledge of intelligence processes
Knowledge of request for information processes
Knowledge of intelligence collection authority policies and procedures
Knowledge of environment preparation tools and techniques
Knowledge of surveillance tools and techniques
Knowledge of operation assessment processes
Knowledge of Request For Information (RFI) processes
Knowledge of network operations principles and practices
Knowledge of threat behaviors
Knowledge of target behaviors
Knowledge of threat systems and software
Knowledge of virtual machine tools and technologies
Knowledge of privacy disclosure statement laws and regulations
Knowledge of continuous monitoring processes
Knowledge of automated security control testing tools and techniques
Knowledge of hardware asset management principles and practices
Knowledge of software asset management principles and practices
Knowledge of risk scoring principles and practices
Knowledge of data security controls
Knowledge of risk assessment tools and techniques
Knowledge of web application security risks
Knowledge of secure software update principles and practices
Knowledge of secure firmware update principles and practices
Knowledge of ingress filtering tools and techniques
Knowledge of cybersecurity competitions
Knowledge of data privacy controls
Knowledge of exploitation tools and techniques
Knowledge of design modeling
Knowledge of social engineering tools and techniques
Knowledge of knowledge management tools and techniques
Knowledge of protocol analyzer tools and techniques
Knowledge of software, hardware, and peripheral equipment repair tools and techniques
Knowledge of media forensics
Knowledge of digital forensics tools and techniques
Knowledge of black-box software testing
Knowledge of hexadecimal data
Knowledge of design methods
Knowledge of data analysis tools and techniques
Knowledge of data mapping tools and techniques
Knowledge of personnel systems and software
Knowledge of code analysis tools and techniques
Knowledge of analytical tools and techniques
Knowledge of analytics
Knowledge of remote command line tools and techniques
Knowledge of Graphic User Interface (GUI) tools and techniques
Knowledge of geospatial data analysis tools and techniques
Knowledge of non-attributable networks
Knowledge of targeting databases
Knowledge of targeting systems and software
Knowledge of traceroute tools and techniques
Knowledge of virtual collaborative workspace tools and techniques
Knowledge of acquisition cybersecurity requirements
Knowledge of application security design principles and practices
Knowledge of asset management policies and procedures
Knowledge of blue force tracking
Knowledge of capacity management
Knowledge of Chain of Custody (CoC) processes and procedures
Knowledge of classification guidelines
Knowledge of coding and testing standards
Knowledge of completion criteria
Knowledge of component and interface specifications
Knowledge of Confidentiality, Integrity, Availability, Authenticity, and Non-repudiation (CIAAN)
principles and practices
Knowledge of configuration management
Knowledge of configuration management principles and practices
Knowledge of continuous monitoring principles and practices
Knowledge of continuous monitoring scoring and grading metrics
Knowledge of continuous monitoring tools and techniques
Knowledge of cost constraints
Knowledge of customer experience principles and practices
Knowledge of customer requirements
Knowledge of cyber defense auditing laws and regulations
Knowledge of cyber defense auditing policies and practices
Knowledge of cyber defense monitoring tools
Knowledge of cyber defense system analysis tools
Knowledge of cybersecurity engineering
Knowledge of cybersecurity objectives
Knowledge of cybersecurity requirements
Knowledge of cybersecurity standards and best practices
Knowledge of cybersecurity threats and vulnerabilities
Knowledge of cybersecurity workforce policies and procedures
Knowledge of data classification levels
Knowledge of data correlation tools and techniques
Knowledge of data encryption practices and principles
Knowledge of data gathering tools and techniques
Knowledge of data integrity principles and practices
Knowledge of data manipulation principles and practices
Knowledge of data retrieval principles and practices
Knowledge of data storage principles and practices
Knowledge of digital evidence cataloging tools and techniques
Knowledge of digital evidence extraction tools and techniques
Knowledge of digital evidence handling principles and practices
Knowledge of digital evidence packaging tools and techniques
Knowledge of digital evidence preservation tools and techniques
Knowledge of enterprise cybersecurity architecture
Knowledge of enterprise-wide version control systems
Knowledge of evaluation and validation requirements
Knowledge of fail-over or alternate site requirements
Knowledge of federal and state accreditation standards
Knowledge of financial management
Knowledge of foreign languages and dialects
Knowledge of forensic image processing tools and techniques
Knowledge of hardware design principles and practices
Knowledge of independent testing methods
Knowledge of information architecture principles and practices
Knowledge of information sanitization methods
Knowledge of intrusion set tools and techniques
Knowledge of material supportability requirements
Knowledge of mathematical models
Knowledge of mission assurance practices and principles
Knowledge of mission requirements
Knowledge of multilevel security requirements
Knowledge of network components
Knowledge of network monitoring tools and techniques
Knowledge of network topologies
Knowledge of NIST Risk Management Framework authorization requirements
Knowledge of operational environment risks
Knowledge of organization's security strategy
Knowledge of organizational cybersecurity goals and objectives
Knowledge of organizational cybersecurity incident response plans
Knowledge of organizational cybersecurity policies and configurations
Knowledge of organizational cybersecurity policies and procedures
Knowledge of organizational cybersecurity workforce requirements
Knowledge of organizational evaluation and validation requirements
Knowledge of organizational human resource (HR) policies and procedures
Knowledge of organizational objectives
Knowledge of organizational policies and procedures
Knowledge of organizational policy and procedures
Knowledge of organizational risk levels
Knowledge of organizational security posture
Knowledge of organzational privacy policies and procedures
Knowledge of packet analysis tools and techniques
Knowledge of Personally Identifiable Information (PII) attributes
Knowledge of priority information requirements
Knowledge of priority intelligence collection requirements
Knowledge of priority intelligence requirements
Knowledge of privacy and data security regulators
Knowledge of privacy technologies
Knowledge of programming languages
Knowledge of project plans and schedules
Knowledge of Public Key Infrastructure (PKI) libraries
Knowledge of required reporting formats
Knowledge of research and design processes and procedures
Knowledge of reverse engineering tools and techniques
Knowledge of risk acceptance and documentation
Knowledge of risk mitigation principles and practices
Knowledge of secure programming tools and techniques
Knowledge of security assessment authorization requirements
Knowledge of security controls
Knowledge of security requirements
Knowledge of security restrictions
Knowledge of security testing tools and techniques
Knowledge of service-oriented security architecture practices and principles
Knowledge of software and sytems engineering life cycle standards
Knowledge of software application, system, and network requirements
Knowledge of statistical processes
Knowledge of steganography practices and principles
Knowledge of supply chain risk management practices
Knowledge of system availability requirements
Knowledge of system backup requirements
Knowledge of system characteristics
Knowledge of system life cycles
Knowledge of systems administration standard operating policies and procedures
Knowledge of systems architecture
Knowledge of systems development
Knowledge of target communication network characteristics
Knowledge of target communications tools and techniques
Knowledge of target requirements
Knowledge of targeting products
Knowledge of UNIX scripts
Knowledge of user interfaces
Knowledge of user needs and requirements
Knowledge of user requirements
Knowledge of Virtual Private Network (VPN) devices
Knowledge of Windows scripts
Knowlege of certificate management principles and practices
Knowlege of privacy laws and regulations
Knowledge of cultural, political, and organizational assets
Knowledge of cybersecurity review processes and procedures
Knowledge of cybersecurity threat remediation principles and practices
Knowledge of cybersecurity tools and techniques
Knowledge of data exfiltration tools and techniques
Knowledge of data handling tools and techniques
Knowledge of data monitoring tools and techniques
Knowledge of digital and physical security vulnerabilities
Knowledge of digital and physical security vulnerability remediation principles and practices
Knowledge of external organization roles and responsibilities
Knowledge of external referrals policies and procedures
Knowledge of high value asset characteristics
Knowledge of information collection tools and techniques
Knowledge of insider threat hub policies and procedures
Knowledge of insider threat hub operations
Knowledge of insider threat operational indicators
Knowledge of insider threat policies and procedures
Knowledge of insider threat tactics
Knowledge of insider threat targets
Knowledge of intelligence laws and regulations
Knowledge of known insider attacks
Knowledge of network endpoints
Knowledge of notification policies and procedures
Knowledge of organizational objectives, resources, and capabilities
Knowledge of previously referred potential insider threats
Knowledge of risk reduction metrics
Knowledge of security information and event management (SIEM) tools and techniques
Knowledge of suspicious activity response processes
Knowledge of system alert policies and procedures
Knowledge of system components
Knowledge of threat investigation policies and procedures
Knowledge of threat modeling tools and techniques
Knowledge of User Activity Monitoring (UAM) tools and techniques
Skill in conducting information searches
Skill in conducting test events
Skill in developing data dictionaries
Skill in developing data models
Skill in establishing a routing schema
Skill in optimizing database performance
Skill in systems integration testing
Skill in identifying gaps in technical capabilities
Skill in securing network communications
Skill in performing damage assessments
Skill in applying security controls
Skill in identifying hidden patterns or relationships
Skill in interfacing with customers
Skill in performing sensitivity analysis
Skill in developing machine understandable semantic ontologies
Skill in network systems management principles, models, methods (e.g., end-to-end systems
performance monitoring), and tools
Skill in assessing security systems designs
Skill in performing packet-level analysis
Skill in applying secure coding techniques
Skill in performing root cause analysis
Skill in performing network analysis on targets
Skill in analyzing target communications internals and externals collected from wireless LANs
Skill in applying crisis planning procedures
Skill in conducting non-attributable research
Skill in determining the physical location of network devices
Skill in evaluating accesses for intelligence value
Skill in extracting information from packet captures
Skill in performing target system analysis
Skill in processing collected data for follow-on analysis
Skill in transcribing target language communications
Skill in applying analytical standards during intelligence product evaluation
Skill in identify intelligence gaps
Skill in developing information requirements
Skill in decrypting information
Skill in verifying participation in a security awareness program
Skill in facilitating cybersecurity awareness briefings
Skill in developing training programs
Skill in tailoring code analysis
Skill in analyzing an organization's enterprise information technology architecture
Skill in applying standards
Skill in communicating complex concepts
Skill in communicating verbally
Skill in communicating in writing
Skill in facilitating small group discussions
Skill in facilitating group discussions
Skill in assessing learner comprehension
Skill in creating technical documentation
Skill in providing training and education feedback to learners
Skill in developing assessments
Skill in developing security assessments
Skill in developing instructional materials
Skill in forecasting requirements
Skill in assessing requirements
Skill in analyzing organizational objectives
Skill in creating complex data structures
Skill in creating programming languages
Skill in collecting data
Skill in verifying data
Skill in validating data
Skill in conducting market research
Skill in pricing products
Skill in developing policy plans
Skill in developing standard operating procedures (SOPs)
Skill in maintaining standard operating procedures (SOPs)
Skill in deriving evaluative conclusions from data
Skill in creating career path definitions
Skill in developing career paths
Skill in analyzing supplier trustworthiness
Skill in determining supplier trustworthiness
Skill in evaluating laws
Skill in evaluating regulations
Skill in evaluating policies
Skill in deploying software securely
Skill in applying secure network architectures
Skill in designing systems
Skill in integrating multiple technologies
Skill in operating network equipment
Skill in evaluating workforce trends
Skill in analyzing processes to ensure conformance with procedural requirements
Skill in executing command line tools
Skill in operating network systems
Skill in building architectures
Skill in building frameworks
Skill in designing architectures
Skill in designing frameworks
Skill in collaborating with others
Skill in applying critical thinking
Skill in coordinating cybersecurity operations across an organization
Skill in creating analytics
Skill in extrapolating from incomplete data sets
Skill in analyzing large data sets
Skill in creating target intelligence products
Skill in identifying targets of interest
Skill in functioning effectively in a dynamic, fast-paced environment
Skill in identifying external partners
Skill in identifying target vulnerabilities
Skill in describing target vulnerabilities
Skill in collecting network data
Skill in mitigating cognitive biases
Skill in mitigating deception in reporting and analysis
Skill in mimicking threat actors
Skill in aligning privacy and cybersecurity objectives
Skill in creating automated security control systems
Skill in maintaining automated security control systems
Skill in authoring privacy disclosure statements
Skill in deploying continuous monitoring technologies
Skill in creating a risk management program
Skill in creating a risk management strategy
Skill in creating an internal information sharing program
Skill in integrating authorizations with requirements
Skill in integrating security plans and authorizations
Skill in determining system authorization status
Skill in coordinating efforts between stakeholders
Skill in creating security assessment reports
Skill in verifying contractor compliance with contracts
Skill in integrating security requirements and contracts
Skill in integrating information security requirements in the acquisitions process
Skill in implementing software quality control processes
Skill in applying stakeholder management within a system development life cycle
Skill in identifying critical infrastructure systems
Skill in identifying systems designed without security considerations
Skill in conducting an education needs assessment
Skill in conducting a training needs assessment
Skill in navigating the dark web
Skill in using the TOR network
Skill in examining digital media
Skill in developing virtual machines
Skill in maintaining virtual machines
Skill in finding system files
Skill in recognizing digital forensics data
Skill in identifying filename extension abuse
Skill in identifying anomalous activity
Skill in providing customer support
Skill in evaluating supplier trustworthiness
Skill in evaluating product trustworthiness
Skill in identifying forensic digital footprints
Skill in performing forensic data analysis
Skill in identifying software communications vulnerabilities
Skill in developing user credential management systems
Skill in implementing user credential management systems
Skill in implementing enterprise key escrow systems
Skill in operating IT systems
Skill in maintaining IT systems
Skill in implementing countermeasures
Skill in recreating network topologies
Skill in processing digital forensic data
Skill in performing threat environment analysis
Skill in determining intelligence support requirements
Skill in performing operational environment analysis
Skill in determining asset availability, capabilities, and limitations
Skill in assessing intelligence collection tasking
Skill in developing client organization profiles
Skill in managing an intelligence collection plan
Skill in performing intelligence collection analysis
Skill in creating intelligence collection strategies
Skill in developing crisis action plans
Skill in evaluating intelligence collection products
Skill in selecting targets
Skill in identifying vulnerabilities
Skill in performing intrusion data analysis
Skill in identifying customer information needs
Skill in collecting terminal or environment data
Skill in managing enterprise-wide information
Skill in evaluating security products
Skill in establishing priorities
Skill in extracting metadata
Skill in determining intelligence employment requirements
Skill in preparing operational environments
Skill in identifying partner capabilities
Skill in performing threat emulation tactics
Skill in anticipating threats
Skill in assessing threat actors
Skill in detecting exploitation activities
Skill in determining intelligence collection asset posture and availability
Skill in integrating information
Skill in summarizing information
Skill in constructing networks
Skill in implementing network security
Skill in managing operations
Skill in initiating planning activities
Skill in developing crisis action timelines
Skill in identifying priority information
Skill in identifying production exploitation needs
Skill in conducting research
Skill in assessing security hardware and software
Skill in analyzing software configurations
Skill in developing target communication profiles
Skill in developing target lists
Skill in performing threat factor analysis
Skill in applying target templates
Skill in designing wireless communications systems
Skill in managing sensors
Skill in developing transcripts
Skill in identifying network threats
Skill in providing software updates
Skill in developing access control lists
Skill in scanning for vulnerabilities
Skill in recognizing vulnerabilities
Skill in designing data storage solutions
Skill in implementing data storage solutions
Skill in identifying malware
Skill in capturing malware
Skill in containing malware
Skill in reporting malware
Skill in applying information technologies into proposed solutions
Skill in applying host access controls
Skill in applying network access controls
Skill in performing systems analysis
Skill in performing capabilities analysis
Skill in performing requirements analysis
Skill in creating knowledge maps
Skill in developing algorithms
Skill in performing data structure analysis
Skill in debugging software
Skill in configuring software
Skill in creating mathematical models
Skill in creating statistical models
Skill in creating system security policies
Skill in implementing input validation
Skill in developing signatures
Skill in deploying signatures
Skill in designing data analysis structures
Skill in designing security controls
Skill in designing the integration of hardware solutions
Skill in designing the integration of software solutions
Skill in detecting host- and network-based intrusions
Skill in developing testing scenarios
Skill in developing security system controls
Skill in developing network infrastructure contingency and recovery plans
Skill in testing network infrastructure contingency and recovery plans
Skill in troubleshooting computer networks
Skill in evaluating security designs
Skill in preparing reports
Skill in monitoring system performance
Skill in configuring systems for performance enhancement
Skill in troubleshooting system performance
Skill in implementing established network security practices
Skill in configuring network devices
Skill in installing network devices
Skill in administering databases
Skill in maintaining directory services
Skill in performing threat modeling
Skill in preserving digital evidence integrity
Skill in building use cases
Skill in performing social engineering
Skill in tuning network sensors
Skill in handling incidents
Skill in repairing hardware
Skill in repairing system peripherals
Skill in encrypting network communications
Skill in writing code in a currently supported programming language
Skill in creating test plans
Skill in performing memory dump analysis
Skill in collecting relevant data from a variety of sources
Skill in developing curricula
Skill in teaching training programs
Skill in identifying forensics data in diverse media
Skill in extracting forensics data in diverse media
Skill in storing digital evidence
Skill in manipulating operating system components
Skill in collecting digital evidence
Skill in processing digital evidence
Skill in transporting digital evidence
Skill in communicating effectively
Skill in disassembling Personal Computers (PCs)
Skill in performing digital forensics analysis
Skill in configuring software-based computer protection tools
Skill in categorizing types of vulnerabilities
Skill in protecting a network against malware
Skill in applying black-box software testing
Skill in interpreting signatures
Skill in configuring network protection components
Skill in auditing technical systems
Skill in evaluating the trustworthiness of a supply chain
Skill in performing binary analysis
Skill in implementing one-way hash functions
Skill in performing source code analysis
Skill in performing volatile data analysis
Skill in interpreting debugger results
Skill in identifying common encoding techniques
Skill in reading signatures
Skill in developing learning activities
Skill in applying technologies for instructional purposes
Skill in conducting Test Readiness Reviews (TRR)
Skill in performing data preprocessing
Skill in designing Test and Evaluation Strategies (TES)
Skill in developing position qualification requirements
Skill in identifying Test and Evaluation Strategies (TES) infrastructure requirements
Skill in managing test assets
Skill in performing format conversions
Skill in designing multi-level security solutions
Skill in designing cross-domain solutions
Skill in providing test and evaluation resource estimates
Skill in performing regression analysis
Skill in reviewing logs
Skill in identifying evidence of past intrusions
Skill in applying hardening techniques
Skill in performing transformation analytics
Skill in troubleshooting cyber defense infrastructure anomalies
Skill in applying descriptive statistics
Skill in managing a workforce
Skill in detecting anomalies
Skill in removing outliers
Skill in writing scripts
Skill in performing malware analysis
Skill in performing bit-level analysis
Skill in creating digital evidence copies
Skill in conducting system reviews
Skill in designing secure test plans
Skill in assessing application vulnerabilities
Skill in implementing Public Key Infrastructure (PKI) encryption
Skill in implementing digital signatures
Skill in applying security models
Skill in performing systems engineering
Skill in troubleshooting client-level problems
Skill in managing servers
Skill in managing workstations
Skill in applying policies that meet system security objectives
Skill in creating policies
Skill in defining performance objectives
Skill in assessing security controls
Skill in designing technology processes and solutions
Skill in integrating technology processes and solutions
Skill in implementing error handling in applications
Skill in implementing network infrastructure contingency and recovery plans
Skill in troubleshooting failed system components
Skill in translating operational requirements into security controls
Skill in installing system and component upgrades
Skill in optimizing system performance
Skill in recovering failed systems
Skill in administering operating systems
Skill in configuring network workstations and peripherals
Skill in validating network workstations and peripherals
Skill in performing design modeling
Skill in applying subnet techniques
Skill in implementing network segregation
Skill in configuring computer protection components
Skill in performing risk assessments
Skill in performing administrative planning activities
Skill in performing network data analysis
Skill in performing language processing tool analysis
Skill in performing midpoint collection data analysis
Skill in developing target assessments
Skill in assessing effects generated during and after cyber operations
Skill in auditing network devices
Skill in performing Open Source Intelligence (OSINT) research
Skill in conducting deep web research
Skill in analyzing social networks
Skill in creating intelligence collection requirements
Skill in creating plans in support of remote operations
Skill in mining data
Skill in performing data mining analysis
Skill in defining an operational environment
Skill in depicting data on a network map
Skill in performing target analysis
Skill in installing patches
Skill in identifying patch signatures
Skill in developing comprehensive cyber operations assessment programs
Skill in executing comprehensive cyber operations assessment programs
Skill in developing analytics
Skill in evaluating metadata
Skill in interpreting metadata
Skill in evaluating data source quality
Skill in evaluating information quality
Skill in performing fusion analysis
Skill in generating operation plans
Skill in identifying target communications networks
Skill in identifying target network characteristics
Skill in identifying cybersecurity threats
Skill in identifying intelligence gaps
Skill in identifying regional languages and dialects
Skill in prioritizing information
Skill in interpreting traceroute results
Skill in interpreting vulnerability scanner results
Skill in managing client relationships
Skill in performing network visualization
Skill in performing data normalization
Skill in performing data fusion
Skill in preparing briefings
Skill in preparing plans
Skill in producing after-action reports
Skill in recognizing malicious network activity in traffic
Skill in interpreting malicious network activity in traffic
Skill in identifying technical information
Skill in programming
Skill in researching software vulnerabilities
Skill in researching software exploits
Skill in performing reverse engineering of software
Skill in analyzing intelligence products
Skill in creating target materials
Skill in administering servers
Skill in identifying network anomalies
Skill in performing technical writing
Skill in testing tools for implementation
Skill in evaluating tools for implementation
Skill in translating languages
Skill in querying data
Skill in determining relevant information
Skill in applying geospatial resources
Skill in conducting open-source searches
Skill in evading network detection
Skill in reconstructing target networks
Skill in establishing persistence
Skill in reconstructing a network
Skill in incorporating feedback
Skill in verifying the integrity of files
Skill in performing wireless network analysis
Skill in identifying requirements
Skill in navigating databases
Skill in performing strategic guidance analysis
Skill in integrating organization objectives
Skill in assessing cyber operations
Skill in comparing indicators with requirements
Skill in converting intelligence requirements into intelligence production tasks
Skill in coordinating product development
Skill in developing tailored intelligence products
Skill in allocating resources
Skill in defining progress indicators
Skill in defining success indicators
Skill in creating planning documents
Skill in maintaining planning documents
Skill in tracking services
Skill in evaluating feasibility of intelligence collection sources
Skill in developing intelligence collection plans
Skill in distinguishing between notional and actual resources
Skill in developing collection strategies
Skill in evaluating operational environments
Skill in determining information requirements
Skill in fulfilling information requests
Skill in evaluating collection capabilities
Skill in determining capability estimates
Skill in creating decision support materials
Skill in implementing established procedures
Skill in interpreting planning guidance
Skill in interpreting readiness reporting
Skill in monitoring threat effects to partner capabilities
Skill in orchestrating planning teams
Skill in coordinating collection support
Skill in monitoring status
Skill in presenting to an audience
Skill in resolving conflicting intelligence collection requirements
Skill in analyzing performance specifications
Skill in establishing timelines
Skill in tracking intelligence collection requirements
Skill in creating privacy policies
Skill in negotiating vendor agreements
Skill in evaluating vendor privacy practices
Skill in anticipating new security threats
Skill in analyzing organizational patterns and relationships
Skill in assessing partner operations capabilities
Skill in assessing partner intelligence processes
Skill in performing partner analysis
Skill in assessing an organization's threat environment
Skill in designing incident responses
Skill in performing incident responses
Skill in solving problems
Skill in assessing an organization’s data assets
Skill in utilizing cyber defense service provider information
Skill in responding to threat reports
Skill in managing intelligence collection requirements
Skill in performing supply chain analysis
Skill in identifying cybersecurity issues in external connections
Skill in identifying privacy issues in partner interconnections
Skill in troubleshooting network equipment
Skill in developing curriculum standards
Skill in building internal and external relationships
Skill in building internal and external stakeholder relationships
Skill in caching data
Skill in cataloging data
Skill in collaborating with internal and external stakeholders
Skill in collaborating with stakeholders
Skill in communicating with customers
Skill in communicating with engineering staff
Skill in communicating with external organizations
Skill in communicating with internal and external stakeholders
Skill in compiling data
Skill in conducting customer interviews
Skill in conducting feasability studies
Skill in configuring hardware
Skill in cooperating with internal and external stakeholders
Skill in correlating incident data
Skill in developing technical reports
Skill in distributing data
Skill in encrypting data
Skill in executing computer scripts to automate tasks
Skill in identifying anomalous activities
Skill in identifying exploited system weaknesses
Skill in identifying misuse activities
Skill in identifying possible security violations
Skill in interpeting test results
Skill in maintaining data
Skill in managing account access rights
Skill in mapping networks
Skill in monitoring system activity
Skill in performing all-source intelligence analysis
Skill in performing behavioral analysis
Skill in performing cost/benefit analysis
Skill in performing cultural analysis
Skill in performing cyber defense trend analysis
Skill in performing cybersecurity architecture analysis
Skill in performing data analysis
Skill in performing data requirement analysis
Skill in performing digital evidence analysis
Skill in performing dynamic analysis
Skill in performing economic analysis
Skill in performing event correlation
Skill in performing file system forensic analysis
Skill in performing gap analysis
Skill in performing geospatial analysis
Skill in performing incident analysis
Skill in performing intercept related information (IRI) analysis
Skill in performing language analysis
Skill in performing log file analysis
Skill in performing malicious activity analysis
Skill in performing market analysis
Skill in performing metadata analysis
Skill in performing needs analysis
Skill in performing network analysis
Skill in performing network data flow analysis
Skill in performing network trafffic analysis
Skill in performing network traffic analysis
Skill in performing network traffic packet analysis
Skill in performing nodal analysis
Skill in performing quantitative analysis
Skill in performing risk analysis
Skill in performing scientific analysis
Skill in performing security architecture analysis
Skill in performing social network analysis
Skill in performing static analysis
Skill in performing static code analysis
Skill in performing static malware analysis
Skill in performing system activity analysis
Skill in performing system analysis
Skill in performing target communications analysis
Skill in performing test result analysis
Skill in performing threat analysis
Skill in performing trade-off analysis
Skill in performing trend analysis
Skill in performing user needs analysis
Skill in recognizing behavioral patterns
Skill in retrieving data
Skill in testing hardware
Skill in testing interfaces
Skill in analyzing information from multiple sources
Skill in building relationships remotely and in person
Skill in correlating data from multiple tools
Skill in determining what information may helpful to a specific audience
Skill in identifying insider risk security gaps
Skill in identifying insider threats
Skill in determining the importance of assets
Skill in integrating information from multiple sources
Skill in performing cyberintelligence data analysis
Skill in performing data queries
Skill in performing human behavioral analysis
Skill in performing link analysis
Skill in recognizing recurring threat incidents
Advocate organization's official position in legal and legislative proceedings
Develop content for cyber defense tools
Develop architectures or system components consistent with technical specifications
Develop data standards, policies, and procedures
Develop secure code and error handling
Develop test plans to address specifications and requirements
Diagnose network connectivity problems
Employ secure configuration management processes
Evaluate the effectiveness and comprehensiveness of existing training programs
Identify organizational policy stakeholders
Implement security designs for new or existing systems
Incorporate cybersecurity vulnerability solutions into system designs (e.g., Cybersecurity
Vulnerability Alerts)
Install or replace network hubs, routers, and switches
Integrate new systems into existing network architecture
Maintain database management systems software
Maintain information systems assurance and accreditation materials
Monitor network capacity and performance
Perform cyber defense trend analysis and reporting
Perform file signature analysis
Perform data comparison against established database
Perform real-time forensic analysis (e.g., using Helix in conjunction with LiveView)
Perform timeline analysis
Perform static media analysis
Perform tier 1, 2, and 3 malware analysis
Process crime scenes
Resolve conflicts in laws, regulations, policies, standards, or procedures
Serve on agency and interagency policy boards
Translate functional requirements into technical solutions
Troubleshoot system hardware and software
Employ approved defense-in-depth principles and practices (e.g., defense-in-multiple places,
layered defenses, security robustness)
Develop cybersecurity designs to meet specific operational needs and environmental factors (e.g.,
access controls, automated applications, networked operations, high integrity and availability
requirements, multilevel security/processing of multiple classification levels, and processing
Sensitive Compartmented Information)
Create auditable evidence of security measures
Recommend computing environment vulnerability corrections
Identify network mapping and operating system (OS) fingerprinting activities
Assess the effectiveness of security controls
Consult with customers about software system design and maintenance
Maintain assured message delivery systems
Collect metrics and trending data
Program custom algorithms
Perform Windows registry analysis
Conduct import/export reviews for acquiring systems and software
Implement data management standards, requirements, and specifications
Check system hardware availability, functionality, integrity, and efficiency
Correlate training and learning to business or mission requirements
Implement data mining and data warehousing applications
Develop and implement data mining and data warehousing programs
Manage Accreditation Packages (e.g., ISO/IEC 15026-2)
Coordinate incident response functions
Perform interoperability testing on systems exchanging electronic information with other systems
Perform operational testing
Troubleshoot hardware/software interface and interoperability problems
Translate proposed capabilities into technical requirements
Analyze incoming collection requests
Answer requests for information
Assess efficiency of existing information exchange and management systems
Assess performance of collection assets against prescribed specifications
Perform analysis for target infrastructure exploitation activities
Conduct end-of-operations assessments
Conduct target research and analysis
Incorporate intelligence equities into the overall design of cyber operations plans
Determine course of action for addressing changes to objectives, guidance, and operational
environment
Determine what technologies are used by a given target
Estimate operational effects generated through cyber activities
Evaluate threat decision-making processes
Identify threat vulnerabilities
Facilitate continuously updated intelligence, surveillance, and visualization input to common
operational picture managers
Incorporate cyber operations and communications security support plans into organization
objectives
Generate requests for information
Identify critical target elements
Identify intelligence gaps and shortfalls
Identify potential collection disciplines for application against priority information requirements
Inform external partners of the potential effects of new or revised policy and guidance on cyber
operations partnering activities
Issue requests for information
Link priority collection requirements to optimal assets and resources
Maintain situational awareness of cyber-related intelligence requirements and associated tasking

Maintain situational awareness of partner capabilities and activities
Maintain target lists (i.e., RTL, JTL, CTL, etc.)
Monitor open source websites for hostile content directed towards organizational or partner
interests
Perform targeting automation activities
Produce network reconstructions
Produce target system analysis products
Profile targets and their activities
Provide real-time actionable geolocation information
Serve as a liaison with external partners
Identify cyber threat tactics and methodologies
Identify foreign language terminology within computer programs (e.g., comments, variable names)
Establish an internal privacy audit program
Identify stakeholder assets that require protection
Determine the placement of a system within the enterprise architecture
Identify the types of information to be processed, stored, or transmitted by a system
Monitor changes to a system and its environment of operation
Prepare and deliver education and awareness briefings
Create a cybersecurity awareness program
Communicate enterprise information technology architecture
Apply standards to identify safety risk and protect cyber-physical functions
Expand network access
Conduct technical exploitation of a target
Determine if security incidents require legal action
Identify roles and responsibilities for appointed Communications Security (COMSEC) personnel
Identify Communications Security (COMSEC) incidents
Report Communications Security (COMSEC) incidents
Identify in-process accounting requirements for Communications Security (COMSEC)
Determine special needs of cyber-physical systems
Determine the operational and safety impacts of cybersecurity lapses
Review cyber defense service provider reporting structure
Review enterprise information technology (IT) goals and objectives
Identify critical technology procurement requirements
Implement organizational security policies and procedures
Implement organizational training and education policies and procedures
Determine procurement requirements
Integrate organizational goals and objectives into security architecture
Research new vulnerabilities in emerging technologies
Implement organizational evaluation and validation criteria
Estimate the impact of collateral damage
Implement intelligence collection requirements
Determine cyber operation objectives
Support cyber operations
Prepare deconfliction report
Determine how threat activity groups employ encryption to support their operations
Integrate leadership priorities
Develop operations strategies
Integrate organization objectives in intelligence collection
Identify network artifacts from hardware and software options
Identify impact of network artifacts on exploitation
Determine impact of software configurations
Acquire target identifiers
Determine staffing needs
Review course of action analysis results
Review exercise analysis results
Assess operation performance
Assess operation impact
Synchronize operational assessment procedures and critical information requirement processes

Determine appropriate level of test rigor for a given system
Improve network security practices
Set up a forensic workstation
Integrate black-box security testing tools into quality assurance processes
Identify and characterize intrusion activities against a victim or target
Scope analysis reports to various audiences that accounts for data sharing classification restrictions
Determine if priority information requirements are satisfied
Acquire resources to support cybersecurity program goals and objectives
Conduct an effective enterprise continuity of operations program
Advise senior management on risk levels and security posture
Perform cost/benefit analyses of cybersecurity programs, policies, processes, systems, and elements
Advise senior management on organizational cybersecurity efforts
Advise senior leadership and authorizing official of changes affecting the organization's cybersecurity
posture
Contribute insider threat expertise to organizational cybersecurity awareness program
Determine data requirements
Determine data specifications
Determine data capacity requirements
Plan for anticipated changes in data capacity requirements
Recommend development of new applications or modification of existing applications
Create development plans for new applications or modification of existing applications
Evaluate organizational cybersecurity policy regulatory compliance
Evaluate organizational cybersecurity policy alignment with organizational directives
Evaluate software design plan timelines and cost estimates
Determine life cycle support requirements
Perform code reviews
Prepare secure code documentation
Implement application cybersecurity policies
Implement system cybersecurity policies
Assess the organization's cybersecurity architecture
Determine effectiveness of system cybersecurity measures
Develop cybersecurity risk profiles
Create product prototypes using working and theoretical models
Integrate software cybersecurity objectives into project plans and schedules
Determine project security controls
Identify anomalous network activity
Identify potential threats to network resources
Collect and maintain system cybersecurity report data
Create system cybersecurity reports
Communicate the value of cybersecurity to organizational stakeholders
Create program documentation during initial development and subsequent revision phases
Determine best methods for identifying the perpetrator(s) of a network intrusion
Perform authorized penetration testing on enterprise network assets
Conduct functional and connectivity testing
Conduct interactive training exercises
Conduct victim and witness interviews
Conduct suspect interrogations
Perform privacy impact assessments (PIAs)
Determine functional requirements and specifications
Determine system performance requirements
Design application interfaces
Configure network hubs, routers, and switches
Optimize network hubs, routers, and switches
Identify instrusions
Analyze intrusions
Document what is known about intrusions
Construct access paths to suites of information
Develop threat models
Evaluate functional requirements
Evaluate interfaces between hardware and software
Resolve cyber defense incidents
Coordinate technical support to enterprise-wide cybersecurity defense technicians
Administer rule and signature updates for specialized cyber defense applications
Validate network alerts
Develop the enterprise continuity of operations strategy
Establish the enterprise continuity of operations program
Oversee the development of design solutions
Correct program errors
Determine if desired program results are produced
Identify vulnerabilities
Recommend vulnerability remediation strategies
Create forensically sound duplicates of evidence
Decrypt seized data
Determine essential system capabilities and business functions
Prioritize essential system capabilities and business functions
Restore essential system capabilities and business functions after catastrophic failure events
Define system availability levels
Determine disaster recovery and continuity of operations system requirements
Define project scope and objectives
Design cybersecurity or cybersecurity-enabled products
Develop cybersecurity or cybersecurity-enabled products
Develop group policies and access control lists
Determine if hardware, operating systems, and software applications adequately address
cybersecurity requirements
Design system data backup capabilities
Develop technical and procedural processes for integrity of stored backup data
Develop technical and procedural processes for backup data storage
Design and develop software systems
Determine level of assurance of developed capabilities
Investigate suspicious activity and alleged digital crimes
Create system testing and validation procedures and documentation
Develop systems design procedures and processes
Develop systems administration standard operating procedures
Document systems administration standard operating procedures
Validate data mining and data warehousing programs, processes, and requirements
Develop network backup and recovery procedures
Implement network backup and recovery procedures
Develop strategic plans
Maintain strategic plans
Develop systems security design documentation
Develop disaster recovery and continuity of operations plans for systems under development
Test disaster recovery and continuity of operations plans for systems prior to deployment
Develop cybersecurity designs for systems and networks with multilevel security requirements
Develop cybersecurity designs for systems and networks that require processing of multiple data
classification levels
Integrate cybersecurity designs for systems and networks
Develop risk, compliance, and assurance monitoring strategies
Develop risk, compliance, and assurance measurement strategies
Develop awareness and training materials
Identify pertinent awareness and training materials
Develop cybersecurity implementation policies and guidelines
Create technical summary of findings reports
Develop risk mitigation strategies
Resolve system vulnerabilities
Recommend security changes to systems and system components
Develop cybersecurity countermeasures for systems and applications
Develop risk mitigation strategies for systems and applications
Develop risk, compliance, and assurance specifications
Document security, resilience, and dependability requirements
Define acquisition life cycle cybersecurity architecture requirements
Define acquisition life cycle systems security engineering requirements
Document preliminary or residual security risks for system operation
Determine if systems security operations and maintenance activities are property documented and
updated
Determine that the application of security patches for commercial products meets timeline
requirements
Document commercial product timeline requirements dictated by the management authority for
intended operational environments
Determine if digital media chain or custody processes meet Federal Rules of Evidence requirements
Determine if cybersecurity-enabled products reduce identified risk to acceptable levels
Determine if security control technologies reduce identified risk to acceptable levels
Determine if security improvement actions are evaluated, validated, and implemented as required
Determine if systems and architecture are consistent with cybersecurity architecture guidelines
Determine if cybersecurity inspections, tests, and reviews are coordinated for the network
environment
Determine if cybersecurity requirements are integrated into continuity planning
Determine if security engineering is used when acquiring or developing protection and detection
capabilities
Determine if protection and detection capabilities are consistent with organization-level
cybersecurity architecture
Establish stakeholder communication channels
Maintain stakeholder communication channels
Establish enterprise information security architecture
Establish internal and external cross-team relationships
Determine if baseline security safeguards are appropriately installed
Determine if contracts comply with funding, legal, and program requirements
Determine hardware configuration
Determine relevance of recovered data
Conduct analysis of computer network attacks
Allocate security functions to components and elements
Remediate technical problems encountered during system testing and implementation
Direct the remediation of technical problems encountered during system testing and
implementation
Determine if security incidents are indicative of a violation of law that requires specific legal action
Identify common coding flaws
Identify data or intelligence of evidentiary value
Identify digital evidence for analysis
Identify elements of proof of cybersecurity crimes
Determine implications of new and upgraded technologies to the cybersecurity program
Determine software development security implications within centralized and decentralized
environments across the enterprise
Implement software development cybersecurity methodologies within centralized and decentralized
Determine cybersecurity measures for steady state operation and management of software
Incorporate product end-of-life cybersecurity measures
Recommend cybersecurity or cybersecurity-enabled products for use within a system
Collect documentary or physical evidence of cyber intrusion incidents, investigations, and operations
Implement new system design procedures
Implement new system test procedures
Implement new system quality standards
Track targets
Implement cybersecurity countermeasures for systems and applications
Install network infrastructure device operating system software
Maintain network infrastructure device operating system software
Determine if system analysis meets cybersecurity requirements
Integrate automated capabilities for updating or patching system software
Develop processes and procedures for manual updating and patching of system software
Disseminate incident and other Computer Network Defense (CND) information
Determine security requirements for new information technologies
Determine security requirements for new operational technologies
Determine impact of noncompliance on organizational risk levels
Determine impact of noncompliance on effectiveness of the enterprise's cybersecurity program

Align cybersecurity priorities with organizational security strategy
Manage cybersecurity budget, staffing, and contracting
Maintain baseline system security
Maintain deployable cyber defense audit toolkits
Maintain directory replication services
Maintain information exchanges through publish, subscribe, and alert functions
Approve accreditation packages
Monitor cybersecurity data sources
Develop Computer Network Defense (CND) guidance for organizational stakeholders
Manage threat and target analysis
Manage the production of threat information
Determine if systems comply with security, resilience, and dependability requirements
Determine the effectiveness of enterprise cybersecurity safeguards
Monitor the usage of knowledge management assets and resources
Create knowledge management assets and resources usage reports
Document cybersecurity incidents
Escalate incidents that may cause ongoing and immediate impact to the environment
Oversee configuration management
Develop configuration management recommendations
Oversee the cybersecurity training and awareness program
Establish Security Assessment and Authorization processes
Develop computer environment cybersecurity plans and requirements
Patch network vulnerabilities
Perform backup and recovery of databases
Perform cyber defense incident triage
Recommend incident remediation strategies
Determine the scope, urgency, and impact of cyber defense incidents
Perform dynamic analysis on drives
Determine the effectiveness of an observed attack
Perform cybersecurity testing of developed applications and systems
Perform forensically sound image collection
Recommend mitigation and remediation strategies for enterprise systems
Perform integrated quality assurance testing
Identify opportunities for new and improved business process solutions
Perform real-time cyber defense incident handling
Mitigate programming vulnerabilities
Identify programming code flaws
Perform security reviews
Identify gaps in security architecture
Develop a cybersecurity risk management plan
Recommend risk mitigation strategies
Perform system administration on specialized cyber defense applications and systems
Administer Virtual Private Network (VPN) devices
Conduct risk analysis of applications and systems undergoing major changes
Plan security authorization reviews for system and network installations
Conduct security authorization reviews for system and network installations
Develop security assurance cases for system and network installations
Plan knowledge management projects
Deliver knowledge management projects
Determine the effectiveness of data redundancy and system recovery procedures
Develop data redundancy and system recovery procedures
Execute data redundancy and system recovery procedures
Recommend system modifications
Prepare audit reports
Develop workflow charts and diagrams
Convert workflow charts and diagrams into coded computer language instructions
Prepare digital media for imaging
Develop cybersecurity use cases
Develop standard operating procedures for secure network system operations
Distribute standard operating procedures
Maintain standard operating procedures
Document systems security activities
Prepare technical evaluations of software applications, systems, and networks
Document software application, system, and network security postures, capabilities, and
vulnerabilities
Communicate daily network event and activity reports
Advise stakeholders on the development of continuity of operations plans
Develop guidelines for implementing developed systems for customers and installation teams
Advise on security requirements to be included in statements of work
Advise on Risk Management Framework process activities and documentation
Provide cybersecurity awareness and training
Recommend data structures for use in the production of reports
Recommend new database technologies and architectures
Communicate situational awareness information to leadership
Determine causes of network alerts
Report cybersecurity incidents
Report forensic artifacts indicative of a particular operating system
Address security implications in the software acceptance phase
Recommend new or revised security, resilience, and dependability measures
Recommend organizational cybersecurity resource allocations
Determine if authorization and assurance documents identify an acceptable level of risk for software
applications, systems, and networks
Conduct technology program and project audits
Develop cybersecurity policy recommendations
Coordinate cybersecurity policy review and approval processes
Analyze system capabilities and requirements
Implement protective or corrective measures when a cybersecurity incident or vulnerability is
discovered
Design and execute exercise scenarios
Conduct test and evaluation activities
Test network infrastructure, including software and hardware devices
Maintain network infrastructure, including software and hardware devices
Track cyber defense incidents from initial detection through final resolution
Document cyber defense incidents from initial detection through final resolution
Determine if appropriate threat mitigation actions have been taken
Integrate security requirements into application design elements
Document software attack surface elements
Conduct threat modeling
Manage computing environment system operations
Capture network traffic associated with malicious activities
Analyze network traffic associated with malicious activities
Process digital evidence
Document digital evidence
Develop system performance predictions for various operating conditions
Update security documentation to reflect current application and system security design features
Verify implementation of software, network, and system cybersecurity postures
Document software, network, and system deviations from implemented security postures
Recommend required actions to correct software, network, and system deviations from
implemented security postures
Verify currency of software application, network, and system accreditation and assurance
documentation
Produce incident findings reports
Communicate incident findings to appropriate constituencies
Produce cybersecurity instructional materials
Promote cybersecurity awareness to management
Verify the inclusion of sound cybersecurity principles in the organization's vision and goals
Identify system and network capabilities
Develop cybersecurity capability strategies for custom hardware and software development
Develop cybersecurity compliance processes for external services
Develop cybersecurity audit processes for external services
Perform required reviews
Oversee policy standards and implementation strategy development
Provide cybersecurity guidance to organizational risk governance processes
Determine if procurement activities sufficiently address supply chain risks
Recommend improvements to procurement activities to address cybersecurity requirements
Determine if system requirements are adequately demonstrated in data samples
Detect cybersecurity attacks and intrusions
Distinguish between benign and potentially malicious cybersecurity attacks and intrusions
Communicate cybersecurity attacks and intrusions alerts
Perform continuous monitoring of system activity
Determine impact of malicious activity on systems and information
Coordinate critical cyber defense infrastructure protection measures
Prioritize critical cyber defense infrastructure resources
Identify system cybersecurity requirements
Determine if vulnerability remediation plans are in place
Develop vulnerability remediation plans
Determine if cybersecurity requirements have been successfully implemented
Determine the effectiveness of organizational cybersecurity policies and procedures
Perform penetration testing
Design programming language exploitation countermeasures and mitigations
Determine the impact of new system and interface implementations on organization's cybersecurity
posture
Document impact of new system and interface implementations on organization's cybersecurity
posture
Plan system security development
Conduct system security development
Document cybersecurity design and development activities
Identify supply chain risks for critical system elements
Document supply chain risks for critical system elements
Support cybersecurity compliance activities
Determine if acquisitions, procurement, and outsourcing efforts address cybersecurity requirements

Collect intrusion artifacts
Mitigate potential cyber defense incidents
Advise law enforcement personnel as technical expert
Determine organizational compliance
Forecast ongoing service demands
Conduct periodic reviews of security assumptions
Develop critical infrastructure protection policies and procedures
Implement critical infrastructure protection policies and procedures
Identify cybersecurity solutions tools and technologies
Design cybersecurity tools and technologies
Develop cybersecurity tools and technologies
Scan digital media for viruses
Mount a drive image
Utilize deployable forensics toolkit
Establish intrusion set procedures
Identify network traffic anomalies
Analyze network traffic anomalies
Validate intrusion detection system alerts
Isolate malware
Remove malware
Identify network device applications and operating systems
Reconstruct malicious attacks
Develop user experience requirements
Document user experience requirements
Develop independent cybersecurity audit processes for application software, networks, and systems
Implement independent cybersecurity audit processes for application software, networks, and
systems
Oversee independent cybersecurity audits
Determine if research and design processes and procedures are in compliance with cybersecurity
requirements
Determine if research and design processes and procedures are accurately followed by
cybersecurity staff when performing their day-to-day activities
Develop supply chain, system, network, and operational security contract language
Design and develop secure applications
Integrate system development life cycle methodologies into development environment
Manage databases and data management systems
Allocate cybersecurity services
Select cybersecurity mechanisms
Identify emerging incident trends
Construct cyber defense network tool signatures
Correlate threat assessment data
Develop quality standards
Document quality standards
Develop system security contexts
Develop technical training curriculum and resources
Deliver technical training to customers
Develop training modules and classes
Develop training assignments
Develop training evaluations
Develop grading and proficiency standards
Create learner development, training, and remediation plans
Develop learning objectives and goals
Develop organizational training materials
Develop organizational training programs
Develop proficiency assessments
Develop software documentation
Create system security concept of operations (ConOps) documents
Evaluate network infrastructure vulnerabilities
Recommend network infrastructure enhancements
Determine cybersecurity design and architecture effectiveness
Maintain incident tracking and solution databases
Notify designated managers, cyber incident responders, and cybersecurity service provider team
members of suspected cybersecurity incidents
Prepare trend analysis reports
Determine if system components can be aligned
Integrate system components
Build dedicated cyber defense hardware
Install dedicated cyber defense hardware
Create cybersecurity architecture functional specifications
Determine if technology services are delivered successfully
Acquire adequate funding for cybersecurity training
Determine effectiveness of configuration management processes
Determine effectiveness of instruction and training
Assess the behavior of individual victims, witnesses, or suspects during cybersecurity investigations
Assess the validity of source data
Determine the validity of findings
Assess the impact of implementing and sustaining a dedicated cyber defense infrastructure
Recommend commercial, government off-the-shelf, or open source products for use within a system
Determine if products comply with cybersecurity requirements
Conduct hypothesis testing
Conduct learning needs assessments
Identify training requirements
Manage customer services
Determine if qualification standards meet organizational functional requirements and comply with
industry standards
Allocate and distribute human capital assets
Create interactive learning exercises
Design system administration and management functionality for privileged access users
Develop system administration and management functionality for privileged access users
Design secure interfaces between information systems, physical systems, and embedded
technologies
Implement secure interfaces between information systems, physical systems, and embedded
technologies
Determine the impact of threats on cybersecurity
Implement threat countermeasures
Develop data gathering processes
Develop standardized cybersecurity position descriptions using the NICE Framework
Develop recruiting, hiring, and retention processes
Determine cybersecurity position requirements
Develop cybersecurity training policies and procedures
Develop cybersecurity curriculum goals and objectives
Determine if cybersecurity workforce management policies and procedures comply with legal and
organizational requirements
Define service-level agreements (SLAs)
Establish cybersecurity workforce readiness metrics
Establish waiver processes for cybersecurity career field entry and training qualification
requirements
Establish organizational cybersecurity career pathways
Develop cybersecurity workforce reporting requirements
Establish cybersecurity workforce management programs
Assess cybersecurity workforce management programs
Gather customer satisfaction and service performance feedback
Create risk-driven systems maintenance and updates processes
Define operating level agreements (OLAs)
Develop instructional strategies
Promote awareness of cybersecurity policy and strategy among management
Advise trial counsel as technical expert
Determine cybersecurity career field qualification requirements
Determine organizational policies related to or influencing the cyber workforce
Examine service performance reports for issues and variances
Initiate corrective actions to service performance issues and variances
Conduct cybersecurity workforce assessments
Integrate cybersecurity workforce personnel into information systems life cycle development
processes
Establish testing specifications and requirements
Prepare after action reviews (AARs)
Process forensic images
Perform file and registry monitoring on running systems
Enter digital media information into tracking databases
Correlate incident data
Prepare cyber defense toolkits
Design data management systems
Integrate laws and regulations into policy
Troubleshoot prototype design and process issues
Recommend vulnerability exploitation functional and security-related features
Recommend vulnerability mitigation functional- and security-related features
Develop reverse engineering tools
Determine supply chain cybersecurity requirements
Determine if cybersecurity requirements included in contracts are delivered
Integrate public key cryptography into applications
Install systems and servers
Update systems and servers
Troubleshoot systems and servers
Evaluate platforms managed by service providers
Manage organizational knowledge repositories
Analyze cybersecurity threats for counter intelligence or criminal activity
Analyze software and hardware testing results
Determine user requirements
Plan cybersecurity architecture
Analyze feasibility of software design within time and cost constraints
Preserve digital evidence
Identify alleged violations of law, regulations, policy, or guidance
Perform periodic system maintenance
Conduct trial runs of programs and software applications
Determine accurate security levels in programs and software applications
Manage network access control lists on specialized cyber defense systems
Detect concealed data
Deliver training courses
Develop organizational cybersecurity strategy
Design system security measures
Update system security measures
Develop enterprise architecture
Determine if systems meet minimum security requirements
Design organizational knowledge management frameworks
Implement organizational knowledge management frameworks
Maintain organizational knowledge management frameworks
Identify responsible parties for intrusions and other crimes
Define baseline system security requirements
Develop software system testing and validation procedures
Create software system documentation
Develop local network usage policies and procedures
Determine compliance with local network usage policies and procedures
Develop procedures for system operations transfer to alternate sites
Test failover for system operations transfer to alternative sites
Develop cost estimates for new or modified systems
Develop implementation guidelines
Determine if cybersecurity training, education, and awareness meet established goals
Resolve customer-reported system incidents and events
Analyze organizational cybrersecurity posture trends
Develop organizational cybersecurity posture trend reports
Develop system security posture trend reports
Document original condition of digital evidence
Develop cybersecurity policies and procedures
Create definition activity documentation
Create architecture activity documentation
Provide inspectors general, privacy officers, and oversight and compliance with legal analysis and
decisions
Determine compliance with cybersecurity policies and legal and regulatory requirements
Determine adequacy of access controls
Evaluate the impact of legal, regulatory, policy, standard, or procedural changes
Execute disaster recovery and continuity of operations processes
Prosecute cybercrimes and fraud committed against people and property
Identify cyber workforce planning and management issues
Address cyber workforce planning and management issues
Recommend enhancements to software and hardware solutions
Implement cyber defense tools
Identify system and network protection needs
Implement security measures for systems and system components
Resolve vulnerabilities in systems and system components
Mitigate risks in systems and system components
Implement dedicated cyber defense systems
Document system requirements
Implement system security measures
Install database management systems and software
Configure database management systems and software
Install system hardware, software, and peripheral equipment
Configure system hardware, software, and peripheral equipment
Implement cross-domain solutions
Administer system and network user accounts
Establish system and network rights processes and procedures
Establish systems and equipment access protocols
Inventory technology resources
Determine if developed solutions meet customer requirements
Develop risk acceptance documentation for senior leaders and authorized representatives
Adapt software to new hardware
Upgrade software interfaces
Improve software performance
Monitor system and server configurations
Maintain system and server configurations
Monitor client-level computer system performance
Create client-level computer system performance reports
Maintain currency of cyber defense threat conditions
Determine effectiveness of system implementation and testing processes
Establish minimum security requirements for applications
Determine if applications meet minimum security requirements
Conduct cybersecurity risk assessments
Perform cybersecurity testing on systems in development
Diagnose faulty system and server hardware
Repair faulty system and server hardware
Identify programming flaws
Address security architecture gaps
Conduct cybersecurity reviews
Identify cybersecurity gaps in enterprise architecture
Plan classroom learning sessions
Coordinate training and education
Plan delivery of non-classroom learning
Plan implementation strategies
Assess the integration and alignment capabilities of enterprise components
Prepare legal documents
Prepare investigative reports
Advise stakeholders on enterprise cybersecurity risk management
Advise stakeholders on supply chain risk management
Recommend threat and vulnerability risk mitigation strategies
Provide cybersecurity advice on implementation plans, standard operating procedures, maintenance
documentation, and maintenance training materials
Advise management, staff, and users on cybersecurity policy
Prepare impact reports
Recover information from forensic data sources
Perform periodic reviews of learning materials and courses for accuracy and currency
Recommend revisions to learning materials and curriculum
Determine if hardware and software complies with defined specifications and requirements
Record test data
Manage test data
Determine if design components meet system requirements
Determine scalability of system architecture
Advise stakeholders on vulnerability compliance
Resolve computer security incidents
Prepare cyber defense reports
Advise stakeholders on disaster recovery, contingency, and continuity of operations plans
Perform risk and vulnerability assessments
Recommend cost-effective security controls
Prepare supply chain security reports
Prepare risk management reports
Develop supply chain cybersecurity risk management policy
Conduct vulnerability analysis of software patches and updates
Prepare vulnerability analysis reports
Determine impact of new systems and system interfaces on current and target environments
Conduct cybersecurity management assessments
Design cybersecurity management functions
Prepare target analysis reports
Address identified issues in collection operations and collection plans
Synchronize collections with operational requirements
Determine if collection products and services meet requirements
Identify target operational architecture vulnerabilities
Determine impacts on collection management operational structure and requirements
Access targeted networks
Develop intelligence collection management processes
Coordinate intelligence support to operational planning
Recommend cyber operation targets
Assess target vulnerabilities and operational capabilities
Determine effectiveness of intelligence collection operations
Recommend adjustments to intelligence collection strategies
Advise stakeholders on course of action development
Develop common operational pictures
Develop cyber operations indicators
Coordinate all-source collection activities
Validate all-source collection requirements and plans
Develop priority information requirements
Develop performance success metrics
Synchronize intelligence support plans across partner organizations
Develop cybersecurity success metrics
Prepare threat and target briefings
Prepare threat and target situational updates
Build electronic target folders
Maintain electronic target folders
Classify documents
Manage request for information (RFI) processes
Develop a diverse program of information materials
Determine customer requirements
Compare allocated and available assets to collection demand
Prepare intelligence collection reports
Assess all-source data for intelligence or vulnerability value
Identify information essential to intelligence collection operations
Identify potential avenues of access in digital technologies
Access wireless computer and digital networks
Process intelligence collection data
Exploit wireless computer and digital networks
Conduct independent in-depth target and technical analysis
Conduct network scouting
Analyze system vulnerabilities within a network
Conduct on-net activities
Exfiltrate data from deployed technologies
Conduct off-net activities
Exfiltrate data from automated technologies
Perform open source data collection
Determine validity and relevance of information gathered about networks
Survey computer and digital networks
Develop intelligence collection plans
Develop cyber operations crisis action plans
Develop organizational decision support tools
Develop cyber operations staffing policies
Coordinate resource allocation of collection assets with collection discipline leads
Prepare collection plan documentation
Vet targets with partners
Communicate information requirements to collection managers
Assess capability to satisfy assigned intelligence tasks
Identify intelligence requirements
Draft intelligence sections of cyber operations plans
Identify strategies to counter potential target actions
Create comprehensive exploitation strategies
Identify exploitable technical or operational vulnerabilities
Detect exploits against targeted networks and hosts
Counter exploits against targeted networks and hosts
Inventory existing collection management webpage databases, libraries, and storehouses
Determine organizations with collection authority over predefined accessible collection assets
Develop intelligence collection report analysis processes
Prepare all-source intelligence targeting reports
Collect target information
Develop crisis plans
Maintain crisis plans
Integrate cyber operations guidance into broader planning activities
Integrate intelligence guidance into cyber operations planning activities
Prepare collections operation instructions
Develop intelligence operations plans
Provide intelligence guidance to cyber operations requirements
Allocate collection assets
Prepare munitions effectiveness assessment reports
Prepare operational assessment reports
Develop new techniques for accessing target systems
Develop policies for providing and obtaining cyber operations support from external partners
Develop international cybersecurity strategies, policies, and activities to meet organizational
objectives
Recommend potential courses of action
Develop feedback procedures
Develop partner planning strategies and processes
Develop operations strategies and processes
Develop capability development strategies and processes
Recommend changes to planning policies and procedures
Implement changes to planning policies and procedures
Develop cybersecurity cooperation agreements with external partners
Maintain cybersecurity cooperation agreements with external partners
Assess cybersecurity cooperation agreements with external partners
Prepare cyber operation strategy and planning documents
Disseminate tasking messages
Disseminate collection plans
Assess intelligence collection results
Document intelligence collection assessment findings
Develop cyber intelligence collection and production requirements
Implement collection operation plans
Synchronize intelligence planning activities with operational planning timelines
Determine if collection requests meet priority intelligence requirements
Determine if information collected satisfies intelligence requests
Determine effectiveness of network analysis strategies
Determine if collection operations meet operational requirements
Exploit network devices and terminals
Facilitate interactions between internal and external partner decision makers to synchronize and
integrate courses of action
Communicate tool requirements to developers
Develop intelligence collection strategies
Determine cyber operations partner intelligence capabilities and limitations
Develop intelligence collection requirements
Identify security cooperation priorities
Designate priority information requirements
Select collaboration platforms
Identify information collection gaps
Develop coordination requirements and procedures
Identify gaps in understanding of target technology
Determine effectiveness of processing, exploitation, and dissemination architecture
Identify system vulnerabilities within a network
Identify collection management risks
Mitigate collection management risks
Identify intelligence environment preparation derived production needs
Locate targets
Develop courses of action based on threat factors
Inform stakeholders of evaluation results
Initiate requests to guide tasking
Integrate cyber planning and targeting efforts
Interpret environment preparation assessments
Coordinate exploitation operations
Determine potential implications of new and emerging hardware and software technologies
Maintain situational awareness of organic operational infrastructure
Maintain functionality of organic operational infrastructure
Determine if changes to the operating environment require review of the plan
Modify collection requirements
Determine effectiveness of collection requirements
Asssess effectiveness of integrated cyber operations
Monitor changes to designated cyber operations warning problem sets
Prepare change reports for designated cyber operations warning problem sets
Monitor threat activities
Prepare threat activity reports
Determine when reallocated collection efforts are completed
Report on adversarial activities that fulfill priority information requirements
Determine effectiveness of the processing, exploitation, and dissemination architecture
Identify indications and warnings of target communication changes or processing failures
Identify collection operational management process risks
Gain and maintain access to target systems
Prepare cyber operations intelligence reports
Prepare indications and warnings intelligence reports
Conduct policy reviews
Assess the consequences of endorsing or not endorsing policies
Coordinate strategic planning efforts with internal and external partners
Develop external coordination policies
Degrade or remove data from networks and computers
Develop website characterizations
Prioritize collection requirements for collection platforms
Process exfiltrated data
Profile network administrators and their activities
Profile system administrators and their activities
Reassign collection assets and resources in response to dynamic operational situations
Promote collection planning as an integrated component of the strategic campaign plans and other
adaptive plans
Provide aim point recommendations for targets
Provide reengagement recommendations
Provide cyber recommendations to intelligence support planning
Asssess effectiveness of intelligence production
Asssess effectiveness of intelligence reporting
Develop cyber operations strategies
Conduct post-action effectiveness assessments
Determine effectiveness of targeting activities
Advise stakeholders on administrative and logistical elements of operational support plans
Provide intelligence analysis and support
Notify appropriate personnel of imminent hostile intentions or activities
Recommend changes to operational plans
Determine validity and relevance of information
Prepare network reports
Document information collection and environment activities
Prepare network intrusion reports
Request discipline-specific processing, exploitation, and dissemination information
Research communications trends in emerging technologies
Determine intelligence collection asset capabilities
Determine accuracy of intelligence collection guidance
Update collection plans
Approve operational requirements for research, development, and acquisition of cyber capabilities
Prioritize operational requirements for research, development, and acquisition of cyber capabilities
Submit operational requirements for research, development, and acquisition of cyber capabilities
Update collection matrices
Protect information sources and methods
Develop cyber intelligence plans
Recommend subject matter experts who can assist in the investigation of complex or unusual
situations
Recommend changes to collection plans
Recommend changes to operational environment
Specify discipline-specific taskings
Submit information requests to collection requirement management section
Submit requests for deconfliction of cyber operations
Respond to requests for deconfliction of cyber operations
Identify cyber collateral damage
Document cyber collateral damage
Synchronize intelligence engagement activities across partner organizations
Synchronize cybersecurity cooperation plans
Synchronize the integrated employment of organic and partner intelligence collection assets
Evaluate locally developed tools
Test internally developed software
Track status of information requests
Translate collection requests for discipline-specific collection requirements
Identify opportunities to improve collection management efficiency and effectiveness
Validate information requests
Determine if intelligence requirements and collection plans are accurate and up-to-date
Document lessons learned during events and exercises
Advise managers and operators on language and cultural issues
Assess target motivation
Conduct all-source target research
Analyze target communications
Conduct quality reviews of transcribed or translated materials
Identify metadata patterns
Identify metadata anomalies
Identify metadata events
Identify foreign languages and dialects in initial source data
Develop language processing tools
Prepare social network analysis documents
Scan target graphic and audio language materials
Communicate critical or time-sensitive information
Transcribe target audio language materials
Translate target graphic language materials
Translate target audio language materials
Determine if new and existing services comply with privacy and data security obligations
Develop and maintain privacy and confidentiality consent forms
Develop and maintain privacy and confidentiality authorization forms
Integrate civil rights and civil liberties in organizational programs, policies, and procedures
Integrate privacy considerations in organizational programs, policies, and procedures
Serve as liaison to regulatory and accrediting bodies
Register databases with local privacy and data protection authorities
Promote privacy awareness to management
Establish organizational Privacy Oversight Committee
Establish cybersecurity risk assessment processes
Develop information sharing strategic plans
Develop organizational information infrastructure
Implement organizational information infrastructure
Develop self-disclosure policies and procedures
Oversee consumer information access rights
Serve as information privacy liaison to technology system users
Serve as liaison to information systems department
Create privacy training materials
Prepare privacy awareness communications
Deliver privacy awareness orientations
Deliver privacy awareness trainings
Manage organizational participation in public privacy and cybersecurity events
Prepare privacy program status reports
Respond to press and other public data security inquiries
Develop organizational privacy program
Apply sanctions for failure to comply with privacy policies
Develop sanctions for failure to comply with privacy policies
Resolve allegations of noncompliance with privacy policies and notice of information practices
Develop a risk management and compliance framework for privacy
Determine if projects comply with organizational privacy and data security policies
Develop organizational privacy policies and procedures
Establish complaint processes
Establish mechanisms to track access to protected health information
Maintain the organizational policy program
Conduct privacy impact assessments
Conduct privacy compliance monitoring
Align cybersecurity and privacy practices in system information security plans
Determine if protected information releases comply with organizational policies and procedures
Administer requests for release or disclosure of protected information
Develop vendor review procedures
Develop vendor auditing procedures
Determine if partner and business agreements address privacy requirements and responsibilities
Provide legal advice for business partner contracts
Mitigate Personal Identifiable Information (PII) breaches
Administer action on organizational privacy complaints
Determine if the organization's privacy program complies with federal and state privacy laws and
regulations
Identify organizational privacy compliance gaps
Correct organizational privacy compliance gaps
Manage privacy breaches
Implement and maintain organizational privacy policies and procedures
Develop and maintain privacy and confidentiality information notices
Determine business partner requirements
Monitor advancements in information privacy technologies
Establish a cybersecurity risk management program
Establish organizational risk management strategies
Determine which business functions a system supports
Determine system stakeholders
Identify common controls available for inheritance by organizational systems
Determine the security categorization for organizational systems
Determine system boundaries
Identify system security requirements
Register systems with organizational program management offices
Identify required system security controls
Document planned system security control implementations
Establish security control monitoring strategies
Review and approve System Security Plans (SSPs)
Implement system security controls
Establish system configuration baselines
Document changes to planned system control implementations
Develop system security control assessment plans
Approve system security control assessment plans
Determine effectiveness of security controls
Prepare security control assessment reports
Conduct security control remediations
Develop cybersecurity action plans and milestones
Prepare authorization packages
Submit authorization packages to authorizing officials for adjudication
Determine risks of operating or using a system
Determine risks of using common controls
Implement cybersecurity action plans
Determine if system security risks are acceptable
Determine if common control risks are acceptable
Update cybersecurity action plans
Report system security status to authorizing officials
Determine if system security meets acceptable risk levels
Establish system disposal processes
Implement system disposal processes
Form continuous monitoring working groups
Establish continous monitoring scoring and grading metrics
Integrate a continuous monitoring program into organizational security governance structures and
policies
Make cybersecurity investment decisions to address persistent issues
Provide training and resources to continuous monitoring staff
Prepare continuous monitoring reports
Determine if risk metrics support continuous monitoring
Determine if continuous monitoring data provides situational awareness of risk levels
Define unacceptable risk threshold triggers for continuous monitoring data
Establish system-level reporting categories
Manage the continuous monitoring program
Establish continuous monitoring communication processes
Identify reporting requirements that are fulfilled by the continous monitoring program
Establish continuous monitoring reporting requirements
Perform continuous monitoring
Establish automated control assessment reporting requirements
Conduct continuous monitoring data assessments
Intergrate continuous monitoring results in ongoing authorizations
Establish access control processes for continuous monitoring tools and technologies
Implement access control processes for continuous monitoring tools and technologies
Establish technical help processes for continuous monitoring mitigators
Communicate continuous monitoring reporting requirements
Define responsibilities for implementing continuous monitoring tools or technologies
Establish liaison to scoring and metrics working group
Establish risk management processes
Establish performance measurement requirements for continuous monitoring tools and
technologies
Assess continuous monitoring performance
Coordinate responses to issues flagged during continuous monitoring
Implement risk mitigation strategies
Document system alerts
Escalate system alerts that may indicate risks
Disseminate anomalous activity reports to the insider threat hub
Identify anomalous activity
Conduct independent comprehensive assessments of target-specific information
Conduct insider threat risk assessments
Prepare insider threat briefings
Recommend risk mitigation courses of action (CoA)
Coordinate with internal and external incident management partners across jurisdictions
Recommend improvements to insider threat detection processes
Determine digital evidence priority intelligence requirements
Develop digital evidence reports for internal and external partners
Develop elicitation indicators
Identify high value assets
Identify potential insider threats
Notify appropriate personnel of imminent of imminent hostile intentions or activities
Identify imminent or hostile intentions or activities
Develop a continuously updated overview of an incident throughout the incident's life cycle
Develop insider threat cyber operations indicators
Integrate information from cyber resources, internal partners, and external partners
Advise insider threat hub inquiries
Conduct cybersecurity insider threat inquiries
Deliver all-source cyber operations and intelligence indications and warnings
Interpret network activity for intelligence value
Monitor network activity for vulnerabilities
Identify potential insider risks to networks
Document potential insider risks to networks
Report network vulnerabilities
Develop insider threat investigation plans
Investigate alleged insider threat cybersecurity policy violations
Refer cases on active insider threat activities to law enforcement investigators
Perform cybersecurity reviews
Establish an insider threat risk management assessment program
Recommend courses of action or countermeasures to mitigate risks
Evaluate organizational insider risk response capabilities
Document insider threat information sources
Conduct insider threat studies
Identify potential targets for exploitation
Analyze potential targets for exploitation
Vet insider threat targeting with law enforcement and intelligence partners
Develop insider threat targets
Maintain User Activity Monitoring (UAM) tools
Monitor the output from User Activity Monitoring (UAM) tools
Competency Area Name
Access Controls
Artificial Intelligence (AI)

Security
Asset Management
Cloud Security
Communications Security
Cryptography
Cyber Resiliency
DevSecOps
Operating Systems (OS)

Security
Operational Technology (OT)

Security
Supply Chain Security

Competency Area Description
This Competency Area describes a learner’s capabilities to define, manage, and monitor the roles
and secure access privileges of who is authorized to access protected data and resources and
understand the impact of different types of access controls.
This Competency Area describes a learner’s capabilities to secure Artificial Intelligence (AI) against
cyberattacks, to ensure it is adequately contained where it is used, and to mitigate the threat AI
presents where it or its users have malicious intent.
This Competency Area describes a learner’s capabilities to conduct and maintain an accurate
inventory of all digital assets, to include identifying, developing, operating, maintaining, upgrading,
and disposing of assets.
This Competency Area describes a learner’s capabilities to protect cloud data, applications, and
infrastructure from internal and external threats.
This Competency Area describes a learner’s capabilities to secure the transmissions, broadcasting,
switching, control, and operation of communications and related network infrastructures.
This Competency Area describes a learner’s capabilities to transform data using cryptographic
processes to ensure it can only be read by the person who is authorized to access it.
This Competency Area describes a learner’s capability related to architecting, designing, developing,
implementing, and maintaining the trustworthiness of systems that use or are enabled by cyber
resources in order to anticipate, withstand, recover from, and adapt to adverse conditions, stresses,
attacks, or compromises that use or are enabled by cyber resources.
This Competency Area describes a learner’s capabilities to integrate security as a shared

responsibility throughout the development, security, and operations (DevSecOps) life cycle of
technologies.
This Competency Area describes a learner’s capabilities to install, administer, troubleshoot, backup,
and conduct recovery of Operating Systems (OS), including in simulated environments.
This Competency Area describes a learner’s capabilities to improve and maintain the security of
Operational Technology (OT) systems while addressing their unique performance, reliability, and
safety requirements.
This Competency Area describes a learner’s capabilities to analyze and control digital and physical
risks presented by technology products or services purchased from parties outside your
organization.
Competency Area ID
NF-COM-001
NF-COM-002
NF-COM-003
NF-COM-004
NF-COM-005
NF-COM-006
NF-COM-007
NF-COM-008
NF-COM-009
NF-COM-010
NF-COM-011
OVERSIGHT and
GOVERNANCE (OG)
TKS Statement ID
K0018
K0671
K0672
K0673
K0674
K0675
K0676
K0677
K0678
K0679
K0680
K0681
K0682
K0683
K0684
K0709
K0721
K0724
K0725
K0726
K0731
K0746
K0747
K0749
K0751
K0752
K0758
K0765
K0771
K0779
K0798
K0799
K0803
K0834
K0840
K0842
K0851
K0865
K0866
K0928
K0931
K0932
K0934
K0947
K0983
K1014
K1050
K1077
K1084
K1171
K1179
S0486
S0574
S0578
S0596
S0619
S0657
S0658
S0841
S0850
S0858
S0878
T1015
T1016
T1017
T1018
T1020
T1022
T1023
T1058
T1059
T1060
T1088
T1113
T1114
T1178
T1186
T1300
T1310
Communications Security (COMSEC) Management (OG-WRL-001): Responsible for managing the
Communications Security (COMSEC) resources of an organization.

Knowledge of Communications Security (COMSEC) policies and procedures
Knowledge of the Communications Security (COMSEC) Material Control System (CMCS)
Knowledge of types of Communications Security (COMSEC) incidents
Identify roles and responsibilities for appointed Communications Security (COMSEC) personnel
Identify Communications Security (COMSEC) incidents
Report Communications Security (COMSEC) incidents
Identify in-process accounting requirements for Communications Security (COMSEC)
discovered
OPM Code: 723
Click to view TKS Statements

Click to view Work Roles and Categories
OVERSIGHT and
GOVERNANCE (OG)
TKS Statement ID
K0644
K0674
K0675
K0676
K0677
K0678
K0679
K0680
K0681
K0682
K0683
K0684
K0691
K0692
K0743
K0751
K0752
K0773
K0812
K0892
K0943
K0962
K0963
K0969
K0983
K0990
K1014
K1023
K1079
K1137
K1180
K1183
K1186
K1206
S0406
S0497
S0515
S0519
S0687
S0712
S0713
S0729
S0821
T0226
T1020
T1028
T1107
T1158
T1184
T1185
T1306
T1335
T1336
T1357
T1358
T1394
T1395
T1396
T1397
T1398
T1436
T1464
T1476
T1482
T1492
T1518
T1543
T1605
Cybersecurity Policy and Planning (OG-WRL-002): Responsible for developing and maintaining
cybersecurity plans, strategy, and policy to support and align with organizational cybersecurity
initiatives and regulatory compliance.

systems
requirements
OPM Code: 752

OVERSIGHT and
GOVERNANCE (OG)
TKS Statement ID
K0640
K0644
K0648
K0649
K0652
K0674
K0675
K0676
K0677
K0678
K0679
K0680
K0681
K0682
K0683
K0684
K0691
K0692
K0743
K0751
K0752
K0754
K0773
K0803
K0818
K0820
K0825
K0828
K0831
K0838
K0881
K0887
K0892
K0893
K0902
K0908
K0943
K0962
K0963
K0969
K0983
K0990
K1014
K1023
K1098
K1137
K1140
K1171
K1180
K1183
K1184
K1186
K1206
K1209
S0393
S0394
S0396
S0397
S0398
S0406
S0410
S0411
S0422
S0497
S0515
S0519
S0633
S0647
S0686
S0821
S0850
S0858
S0878
S0892
T0116
T0226
T0437
T1020
T1022
T1025
T1028
T1036
T1038
T1056
T1059
T1060
T1088
T1107
T1113
T1114
T1158
T1184
T1185
T1227
T1306
T1335
T1336
T1357
T1358
T1394
T1395
T1396
T1397
T1398
T1436
T1446
T1447
T1449
T1450
T1459
T1460
T1461
T1462
T1464
T1466
T1467
T1468
T1469
T1470
T1471
T1476
T1478
T1479
T1482
T1483
T1492
T1518
T1543
T1552
T1553
T1605
T1623
Cybersecurity Workforce Management (OG-WRL-003): Responsible for developing cybersecurity
workforce plans, assessments, strategies, and guidance, including cybersecurity-related staff
training, education, and hiring processes. Makes adjustments in response to or in anticipation of
changes to cybersecurity-related policy, technology, and staffing needs and requirements. Authors
mandated workforce planning strategies to maintain compliance with legislation, regulation, and
policy.

Knowledge of career paths
Knowledge of organizational career progressions
Knowledge of workforce trends
Knowledge of the NIST Workforce Framework for Cybersecurity (NICE Framework)
Knowledge of human resources policies and procedures
Knowledge of cybersecurity workforce policies and procedures
Knowledge of organizational cybersecurity workforce requirements
Skill in creating career path definitions
Skill in developing career paths
Skill in evaluating workforce trends
Identify organizational policy stakeholders
systems
requirements
Determine if qualification standards meet organizational functional requirements and comply with
industry standards
Develop standardized cybersecurity position descriptions using the NICE Framework
Develop recruiting, hiring, and retention processes
Determine cybersecurity position requirements
Establish cybersecurity workforce readiness metrics
Establish waiver processes for cybersecurity career field entry and training qualification
requirements
Establish organizational cybersecurity career pathways
Develop cybersecurity workforce reporting requirements
Establish cybersecurity workforce management programs
Assess cybersecurity workforce management programs
Determine cybersecurity career field qualification requirements
Determine organizational policies related to or influencing the cyber workforce
Integrate cybersecurity workforce personnel into information systems life cycle development
processes
Develop supply chain cybersecurity risk management policy
OPM Code: 751

OVERSIGHT and
GOVERNANCE (OG)
TKS Statement ID
K0643
K0654
K0659
K0674
K0675
K0676
K0677
K0678
K0679
K0680
K0681
K0682
K0683
K0684
K0718
K0736
K0743
K0751
K0752
K0770
K0773
K0792
K0801
K0805
K0812
K0818
K0825
K0831
K0837
K0865
K0866
K0881
K0885
K0886
K0887
K0888
K0889
K0890
K0893
K0905
K0910
K0923
K0934
K0983
K1014
K1032
K1083
K1088
K1183
S0066
S0385
S0391
S0395
S0424
S0430
S0431
S0467
S0468
S0543
S0544
S0601
S0602
S0610
S0628
S0686
S0712
S0713
S0744
S0756
S0800
S0807
T0437
T1020
T1025
T1036
T1038
T1054
T1311
T1334
T1335
T1336
T1337
T1411
T1412
T1413
T1414
T1415
T1416
T1417
T1438
T1446
T1447
T1451
T1462
T1463
T1475
T1476
T1608
T1870
T1871
T1873
Cybersecurity Curriculum Development (OG-WRL-004): Responsible for developing, planning,
coordinating, and evaluating cybersecurity awareness, training, or education content, methods, and
techniques based on instructional needs and requirements.

Determine effectiveness of instruction and training
Create interactive learning exercises
Develop instructional strategies
Perform periodic reviews of learning materials and courses for accuracy and currency
OPM Code: 711

OVERSIGHT and
GOVERNANCE (OG)
TKS Statement ID
K0638
K0643
K0654
K0659
K0674
K0675
K0676
K0677
K0678
K0679
K0680
K0681
K0682
K0683
K0684
K0685
K0686
K0689
K0718
K0728
K0729
K0730
K0736
K0743
K0744
K0751
K0752
K0759
K0766
K0770
K0773
K0792
K0801
K0805
K0806
K0810
K0812
K0818
K0825
K0831
K0837
K0839
K0858
K0863
K0864
K0865
K0866
K0881
K0885
K0886
K0887
K0888
K0889
K0890
K0893
K0905
K0910
K0923
K0924
K0934
K0983
K1014
K1032
K1055
K1069
K1083
K1087
K1088
K1089
S0097
S0156
S0379
S0380
S0381
S0385
S0386
S0387
S0388
S0389
S0390
S0391
S0392
S0393
S0394
S0395
S0424
S0430
S0431
S0467
S0468
S0472
S0473
S0483
S0530
S0543
S0544
S0572
S0591
S0592
S0597
S0600
S0601
S0602
S0610
S0612
S0613
S0618
S0628
S0629
S0643
S0651
S0686
S0688
S0712
S0713
S0738
S0739
S0744
S0754
S0756
S0791
S0800
S0807
S0874
T0101
T1008
T1009
T1020
T1025
T1036
T1038
T1054
T1093
T1156
T1157
T1311
T1334
T1411
T1412
T1413
T1414
T1415
T1416
T1417
T1418
T1419
T1421
T1446
T1447
T1462
T1463
T1485
T1517
T1537
T1594
T1595
T1596
T1609
T1870
T1871
T1873
Cybersecurity Instruction (OG-WRL-005): Responsible for developing and conducting cybersecurity
awareness, training, or education.

Knowledge of security awareness programs
Skill in verifying participation in a security awareness program
Skill in facilitating cybersecurity awareness briefings
Skill in developing training programs
Skill in assessing learner comprehension
Skill in providing training and education feedback to learners
Skill in applying technologies for instructional purposes
Evaluate the effectiveness and comprehensiveness of existing training programs
Prepare and deliver education and awareness briefings
Create a cybersecurity awareness program
Conduct interactive training exercises
Develop awareness and training materials
Identify pertinent awareness and training materials
Develop learning objectives and goals
Develop organizational training materials
Develop proficiency assessments
Deliver training courses
Determine if cybersecurity training, education, and awareness meet established goals
Plan classroom learning sessions
Coordinate training and education
Plan delivery of non-classroom learning
Recommend revisions to learning materials and curriculum
OPM Code: 712

OVERSIGHT and
GOVERNANCE (OG)
TKS Statement ID
K0674
K0675
K0676
K0677
K0678
K0679
K0680
K0681
K0682
K0683
K0684
K0685
K0686
K0696
K0736
K0743
K0746
K0747
K0751
K0752
K0784
K0785
K0800
K0819
K0820
K0821
K0829
K0830
K0834
K0892
K0918
K0919
K0944
K0945
K0954
K0983
K0990
K1014
K1050
K1070
K1138
K1182
S0414
S0415
S0416
S0610
S0686
T0006
T0220
T1020
T1023
T1069
T1070
T1189
T1511
T1535
T1546
T1549
T1599
Cybersecurity Legal Advice (OG-WRL-006): Responsible for providing cybersecurity legal advice and
recommendations, including monitoring related legislation and regulations.

Knowledge of intelligence data gathering principles and practices
Knowledge of intelligence data gathering policies and procedures
Knowledge of foreign disclosure policies and procedures
Identify alleged violations of law, regulations, policy, or guidance
Develop implementation guidelines
Provide inspectors general, privacy officers, and oversight and compliance with legal analysis and
decisions
Prepare legal documents
OPM Code: 731

OVERSIGHT and
GOVERNANCE (OG)
TKS Statement ID
K0498
K0644
K0674
K0675
K0676
K0677
K0678
K0679
K0680
K0681
K0682
K0683
K0684
K0688
K0689
K0728
K0729
K0730
K0743
K0751
K0752
K0783
K0784
K0785
K0800
K0818
K0819
K0820
K0821
K0825
K0831
K0839
K0892
K0936
K0983
K0990
K1014
K1025
K1079
K1083
K1180
K1183
K1188
K1209
K1225
S0111
S0406
S0414
S0415
S0416
S0431
S0506
S0511
S0564
S0610
S0686
S0707
S0708
S0799
S0800
S0807
S0821
S0826
T0006
T1020
T1036
T1038
T1054
T1055
T1056
T1057
T1059
T1060
T1088
T1145
T1146
T1221
T1226
T1227
T1234
T1238
T1307
T1308
T1310
T1335
T1336
T1342
T1354
T1355
T1356
T1376
T1377
T1450
T1476
T1518
T1543
T1586
T1779
T1862
T1906
Executive Cybersecurity Leadership (OG-WRL-007): Responsible for establishing vision and direction
for an organization's cybersecurity operations and resources and their impact on digital and physical
spaces. Possesses authority to make and execute decisions that impact an organization broadly,
including policy approval and stakeholder engagement.

Skill in anticipating new security threats
discovered
Establish a cybersecurity risk management program
OPM Code: 901

OVERSIGHT and
GOVERNANCE (OG)
TKS Statement ID
K0498
K0644
K0645
K0659
K0674
K0675
K0676
K0677
K0678
K0679
K0680
K0681
K0682
K0683
K0684
K0687
K0718
K0748
K0751
K0752
K0773
K0792
K0881
K0885
K0886
K0892
K0915
K0925
K0926
K0962
K0963
K0973
K0983
K0990
K1014
K1030
K1070
K1111
K1120
K1138
K1160
K1183
K1192
K1194
K1198
K1200
K1212
K1240
S0395
S0406
S0407
S0408
S0447
S0450
S0537
S0540
S0601
S0602
S0610
S0687
S0791
S0796
S0797
S0798
S0818
S0821
S0850
S0858
S0878
T0898
T1014
T1020
T1054
T1058
T1059
T1060
T1084
T1092
T1096
T1118
T1119
T1145
T1146
T1189
T1224
T1225
T1279
T1334
T1335
T1336
T1476
T1489
T1492
T1549
T1853
T1854
T1855
T1856
T1857
T1858
T1859
T1860
T1861
T1862
T1863
T1864
T1865
T1866
T1867
T1868
T1869
T1870
T1871
T1872
T1873
T1874
T1875
T1876
T1877
T1878
T1879
T1880
T1881
T1882
T1883
T1884
T1885
T1886
T1887
T1888
T1889
T1890
T1891
T1892
T1893
T1894
T1895
T1896
T1897
T1898
T1899
T1900
T1901
T1902
T1903
T1905
T1907
Privacy Compliance (OG-WRL-008): Responsible for developing and overseeing an organization’s
privacy compliance program and staff, including establishing and managing privacy-related
governance, policy, and incident response needs.

Knowledge of federal and state accreditation standards
Knowledge of organzational privacy policies and procedures
Knowledge of privacy and data security regulators
Knowledge of privacy technologies
Knowlege of privacy laws and regulations
Skill in authoring privacy disclosure statements
Skill in creating privacy policies
Skill in negotiating vendor agreements
Skill in evaluating vendor privacy practices
Skill in building internal and external stakeholder relationships
Establish an internal privacy audit program
Determine if security incidents require legal action

Determine if new and existing services comply with privacy and data security obligations
Develop and maintain privacy and confidentiality consent forms
Develop and maintain privacy and confidentiality authorization forms
Integrate civil rights and civil liberties in organizational programs, policies, and procedures
Integrate privacy considerations in organizational programs, policies, and procedures
Serve as liaison to regulatory and accrediting bodies
Register databases with local privacy and data protection authorities
Promote privacy awareness to management
Establish organizational Privacy Oversight Committee
Develop information sharing strategic plans
Develop organizational information infrastructure
Implement organizational information infrastructure
Develop self-disclosure policies and procedures
Oversee consumer information access rights
Serve as information privacy liaison to technology system users
Serve as liaison to information systems department
Deliver privacy awareness orientations
Manage organizational participation in public privacy and cybersecurity events
Prepare privacy program status reports
Respond to press and other public data security inquiries
Develop organizational privacy program
Apply sanctions for failure to comply with privacy policies
Develop sanctions for failure to comply with privacy policies
Resolve allegations of noncompliance with privacy policies and notice of information practices
Develop a risk management and compliance framework for privacy
Determine if projects comply with organizational privacy and data security policies
Develop organizational privacy policies and procedures
Establish complaint processes
Establish mechanisms to track access to protected health information
Maintain the organizational policy program
Conduct privacy impact assessments
Conduct privacy compliance monitoring
Align cybersecurity and privacy practices in system information security plans
Determine if protected information releases comply with organizational policies and procedures
Administer requests for release or disclosure of protected information
Develop vendor review procedures
Develop vendor auditing procedures
Determine if partner and business agreements address privacy requirements and responsibilities
Provide legal advice for business partner contracts
Mitigate Personal Identifiable Information (PII) breaches
Administer action on organizational privacy complaints
Determine if the organization's privacy program complies with federal and state privacy laws and
regulations
Identify organizational privacy compliance gaps
Correct organizational privacy compliance gaps
Manage privacy breaches
Implement and maintain organizational privacy policies and procedures
Develop and maintain privacy and confidentiality information notices
Monitor advancements in information privacy technologies
Establish organizational risk management strategies
OPM Code: 732

OVERSIGHT and
GOVERNANCE (OG)
TKS Statement ID
K0498
K0641
K0642
K0650
K0651
K0653
K0674
K0675
K0676
K0677
K0678
K0679
K0680
K0681
K0682
K0683
K0684
K0690
K0721
K0724
K0727
K0728
K0729
K0730
K0734
K0735
K0736
K0743
K0751
K0752
K0754
K0771
K0803
K0819
K0820
K0821
K0823
K0824
K0828
K0834
K0835
K0836
K0838
K0863
K0864
K0868
K0869
K0872
K0873
K0912
K0913
K0920
K0922
K0983
K1014
K1137
K1180
K1206
S0384
S0404
S0405
S0412
S0413
S0423
S0462
S0463
S0555
S0556
S0580
S0581
S0673
S0687
S0759
S0811
S0821
S0870
T0220
T0412
T1011
T1020
T1023
T1026
T1031
T1067
T1068
T1154
T1155
T1227
T1259
T1291
T1306
T1344
T1345
T1366
T1367
T1369
T1394
T1395
T1396
T1397
T1398
T1399
T1435
T1448
T1465
T1472
T1480
T1481
T1497
T1601
T1602
T1604
T1621
T1622
Product Support Management (OG-WRL-009): Responsible for planning, estimating costs,
budgeting, developing, implementing, and managing product support strategies in order to field and
maintain the readiness and operational capability of systems and components.

Knowledge of market research tools and techniques
Knowledge of pricing structures
Knowledge of sustainment principles and practices
Knowledge of sustainment processes
Skill in conducting market research
Skill in pricing products
systems
requirements
OPM Code: 803

OVERSIGHT and
GOVERNANCE (OG)
TKS Statement ID
K0498
K0650
K0651
K0653
K0674
K0675
K0676
K0677
K0678
K0679
K0680
K0681
K0682
K0683
K0684
K0690
K0721
K0728
K0729
K0730
K0733
K0734
K0735
K0751
K0752
K0754
K0771
K0803
K0819
K0820
K0821
K0828
K0834
K0835
K0836
K0838
K0863
K0864
K0868
K0869
K0872
K0873
K0920
K0922
K0983
K1014
K1137
K1180
K1206
S0384
S0412
S0413
S0423
S0462
S0463
S0555
S0556
S0580
S0581
S0673
S0687
S0759
S0811
S0870
T0220
T0412
T1011
T1020
T1022
T1023
T1026
T1031
T1145
T1146
T1154
T1155
T1227
T1259
T1291
T1306
T1344
T1345
T1366
T1367
T1369
T1394
T1395
T1396
T1397
T1398
T1399
T1435
T1448
T1472
T1474
T1497
T1498
T1552
T1553
T1601
T1602
T1621
T1622
Program Management (OG-WRL-010): Responsible for leading, coordinating, and the overall
success of a defined program. Includes communicating about the program and ensuring alignment
with agency or organizational priorities.

systems
requirements
OPM Code: 801

OVERSIGHT and
GOVERNANCE (OG)
TKS Statement ID
K0498
K0650
K0651
K0653
K0674
K0675
K0676
K0677
K0678
K0679
K0680
K0681
K0682
K0683
K0684
K0690
K0721
K0727
K0728
K0729
K0730
K0733
K0734
K0735
K0736
K0743
K0751
K0752
K0754
K0771
K0803
K0819
K0820
K0821
K0828
K0834
K0835
K0836
K0838
K0863
K0864
K0868
K0869
K0872
K0873
K0920
K0922
K0983
K1014
K1137
K1180
K1206
S0384
S0412
S0413
S0423
S0462
S0463
S0555
S0556
S0580
S0581
S0673
S0687
S0759
S0811
S0821
S0870
T0220
T0412
T1011
T1020
T1022
T1023
T1026
T1031
T1067
T1068
T1154
T1155
T1227
T1259
T1291
T1306
T1344
T1345
T1366
T1367
T1369
T1394
T1395
T1396
T1397
T1398
T1399
T1435
T1448
T1465
T1472
T1474
T1480
T1481
T1497
T1498
T1552
T1553
T1601
T1602
T1621
T1622
Secure Project Management (OG-WRL-011): Responsible for overseeing and directly managing
technology projects. Ensures cybersecurity is built into projects to protect the organization’s critical
infrastructure and assets, reduce risk, and meet organizational goals. Tracks and communicates
project status and demonstrates project value to the organization.

systems
requirements
OPM Code: 802

OVERSIGHT and
GOVERNANCE (OG)
TKS Statement ID
K0018
K0476
K0653
K0655
K0658
K0659
K0674
K0675
K0676
K0677
K0678
K0679
K0680
K0681
K0682
K0683
K0684
K0685
K0686
K0687
K0688
K0689
K0691
K0692
K0698
K0701
K0702
K0703
K0707
K0709
K0710
K0711
K0712
K0713
K0718
K0720
K0721
K0723
K0728
K0729
K0730
K0731
K0734
K0735
K0736
K0742
K0743
K0746
K0747
K0749
K0751
K0752
K0758
K0760
K0761
K0765
K0767
K0776
K0778
K0779
K0784
K0785
K0791
K0800
K0803
K0806
K0814
K0819
K0820
K0821
K0828
K0834
K0838
K0839
K0840
K0842
K0851
K0858
K0859
K0865
K0866
K0870
K0871
K0877
K0878
K0879
K0880
K0881
K0885
K0886
K0892
K0915
K0917
K0918
K0919
K0922
K0924
K0928
K0934
K0942
K0947
K0948
K0953
K0955
K0956
K0962
K0963
K0965
K0966
K0967
K0983
K0986
K0987
K0990
K1014
K1034
K1050
K1063
K1069
K1076
K1077
K1079
K1084
K1088
K1096
K1098
K1099
K1100
K1101
K1108
K1109
K1180
S0015
S0097
S0111
S0136
S0141
S0172
S0175
S0177
S0248
S0252
S0385
S0386
S0387
S0388
S0389
S0391
S0393
S0394
S0401
S0402
S0403
S0409
S0414
S0415
S0416
S0423
S0430
S0431
S0435
S0436
S0437
S0438
S0439
S0440
S0441
S0443
S0447
S0462
S0463
S0465
S0466
S0472
S0473
S0483
S0503
S0504
S0506
S0511
S0515
S0532
S0543
S0544
S0558
S0559
S0574
S0578
S0579
S0580
S0581
S0601
S0602
S0614
S0628
S0632
S0634
S0635
S0641
S0642
S0645
S0647
S0654
S0655
S0656
S0657
S0658
S0664
S0667
S0673
S0675
S0686
S0687
S0688
S0700
S0701
S0704
S0709
S0710
S0711
S0712
S0713
S0715
S0719
S0720
S0721
S0722
S0723
S0724
S0728
S0729
S0731
S0739
S0743
S0744
S0755
S0756
S0758
S0760
S0761
S0775
S0777
S0780
S0788
S0789
S0790
S0791
S0800
S0801
S0807
S0809
S0813
S0814
S0874
S0878
T0309
T0495
T1012
T1013
T1019
T1020
T1021
T1022
T1023
T1026
T1030
T1036
T1038
T1041
T1046
T1047
T1054
T1055
T1079
T1084
T1118
T1119
T1232
T1263
T1264
T1265
T1266
T1269
T1270
T1271
T1272
T1294
T1305
T1327
T1328
T1329
T1330
T1339
T1340
T1343
T1355
T1356
T1357
T1358
T1361
T1362
T1365
T1368
T1369
T1437
T1489
T1829
Security Control Assessment (OG-WRL-012): Responsible for conducting independent
comprehensive assessments of management, operational, and technical security controls and
control enhancements employed within or inherited by a system to determine their overall
effectiveness.

Skill in network systems management principles, models, methods (e.g., end-to-end systems
performance monitoring), and tools
Plan security authorization reviews for system and network installations
Conduct security authorization reviews for system and network installations
Develop security assurance cases for system and network installations
Verify implementation of software, network, and system cybersecurity postures
Document software, network, and system deviations from implemented security postures
Recommend required actions to correct software, network, and system deviations from
implemented security postures
Develop cybersecurity compliance processes for external services
Develop cybersecurity audit processes for external services
posture
posture

OPM Code: 612

OVERSIGHT and
GOVERNANCE (OG)
TKS Statement ID
K0640
K0644
K0674
K0675
K0676
K0677
K0678
K0679
K0680
K0681
K0682
K0683
K0684
K0685
K0686
K0691
K0692
K0698
K0710
K0711
K0720
K0721
K0723
K0728
K0729
K0730
K0734
K0735
K0736
K0743
K0746
K0747
K0751
K0752
K0760
K0761
K0767
K0778
K0784
K0785
K0791
K0800
K0803
K0819
K0820
K0821
K0828
K0834
K0838
K0839
K0859
K0870
K0871
K0877
K0878
K0879
K0880
K0892
K0915
K0917
K0918
K0919
K0942
K0948
K0955
K0956
K0962
K0963
K0983
K0990
K1014
K1050
K1077
K1079
K1084
S0396
S0397
S0398
S0406
S0414
S0415
S0416
S0430
S0432
S0439
S0447
S0465
S0466
S0497
S0515
S0686
S0801
S0807
T0495
T1019
T1020
T1022
T1023
T1036
T1038
T1107
T1232
T1305
Systems Authorization (OG-WRL-013): Responsible for operating an information system at an
acceptable level of risk to organizational operations, organizational assets, individuals, other
organizations, and the nation.

OPM Code: 611

OVERSIGHT and
GOVERNANCE (OG)
TKS Statement ID
K0018
K0092
K0674
K0675
K0676
K0677
K0678
K0679
K0680
K0681
K0682
K0683
K0684
K0685
K0686
K0687
K0701
K0709
K0710
K0716
K0717
K0721
K0723
K0724
K0725
K0726
K0727
K0731
K0732
K0734
K0735
K0736
K0740
K0741
K0743
K0744
K0746
K0747
K0749
K0751
K0752
K0754
K0758
K0759
K0765
K0769
K0770
K0771
K0778
K0779
K0783
K0791
K0798
K0799
K0803
K0818
K0820
K0822
K0823
K0824
K0825
K0827
K0828
K0831
K0834
K0837
K0838
K0839
K0840
K0842
K0848
K0849
K0851
K0859
K0865
K0866
K0870
K0871
K0877
K0878
K0891
K0892
K0915
K0917
K0918
K0919
K0928
K0934
K0947
K0955
K0956
K0962
K0963
K0983
K1014
K1050
K1077
K1079
K1084
K1093
K1133
K1137
K1171
K1179
K1180
K1183
K1188
K1189
K1209
K1221
K1225
S0462
S0463
S0465
S0466
S0509
S0564
S0572
S0574
S0578
S0616
S0617
S0620
S0826
S0841
S0850
S0858
S0878
T1019
T1020
T1022
T1023
T1026
T1052
T1056
T1057
T1058
T1059
T1060
T1061
T1086
T1087
T1088
T1113
T1114
T1178
T1180
T1181
T1182
T1183
T1186
T1188
T1201
T1221
T1222
T1223
T1224
T1225
T1226
T1227
T1233
T1234
T1235
T1236
T1238
T1245
T1246
T1247
T1284
T1285
T1286
T1291
T1293
T1295
T1298
T1300
T1304
T1307
T1308
T1310
T1317
T1321
T1335
T1336
T1342
T1343
T1344
T1345
T1354
T1355
T1356
T1357
T1358
T1368
T1369
T1373
T1374
T1375
T1376
T1377
T1476
T1586
T1601
T1602
Systems Security Management (OG-WRL-014): Responsible for managing the cybersecurity of a
program, organization, system, or enclave.

Knowledge of risk tolerance principles and practices
Knowledge of cybersecurity engineering
Knowledge of organizational policy and procedures
Advise senior leadership and authorizing official of changes affecting the organization's cybersecurity
posture
Collect and maintain system cybersecurity report data
Create system cybersecurity reports
Determine if cybersecurity inspections, tests, and reviews are coordinated for the network
environment
Determine if cybersecurity requirements are integrated into continuity planning
Determine if security engineering is used when acquiring or developing protection and detection
capabilities
Determine if protection and detection capabilities are consistent with organization-level
cybersecurity architecture
Determine if baseline security safeguards are appropriately installed
Determine implications of new and upgraded technologies to the cybersecurity program

Monitor cybersecurity data sources
Manage threat and target analysis
Manage the production of threat information
Oversee the cybersecurity training and awareness program
Establish Security Assessment and Authorization processes
Develop computer environment cybersecurity plans and requirements
Develop standard operating procedures for secure network system operations
Distribute standard operating procedures
Maintain standard operating procedures
Provide cybersecurity awareness and training
Communicate situational awareness information to leadership
Recommend organizational cybersecurity resource allocations
discovered
Determine if appropriate threat mitigation actions have been taken
Manage computing environment system operations

Determine organizational compliance
Forecast ongoing service demands
Conduct periodic reviews of security assumptions
OPM Code: 722

OVERSIGHT and
GOVERNANCE (OG)
TKS Statement ID
K0498
K0674
K0675
K0676
K0677
K0678
K0679
K0680
K0681
K0682
K0683
K0684
K0721
K0734
K0735
K0751
K0752
K0754
K0803
K0820
K0828
K0835
K0836
K0838
K0922
K0983
K1014
K1137
K1180
K1206
S0687
S0811
T0220
T1020
T1026
T1227
T1306
T1369
T1394
T1395
T1396
T1397
T1398
T1399
T1472
T1498
T1621
T1622
Technology Portfolio Management (OG-WRL-015): Responsible for managing a portfolio of
technology investments that align with the overall needs of mission and enterprise priorities.

systems
requirements
OPM Code: 804

OVERSIGHT and
GOVERNANCE (OG)
TKS Statement ID
K0653
K0674
K0675
K0676
K0677
K0678
K0679
K0680
K0681
K0682
K0683
K0684
K0721
K0727
K0733
K0734
K0735
K0751
K0752
K0754
K0771
K0803
K0819
K0820
K0821
K0828
K0835
K0836
K0838
K0868
K0869
K0872
K0873
K0922
K0983
K1014
K1137
K1206
S0423
S0462
S0463
S0580
S0581
S0619
S0811
T0412
T1020
T1026
T1067
T1068
T1154
T1155
T1306
T1344
T1345
T1394
T1395
T1396
T1397
T1398
T1399
T1480
T1481
T1498
Technology Program Auditing (OG-WRL-016): Responsible for conducting evaluations of technology
programs or their individual components to determine compliance with published standards.

systems
requirements
OPM Code: 805

DESIGN and
DEVELOPMENT (DD)
TKS Statement ID
K0018
K0055
K0092
K0646
K0674
K0675
K0676
K0677
K0678
K0679
K0680
K0681
K0682
K0683
K0684
K0685
K0686
K0687
K0688
K0689
K0690
K0691
K0692
K0694
K0698
K0707
K0709
K0710
K0714
K0718
K0719
K0720
K0727
K0728
K0729
K0730
K0731
K0736
K0739
K0742
K0743
K0744
K0745
K0749
K0751
K0752
K0753
K0756
K0757
K0758
K0759
K0765
K0768
K0772
K0773
K0778
K0779
K0791
K0814
K0835
K0836
K0839
K0840
K0842
K0846
K0847
K0848
K0849
K0851
K0859
K0865
K0866
K0868
K0869
K0870
K0871
K0872
K0873
K0874
K0875
K0876
K0877
K0878
K0891
K0894
K0906
K0907
K0915
K0917
K0918
K0919
K0921
K0927
K0928
K0933
K0934
K0942
K0947
K0948
K0949
K0952
K0983
K1014
K1049
K1080
K1081
K1086
K1095
K1110
K1111
K1120
K1137
K1143
K1159
K1169
K1173
K1194
K1212
K1216
K1223
K1236
S0141
S0172
S0383
S0385
S0386
S0387
S0418
S0419
S0428
S0429
S0430
S0458
S0465
S0466
S0543
S0544
S0551
S0569
S0570
S0571
S0574
S0578
S0590
S0596
S0598
S0613
S0632
S0637
S0638
S0655
S0657
S0658
S0659
S0673
S0674
S0675
S0683
S0685
S0686
S0728
S0762
S0791
S0813
S0814
S0822
S0853
S0880
S0893
T0084
T0542
T1010
T1019
T1020
T1027
T1029
T1077
T1096
T1100
T1101
T1122
T1123
T1124
T1125
T1126
T1151
T1152
T1153
T1168
T1169
T1179
T1263
T1264
T1265
T1293
T1294
T1361
T1362
T1363
T1364
T1403
T1404
T1410
T1423
T1426
T1434
T1507
T1508
T1519
T1520
T1521
T1527
T1544
T1545
T1556
T1563
T1583
T1627
T1628
Cybersecurity Architecture (DD-WRL-001): Responsible for ensuring that security requirements are
adequately addressed in all aspects of enterprise architecture, including reference models, segment
and solution architectures, and the resulting systems that protect and support organizational
mission and business processes.

Knowledge of data classification levels
Knowledge of multilevel security requirements
Skill in coordinating efforts between stakeholders
Skill in designing multi-level security solutions
Skill in designing cross-domain solutions
Skill in applying security models
Implement organizational evaluation and validation criteria
Develop cybersecurity designs for systems and networks with multilevel security requirements
Develop cybersecurity designs for systems and networks that require processing of multiple data
classification levels
Integrate cybersecurity designs for systems and networks
Define acquisition life cycle cybersecurity architecture requirements
Define acquisition life cycle systems security engineering requirements
posture
posture
Identify system and network protection needs
Conduct cybersecurity management assessments
Design cybersecurity management functions
OPM Code: 652

DESIGN and
DEVELOPMENT (DD)
TKS Statement ID
K0646
K0674
K0675
K0676
K0677
K0678
K0679
K0680
K0681
K0682
K0683
K0684
K0685
K0686
K0707
K0710
K0711
K0714
K0720
K0727
K0728
K0729
K0730
K0731
K0739
K0742
K0744
K0745
K0749
K0751
K0752
K0756
K0757
K0758
K0759
K0765
K0772
K0773
K0778
K0779
K0791
K0835
K0836
K0839
K0840
K0842
K0848
K0849
K0851
K0865
K0866
K0868
K0869
K0870
K0871
K0872
K0873
K0879
K0880
K0883
K0891
K0894
K0906
K0907
K0915
K0921
K0927
K0928
K0933
K0934
K0947
K0948
K0949
K0952
K0983
K1014
K1086
K1095
K1110
K1111
K1120
K1159
K1169
K1191
K1194
K1212
K1216
K1223
K1236
S0383
S0420
S0426
S0427
S0465
S0466
S0543
S0544
S0551
S0570
S0571
S0574
S0578
S0590
S0597
S0674
S0675
S0683
S0686
S0762
S0813
S0814
S0822
S0853
S0880
S0893
T0084
T0542
T1010
T1019
T1020
T1027
T1077
T1096
T1100
T1101
T1122
T1123
T1124
T1125
T1126
T1179
T1294
T1363
T1364
T1403
T1404
T1410
T1423
T1426
T1429
T1434
T1507
T1508
T1519
T1520
T1521
T1527
T1544
T1545
T1563
T1583
T1591
T1597
T1598
T1606
T1626
Enterprise Architecture (DD-WRL-002): Responsible for developing and maintaining business,
systems, and information processes to support enterprise mission needs. Develops technology rules
and requirements that describe baseline and target architectures.

Knowledge of circuit analysis tools and techniques
Skill in integrating multiple technologies
Skill in building architectures
Skill in building frameworks
Address security architecture gaps
Plan implementation strategies
Assess the integration and alignment capabilities of enterprise components
OPM Code: 651

DESIGN and
DEVELOPMENT (DD)
TKS Statement ID
K0068
K0639
K0674
K0675
K0676
K0677
K0678
K0679
K0680
K0681
K0682
K0683
K0684
K0693
K0695
K0710
K0711
K0712
K0713
K0721
K0722
K0728
K0729
K0730
K0734
K0735
K0737
K0738
K0739
K0744
K0748
K0751
K0752
K0755
K0757
K0759
K0762
K0763
K0764
K0765
K0767
K0768
K0778
K0782
K0791
K0803
K0813
K0814
K0820
K0826
K0827
K0828
K0839
K0870
K0871
K0877
K0878
K0891
K0915
K0917
K0918
K0919
K0920
K0948
K0955
K0956
K0957
K0983
K1014
K1079
K1099
K1117
K1118
K1126
K1137
K1148
K1149
K1150
K1157
K1165
K1170
K1203
K1205
K1208
K1210
K1214
K1215
K1236
K1239
S0172
S0175
S0382
S0417
S0465
S0466
S0543
S0544
S0560
S0562
S0563
S0565
S0569
S0574
S0597
S0655
S0657
S0658
S0670
S0825
S0836
S0878
S0879
S0883
T0077
T0311
T1019
T1020
T1067
T1068
T1071
T1073
T1074
T1082
T1083
T1089
T1098
T1099
T1108
T1116
T1117
T1135
T1190
T1197
T1202
T1203
T1204
T1205
T1258
T1261
T1262
T1269
T1280
T1281
T1302
T1309
T1318
T1319
T1320
T1360
T1400
T1422
T1499
T1509
T1513
T1528
T1529
T1575
T1576
T1577
T1624
T1625
Secure Software Development (DD-WRL-003): Responsible for developing, creating, modifying, and
maintaining computer applications, software, or specialized utility programs.

Knowledge of code tailoring tools and techniques
Knowledge of mathematical models
Knowledge of Public Key Infrastructure (PKI) libraries
Knowledge of secure programming tools and techniques
Knowlege of certificate management principles and practices
Skill in tailoring code analysis
Skill in deploying software securely
Skill in debugging software
Skill in implementing input validation
Skill in implementing error handling in applications
Skill in encrypting data
Skill in performing scientific analysis
Develop secure code and error handling
Evaluate software design plan timelines and cost estimates
Create program documentation during initial development and subsequent revision phases
Determine system performance requirements
Design application interfaces
Correct program errors
Determine if desired program results are produced
Design and develop software systems
Mitigate programming vulnerabilities
Identify programming code flaws
Develop workflow charts and diagrams
Convert workflow charts and diagrams into coded computer language instructions
Design programming language exploitation countermeasures and mitigations
Integrate public key cryptography into applications
OPM Code: 621

DESIGN and
DEVELOPMENT (DD)
TKS Statement ID
K0018
K0055
K0068
K0653
K0674
K0675
K0676
K0677
K0678
K0679
K0680
K0681
K0682
K0683
K0684
K0685
K0686
K0694
K0698
K0707
K0710
K0711
K0712
K0713
K0714
K0715
K0716
K0717
K0719
K0721
K0722
K0728
K0729
K0730
K0731
K0736
K0737
K0739
K0742
K0744
K0745
K0746
K0747
K0748
K0749
K0751
K0752
K0755
K0756
K0757
K0758
K0759
K0764
K0765
K0767
K0768
K0769
K0771
K0772
K0773
K0778
K0779
K0791
K0803
K0813
K0814
K0820
K0828
K0838
K0839
K0840
K0842
K0846
K0847
K0848
K0849
K0851
K0859
K0865
K0866
K0870
K0871
K0872
K0873
K0877
K0878
K0879
K0880
K0891
K0915
K0917
K0918
K0919
K0922
K0928
K0934
K0937
K0942
K0947
K0948
K0952
K0983
K1014
K1063
K1080
K1081
K1088
K1100
K1111
K1119
K1120
K1148
K1149
K1150
K1158
K1164
K1194
K1212
K1235
S0141
S0172
S0383
S0385
S0391
S0409
S0418
S0419
S0423
S0428
S0429
S0430
S0462
S0463
S0465
S0466
S0532
S0543
S0544
S0569
S0570
S0571
S0574
S0578
S0619
S0655
S0664
S0674
S0675
S0681
S0686
S0744
S0788
S0789
S0790
S0824
S0861
S0878
S0893
S0899
T0084
T0122
T0124
T0271
T1010
T1019
T1020
T1022
T1026
T1027
T1030
T1041
T1046
T1047
T1072
T1075
T1078
T1079
T1081
T1084
T1096
T1118
T1119
T1122
T1123
T1124
T1128
T1129
T1131
T1132
T1133
T1134
T1138
T1148
T1149
T1150
T1160
T1161
T1162
T1163
T1164
T1193
T1194
T1195
T1206
T1269
T1292
T1294
T1309
T1312
T1326
T1363
T1364
T1365
T1401
T1454
T1455
T1489
T1507
T1508
T1519
T1520
T1522
T1563
T1583
T1584
T1585
T1586
T1592
T1593
T1604
T1613
T1614
Secure Systems Development (DD-WRL-004): Responsible for the secure design, development, and
testing of systems and the evaluation of system security throughout the systems development life
cycle.

Knowledge of component and interface specifications
Knowledge of evaluation and validation requirements
Knowledge of hardware design principles and practices
Knowledge of user needs and requirements
Skill in performing gap analysis
Skill in testing interfaces
Implement security designs for new or existing systems
Incorporate cybersecurity vulnerability solutions into system designs (e.g., Cybersecurity
Vulnerability Alerts)
Develop cybersecurity designs to meet specific operational needs and environmental factors (e.g.,
access controls, automated applications, networked operations, high integrity and availability
requirements, multilevel security/processing of multiple classification levels, and processing
Sensitive Compartmented Information)
Determine life cycle support requirements
Determine effectiveness of system cybersecurity measures
Create product prototypes using working and theoretical models
Design cybersecurity or cybersecurity-enabled products
Develop cybersecurity or cybersecurity-enabled products
Determine if hardware, operating systems, and software applications adequately address
cybersecurity requirements
Design system data backup capabilities
Develop technical and procedural processes for integrity of stored backup data
Develop technical and procedural processes for backup data storage
Develop systems security design documentation
Develop disaster recovery and continuity of operations plans for systems under development
Test disaster recovery and continuity of operations plans for systems prior to deployment
Develop cybersecurity countermeasures for systems and applications
Develop risk mitigation strategies for systems and applications
Allocate security functions to components and elements
Remediate technical problems encountered during system testing and implementation
Direct the remediation of technical problems encountered during system testing and
implementation
Recommend cybersecurity or cybersecurity-enabled products for use within a system
Develop guidelines for implementing developed systems for customers and installation teams
Conduct test and evaluation activities
Develop system performance predictions for various operating conditions
Integrate system development life cycle methodologies into development environment
Design secure interfaces between information systems, physical systems, and embedded
technologies
Implement secure interfaces between information systems, physical systems, and embedded
technologies
Identify cybersecurity gaps in enterprise architecture
Determine if design components meet system requirements
Determine scalability of system architecture
OPM Code: 631 and 632

DESIGN and
DEVELOPMENT (DD)
TKS Statement ID
K0068
K0674
K0675
K0676
K0677
K0678
K0679
K0680
K0681
K0682
K0683
K0684
K0693
K0695
K0710
K0711
K0712
K0713
K0721
K0722
K0728
K0729
K0730
K0734
K0735
K0737
K0738
K0739
K0744
K0748
K0751
K0752
K0755
K0757
K0759
K0762
K0763
K0764
K0765
K0767
K0768
K0778
K0782
K0791
K0803
K0813
K0814
K0820
K0826
K0827
K0828
K0839
K0846
K0847
K0870
K0871
K0877
K0878
K0915
K0917
K0918
K0919
K0920
K0948
K0955
K0956
K0957
K0983
K1014
K1079
K1093
K1099
K1117
K1118
K1126
K1128
K1137
K1148
K1149
K1150
K1157
K1165
K1205
K1208
K1214
K1215
S0175
S0465
S0466
S0543
S0544
S0562
S0563
S0569
S0574
S0616
S0617
S0655
S0657
S0658
S0825
S0829
S0878
S0883
T0311
T1019
T1020
T1052
T1073
T1074
T1082
T1083
T1106
T1108
T1190
T1197
T1202
T1203
T1204
T1205
T1222
T1223
T1258
T1269
T1302
T1309
T1318
T1319
T1320
T1354
T1359
T1400
T1422
T1509
T1513
T1528
T1529
T1590
T1624
T1625
T1658
T1913
Software Security Assessment (DD-WRL-005): Responsible for analyzing the security of new or
existing computer applications, software, or specialized utility programs and delivering actionable
results.

Skill in conducting customer interviews
Develop threat models
Identify programming flaws
OPM Code: 622

DESIGN and
DEVELOPMENT (DD)
TKS Statement ID
K0018
K0055
K0674
K0675
K0676
K0677
K0678
K0679
K0680
K0681
K0682
K0683
K0684
K0685
K0686
K0687
K0690
K0698
K0715
K0721
K0727
K0728
K0729
K0730
K0731
K0733
K0736
K0742
K0743
K0744
K0745
K0746
K0747
K0748
K0749
K0751
K0752
K0755
K0756
K0757
K0758
K0759
K0765
K0768
K0769
K0771
K0772
K0773
K0779
K0803
K0820
K0828
K0834
K0838
K0839
K0840
K0842
K0848
K0849
K0851
K0865
K0866
K0872
K0873
K0891
K0892
K0920
K0928
K0934
K0942
K0947
K0952
K0962
K0963
K0983
K1014
K1050
K1077
K1084
K1086
K1122
K1128
K1213
K1227
K1228
S0066
S0465
S0466
S0497
S0515
S0551
S0554
S0555
S0556
S0590
S0654
S0673
S0674
S0675
S0724
S0759
S0801
S0822
S0824
S0830
S0870
S0878
S0886
S0891
T0235
T1019
T1020
T1022
T1023
T1026
T1031
T1097
T1107
T1115
T1127
T1139
T1217
T1243
T1244
T1259
T1283
T1366
T1367
T1392
T1393
T1408
T1409
T1423
T1430
T1431
T1527
T1534
T1573
Systems Requirements Planning (DD-WRL-006): Responsible for consulting with internal and
external customers to evaluate and translate functional requirements and integrating security
policies into technical solutions.

Knowledge of configuration management principles and practices
Knowledge of security requirements
Knowledge of systems architecture
Knowledge of systems development
Skill in performing systems analysis
Skill in conducting feasability studies
Skill in performing system analysis
Skill in performing trade-off analysis
Translate functional requirements into technical solutions
Determine functional requirements and specifications
Oversee the development of design solutions
Define project scope and objectives
Develop systems design procedures and processes
Determine if system analysis meets cybersecurity requirements
Oversee configuration management
Develop configuration management recommendations
Develop cybersecurity use cases
Develop user experience requirements
Document user experience requirements
Develop quality standards
Document quality standards
Determine if system components can be aligned
Integrate system components
Develop cost estimates for new or modified systems
Determine if developed solutions meet customer requirements
OPM Code: 641

DESIGN and
DEVELOPMENT (DD)
TKS Statement ID
K0068
K0674
K0675
K0676
K0677
K0678
K0679
K0680
K0681
K0682
K0683
K0684
K0685
K0686
K0710
K0711
K0720
K0721
K0728
K0729
K0730
K0731
K0749
K0751
K0752
K0758
K0765
K0770
K0772
K0778
K0779
K0791
K0803
K0813
K0820
K0828
K0837
K0838
K0839
K0840
K0842
K0851
K0865
K0866
K0870
K0871
K0879
K0880
K0881
K0891
K0915
K0917
K0918
K0919
K0928
K0934
K0947
K0983
K1014
K1100
S0015
S0048
S0401
S0402
S0403
S0409
S0558
S0559
S0568
S0573
S0579
S0597
S0598
S0630
S0632
S0634
S0635
S0639
S0791
S0842
S0889
T0080
T0274
T0512
T0513
T1020
T1049
T1136
T1138
T1208
T1209
T1210
T1214
T1215
T1255
T1346
T1484
T1506
T1587
T1610
T1611
T1612
T1829
Systems Testing and Evaluation (DD-WRL-007): Responsible for planning, preparing, and executing
system tests; evaluating test results against specifications and requirements; and reporting test
results and findings.

Skill in systems integration testing
Skill in designing data analysis structures
Skill in developing testing scenarios
Skill in conducting Test Readiness Reviews (TRR)
Skill in providing test and evaluation resource estimates
Skill in interpeting test results
Skill in performing test result analysis
Develop test plans to address specifications and requirements
Create auditable evidence of security measures
Perform interoperability testing on systems exchanging electronic information with other systems
Perform operational testing
Determine appropriate level of test rigor for a given system
Determine level of assurance of developed capabilities
Determine if system requirements are adequately demonstrated in data samples
Establish testing specifications and requirements
Analyze software and hardware testing results
Perform cybersecurity testing on systems in development
Record test data
Manage test data
OPM Code: 671

DESIGN and
DEVELOPMENT (DD)
TKS Statement ID
K0176
K0674
K0675
K0676
K0677
K0678
K0679
K0680
K0681
K0682
K0683
K0684
K0688
K0696
K0698
K0710
K0718
K0721
K0731
K0736
K0743
K0749
K0751
K0752
K0758
K0765
K0771
K0773
K0778
K0779
K0780
K0791
K0792
K0797
K0803
K0809
K0812
K0820
K0828
K0834
K0838
K0839
K0840
K0841
K0842
K0851
K0870
K0871
K0877
K0878
K0882
K0884
K0894
K0915
K0923
K0924
K0925
K0926
K0928
K0936
K0942
K0947
K0955
K0956
K0983
K1014
K1019
K1050
K1073
K1088
K1172
K1207
K1217
S0172
S0385
S0391
S0465
S0466
S0475
S0481
S0482
S0483
S0532
S0543
S0544
S0551
S0562
S0563
S0660
S0668
S0669
S0675
S0744
S0807
S0827
T1019
T1020
T1023
T1041
T1079
T1084
T1118
T1119
T1142
T1337
T1338
T1378
T1379
T1380
T1424
T1425
T1489
T1491
T1493
T1494
T1495
T1496
T1610
Technology Research and Development (DD-WRL-008): Responsible for conducting software and
systems engineering and software systems research to develop new capabilities with fully integrated
cybersecurity. Conducts comprehensive technology research to evaluate potential vulnerabilities in
cyberspace systems.

Knowledge of Extensible Markup Language (XML) schemas
Knowledge of middleware software capabilities and applications
Knowledge of hardware asset management principles and practices
Knowledge of mission requirements
Knowledge of reverse engineering tools and techniques
Knowledge of software and sytems engineering life cycle standards
Skill in identifying forensic digital footprints
Skill in performing forensic data analysis
Skill in performing systems engineering
Skill in designing technology processes and solutions
Skill in integrating technology processes and solutions
Validate data mining and data warehousing programs, processes, and requirements
Develop cybersecurity capability strategies for custom hardware and software development
Identify cybersecurity solutions tools and technologies
Design cybersecurity tools and technologies
Develop cybersecurity tools and technologies
Evaluate network infrastructure vulnerabilities
Recommend network infrastructure enhancements
Troubleshoot prototype design and process issues
Recommend vulnerability exploitation functional and security-related features
Recommend vulnerability mitigation functional- and security-related features
Develop reverse engineering tools
OPM Code: 661

IMPLEMENTATION and
OPERATION (IO)
TKS Statement ID
K0068
K0647
K0674
K0675
K0676
K0677
K0678
K0679
K0680
K0681
K0682
K0683
K0684
K0685
K0686
K0693
K0694
K0695
K0699
K0700
K0702
K0703
K0704
K0705
K0706
K0707
K0708
K0716
K0717
K0736
K0738
K0739
K0742
K0744
K0746
K0747
K0750
K0751
K0752
K0759
K0766
K0775
K0805
K0813
K0814
K0862
K0867
K0897
K0904
K0914
K0952
K0953
K0983
K0991
K0992
K1014
K1094
K1096
K1097
K1099
K1101
K1146
K1157
K1219
K1233
K1238
S0028
S0029
S0109
S0114
S0118
S0172
S0399
S0400
S0558
S0559
S0562
S0563
S0579
S0586
S0597
S0600
S0610
S0621
S0622
S0626
S0631
S0636
S0640
S0644
S0646
S0648
S0649
S0650
S0681
S0700
S0701
S0709
S0710
S0711
S0712
S0728
S0735
S0791
S0807
S0808
S0819
S0820
S0828
S0835
S0854
S0877
S0897
T0068
T0349
T0383
T0460
T1020
T1063
T1064
T1065
T1066
T1297
T1400
T1440
T1445
T1458
T1491
Data Analysis (IO-WRL-001): Responsible for analyzing data from multiple disparate sources to
provide cybersecurity and privacy insight. Designs and implements custom algorithms, workflow
processes, and layouts for complex, enterprise-scale data sets used for modeling, data mining, and
research purposes.

Knowledge of data visualization tools and techniques
Knowledge of logging tools and technologies
Knowledge of machine learning principles and practices
Knowledge of hexadecimal data
Knowledge of data mapping tools and techniques
Knowledge of data gathering tools and techniques
Knowledge of statistical processes
Knowledge of UNIX scripts
Knowledge of Windows scripts
Skill in developing data dictionaries
Skill in developing data models
Skill in identifying hidden patterns or relationships
Skill in performing sensitivity analysis
Skill in developing machine understandable semantic ontologies
Skill in creating complex data structures
Skill in creating programming languages
Skill in identifying common encoding techniques
Skill in performing data preprocessing
Skill in performing format conversions
Skill in performing regression analysis
Skill in performing transformation analytics
Skill in applying descriptive statistics
Skill in detecting anomalies
Skill in removing outliers
Skill in assessing an organization’s data assets
Skill in performing quantitative analysis
Develop data standards, policies, and procedures
Collect metrics and trending data
Program custom algorithms
Develop and implement data mining and data warehousing programs
Determine data requirements
Determine data specifications
Assess the validity of source data
Conduct hypothesis testing
Develop data gathering processes
OPM Code: 422

IMPLEMENTATION and
OPERATION (IO)
TKS Statement ID
K0674
K0675
K0676
K0677
K0678
K0679
K0680
K0681
K0682
K0683
K0684
K0685
K0686
K0698
K0699
K0700
K0701
K0702
K0703
K0704
K0705
K0706
K0707
K0708
K0716
K0717
K0742
K0744
K0746
K0747
K0750
K0751
K0752
K0759
K0766
K0777
K0859
K0862
K0865
K0866
K0867
K0874
K0875
K0876
K0917
K0918
K0919
K0934
K0942
K0983
K0991
K0992
K1014
K1114
K1121
K1147
K1161
S0045
S0545
S0546
S0558
S0559
S0579
S0586
S0728
S0791
S0819
S0820
S0828
S0835
S0897
T0137
T0330
T0422
T0459
T1020
T1065
T1066
T1230
T1231
T1249
T1297
T1402
T1564
T1565
Database Administration (IO-WRL-002): Responsible for administering databases and data
management systems that allow for the secure storage, query, protection, and utilization of data.

Knowledge of data storage media characteristics
Knowledge of capacity management
Knowledge of configuration management
Knowledge of financial management
Skill in designing data storage solutions
Skill in implementing data storage solutions
Maintain database management systems software
Maintain assured message delivery systems
Implement data management standards, requirements, and specifications
Implement data mining and data warehousing applications
Maintain directory replication services
Maintain information exchanges through publish, subscribe, and alert functions
Perform backup and recovery of databases
Manage databases and data management systems
Install database management systems and software
Configure database management systems and software
OPM Code: 421

IMPLEMENTATION and
OPERATION (IO)
TKS Statement ID
K0674
K0675
K0676
K0677
K0678
K0679
K0680
K0681
K0682
K0683
K0684
K0691
K0692
K0703
K0736
K0751
K0752
K0774
K0775
K0776
K0863
K0864
K0865
K0866
K0895
K0896
K0917
K0918
K0919
K0929
K0934
K0953
K0983
K0991
K0992
K1014
K1051
K1088
S0011
S0507
S0530
S0557
S0586
S0744
T1020
T1105
T1222
T1223
T1239
T1240
T1273
T1274
T1296
T1354
T1504
T1523
T1524
T1525
T1658
T1913
Knowledge Management (IO-WRL-003): Responsible for managing and administering processes and
tools to identify, document, and access an organization’s intellectual capital.

Knowledge of content creation tools and techniques
Knowledge of taxonomy models and frameworks
Knowledge of semantic ontology models and frameworks
Knowledge of content synchronization tools and techniques
Skill in conducting information searches
Skill in creating knowledge maps
Construct access paths to suites of information
Monitor the usage of knowledge management assets and resources
Create knowledge management assets and resources usage reports
Plan knowledge management projects
Deliver knowledge management projects
Recommend data structures for use in the production of reports
Manage organizational knowledge repositories
Design organizational knowledge management frameworks
Implement organizational knowledge management frameworks
Maintain organizational knowledge management frameworks
OPM Code: 431

IMPLEMENTATION and
OPERATION (IO)
TKS Statement ID
K0159
K0674
K0675
K0676
K0677
K0678
K0679
K0680
K0681
K0682
K0683
K0684
K0685
K0686
K0689
K0710
K0712
K0713
K0718
K0721
K0731
K0736
K0737
K0740
K0741
K0746
K0747
K0749
K0751
K0752
K0753
K0758
K0765
K0770
K0773
K0778
K0779
K0781
K0783
K0791
K0792
K0805
K0811
K0812
K0831
K0837
K0840
K0842
K0848
K0849
K0851
K0859
K0865
K0866
K0870
K0871
K0872
K0873
K0874
K0875
K0876
K0877
K0878
K0879
K0880
K0891
K0915
K0917
K0918
K0919
K0923
K0925
K0926
K0928
K0934
K0936
K0947
K0983
K1014
K1032
K1077
K1084
K1108
S0035
S0077
S0421
S0424
S0425
S0451
S0575
S0576
S0582
S0583
S0584
S0585
S0615
S0618
S0671
S0675
S0682
S0685
S0722
S0755
S0815
T0081
T0126
T0129
T0153
T1020
T1050
T1100
T1101
T1143
T1144
T1208
T1209
T1210
T1214
T1215
T1248
T1313
T1314
Network Operations (IO-WRL-004): Responsible for planning, implementing, and operating network
services and systems, including hardware and virtual environments.

Knowledge of Voice over IP (VoIP)
Skill in establishing a routing schema
Skill in operating network equipment
Skill in operating network systems
Skill in implementing established network security practices
Skill in applying subnet techniques
Skill in troubleshooting network equipment
Diagnose network connectivity problems
Install or replace network hubs, routers, and switches
Integrate new systems into existing network architecture
Monitor network capacity and performance
Improve network security practices
Develop network backup and recovery procedures
Implement network backup and recovery procedures
Patch network vulnerabilities
Test network infrastructure, including software and hardware devices
Maintain network infrastructure, including software and hardware devices
OPM Code: 441

IMPLEMENTATION and
OPERATION (IO)
TKS Statement ID
K0064
K0645
K0674
K0675
K0676
K0677
K0678
K0679
K0680
K0681
K0682
K0683
K0684
K0685
K0686
K0710
K0712
K0713
K0716
K0717
K0728
K0729
K0730
K0731
K0736
K0737
K0740
K0741
K0744
K0746
K0747
K0749
K0751
K0752
K0758
K0759
K0760
K0761
K0765
K0770
K0778
K0779
K0780
K0781
K0791
K0792
K0794
K0805
K0806
K0829
K0830
K0837
K0840
K0842
K0851
K0858
K0859
K0870
K0871
K0877
K0878
K0891
K0915
K0917
K0918
K0919
K0925
K0926
K0928
K0935
K0946
K0947
K0958
K0983
K1014
K1069
K1072
K1188
K1226
S0045
S0111
S0407
S0408
S0430
S0438
S0448
S0449
S0451
S0472
S0473
S0487
S0488
S0561
S0577
S0582
S0587
S0593
S0606
S0613
S0662
S0663
S0672
S0674
S0675
S0677
S0678
S0687
S0729
S0741
S0762
S0844
T0431
T0531
T1020
T1092
T1130
T1140
T1141
T1228
T1275
T1276
T1277
T1334
T1500
T1501
T1502
T1512
T1527
T1530
T1531
T1569
T1570
T1571
T1578
T1579
T1588
T1589
Systems Administration (IO-WRL-005): Responsible for setting up and maintaining a system or
specific components of a system in adherence with organizational security policies and procedures.
Includes hardware and software installation, configuration, and updates; user account management;
backup and recovery management; and security control implementation.

Knowledge of performance tuning tools and techniques
Knowledge of system integration principles and practices
Knowledge of automated security control testing tools and techniques
Knowledge of systems administration standard operating policies and procedures
Skill in creating automated security control systems
Skill in maintaining automated security control systems
Skill in configuring software
Skill in troubleshooting computer networks
Skill in maintaining directory services
Skill in managing servers
Skill in managing workstations
Skill in troubleshooting failed system components
Skill in recovering failed systems
Check system hardware availability, functionality, integrity, and efficiency
Troubleshoot hardware/software interface and interoperability problems
Develop group policies and access control lists
Develop systems administration standard operating procedures
Document systems administration standard operating procedures
Maintain baseline system security
Determine the effectiveness of data redundancy and system recovery procedures
Develop data redundancy and system recovery procedures
Execute data redundancy and system recovery procedures
Install systems and servers
Update systems and servers
Troubleshoot systems and servers
Perform periodic system maintenance
Develop local network usage policies and procedures
Determine compliance with local network usage policies and procedures
Monitor system and server configurations
Maintain system and server configurations
Diagnose faulty system and server hardware
Repair faulty system and server hardware
OPM Code: 451

IMPLEMENTATION and
OPERATION (IO)
TKS Statement ID
K0018
K0674
K0675
K0676
K0677
K0678
K0679
K0680
K0681
K0682
K0683
K0684
K0685
K0686
K0694
K0698
K0707
K0710
K0719
K0721
K0723
K0728
K0729
K0730
K0731
K0734
K0735
K0736
K0739
K0742
K0744
K0745
K0749
K0751
K0752
K0756
K0757
K0758
K0759
K0765
K0772
K0773
K0778
K0779
K0791
K0803
K0820
K0828
K0834
K0840
K0842
K0848
K0849
K0851
K0859
K0865
K0866
K0870
K0871
K0872
K0873
K0877
K0878
K0879
K0880
K0894
K0915
K0917
K0918
K0919
K0920
K0924
K0927
K0928
K0930
K0931
K0932
K0934
K0937
K0942
K0947
K0948
K0983
K1014
K1050
K1120
K1216
K1222
S0141
S0479
S0480
S0483
S0484
S0485
S0486
S0543
S0544
S0570
S0571
S0574
S0578
S0597
S0667
S0674
S0675
S0688
T0309
T1020
T1023
T1075
T1076
T1077
T1172
T1173
T1174
T1176
T1177
T1212
T1218
T1219
T1255
T1263
T1264
T1265
T1278
T1287
T1294
T1327
T1437
T1522
T1532
T1533
T1539
T1540
T1541
T1548
T1550
T1557
T1559
T1560
T1563
T1568
T1574
T1583
T1584
T1585
T1603
T1615
T1616
T1618
Systems Security Analysis (IO-WRL-006): Responsible for developing and analyzing the integration,
testing, operations, and maintenance of systems security. Prepares, performs, and manages the
security aspects of implementing and operating a system.

Knowledge of credential management systems and software
Knowledge of system availability requirements
Skill in evaluating supplier trustworthiness
Skill in evaluating product trustworthiness
Skill in developing user credential management systems
Skill in implementing user credential management systems
Implement system cybersecurity policies
Determine if systems security operations and maintenance activities are property documented and
updated
Determine that the application of security patches for commercial products meets timeline
requirements
Document commercial product timeline requirements dictated by the management authority for
intended operational environments
Implement cybersecurity countermeasures for systems and applications
Integrate automated capabilities for updating or patching system software
Develop processes and procedures for manual updating and patching of system software
Document systems security activities
Develop procedures for system operations transfer to alternate sites
Test failover for system operations transfer to alternative sites
Execute disaster recovery and continuity of operations processes
Implement security measures for systems and system components
Resolve vulnerabilities in systems and system components
Mitigate risks in systems and system components
Implement cross-domain solutions
Develop risk acceptance documentation for senior leaders and authorized representatives
OPM Code: 461

IMPLEMENTATION and
OPERATION (IO)
TKS Statement ID
K0645
K0674
K0675
K0676
K0677
K0678
K0679
K0680
K0681
K0682
K0683
K0684
K0685
K0686
K0725
K0726
K0740
K0741
K0746
K0747
K0751
K0752
K0762
K0769
K0770
K0786
K0787
K0793
K0829
K0830
K0837
K0863
K0864
K0865
K0866
K0872
K0873
K0898
K0903
K0911
K0917
K0918
K0919
K0934
K0935
K0946
K0983
K1014
K1090
K1112
K1127
K1191
S0407
S0408
S0478
S0487
S0488
S0582
S0593
S0594
S0595
S0661
S0679
S0680
S0687
S0805
S0806
S0807
S0844
S0852
S0854
S0892
T0237
T1020
T1024
T1214
T1215
T1334
T1405
T1411
T1412
T1427
T1429
T1538
T1554
T1566
T1567
T1569
T1570
T1571
T1572
T1580
T1581
T1606
T1626
Technical Support (IO-WRL-007): Responsible for providing technical support to customers who
need assistance utilizing client-level hardware and software in accordance with established or
approved organizational policies and processes.

Knowledge of service desk principles and practices
Knowledge of remote access tools and techniques
Knowledge of software, hardware, and peripheral equipment repair tools and techniques
Knowledge of asset management policies and procedures
Knowledge of customer experience principles and practices
Skill in providing customer support
Skill in repairing hardware
Skill in repairing system peripherals
Skill in troubleshooting client-level problems
Skill in configuring network workstations and peripherals
Skill in validating network workstations and peripherals
Skill in performing cyber defense trend analysis
Troubleshoot system hardware and software
Implement organizational security policies and procedures
Identify emerging incident trends
Maintain incident tracking and solution databases
Resolve customer-reported system incidents and events
Recommend enhancements to software and hardware solutions
Install system hardware, software, and peripheral equipment
Configure system hardware, software, and peripheral equipment
Inventory technology resources
Monitor client-level computer system performance
Create client-level computer system performance reports
OPM Code: 411

PROTECTION and
DEFENSE (PD)
TKS Statement ID
K0018
K0068
K0674
K0675
K0676
K0677
K0678
K0679
K0680
K0681
K0682
K0683
K0684
K0685
K0686
K0689
K0691
K0692
K0694
K0698
K0707
K0710
K0716
K0717
K0718
K0723
K0724
K0725
K0726
K0728
K0729
K0730
K0731
K0732
K0736
K0742
K0743
K0744
K0746
K0747
K0749
K0751
K0752
K0756
K0757
K0758
K0759
K0765
K0766
K0770
K0772
K0773
K0778
K0779
K0781
K0783
K0784
K0785
K0788
K0789
K0790
K0791
K0792
K0793
K0805
K0812
K0813
K0815
K0816
K0829
K0830
K0831
K0832
K0833
K0837
K0840
K0842
K0844
K0845
K0848
K0849
K0851
K0859
K0860
K0861
K0870
K0871
K0877
K0878
K0879
K0880
K0891
K0892
K0915
K0917
K0918
K0919
K0924
K0928
K0937
K0938
K0939
K0940
K0942
K0947
K0948
K0950
K0951
K0955
K0956
K0962
K0963
K0969
K0983
K1014
K1079
K1089
K1108
K1131
K1132
K1144
K1168
K1176
K1181
K1193
S0156
S0483
S0490
S0509
S0543
S0544
S0566
S0567
S0572
S0574
S0578
S0593
S0600
S0614
S0627
S0651
S0667
S0688
S0712
S0722
S0755
S0809
S0838
S0839
S0840
S0846
S0854
S0857
S0859
S0863
S0866
S0867
S0869
S0872
S0873
S0874
S0875
S0885
S0892
T0020
T0164
T0292
T0299
T1020
T1021
T1084
T1085
T1112
T1119
T1176
T1177
T1241
T1242
T1254
T1266
T1278
T1290
T1299
T1347
T1348
T1349
T1350
T1351
T1384
T1385
T1386
T1387
T1388
T1389
T1390
T1391
T1406
T1428
T1539
T1540
T1541
T1548
T1582
T1583
T1603
T1615
T1616
T1618
Defensive Cybersecurity (PD-WRL-001): Responsible for analyzing data collected from various
cybersecurity defense tools to mitigate risks.

Knowledge of network port capabilities and applications
Knowledge of network mapping principles and practices
Knowledge of subnet tools and techniques
Knowledge of cyber defense monitoring tools
Knowledge of cyber defense system analysis tools
Knowledge of data correlation tools and techniques
Knowledge of intrusion set tools and techniques
Knowledge of network topologies
Knowledge of organizational cybersecurity incident response plans
Skill in recreating network topologies
Skill in reading signatures
Skill in identifying anomalous activities
Skill in identifying exploited system weaknesses
Skill in identifying misuse activities
Skill in monitoring system activity
Skill in performing event correlation
Skill in performing malicious activity analysis
Skill in performing network data flow analysis
Skill in performing network trafffic analysis
Skill in performing system activity analysis
Develop content for cyber defense tools
Recommend computing environment vulnerability corrections
Identify network mapping and operating system (OS) fingerprinting activities
Validate network alerts
Determine the effectiveness of an observed attack
Communicate daily network event and activity reports
Detect cybersecurity attacks and intrusions
Distinguish between benign and potentially malicious cybersecurity attacks and intrusions
Communicate cybersecurity attacks and intrusions alerts
Perform continuous monitoring of system activity
Determine impact of malicious activity on systems and information
Establish intrusion set procedures
Identify network traffic anomalies
Analyze network traffic anomalies
Isolate malware
Remove malware
Identify network device applications and operating systems
Reconstruct malicious attacks
Construct cyber defense network tool signatures
Notify designated managers, cyber incident responders, and cybersecurity service provider team
members of suspected cybersecurity incidents
OPM Code: 511

PROTECTION and
DEFENSE (PD)
TKS Statement ID
K0018
K0635
K0636
K0637
K0674
K0675
K0676
K0677
K0678
K0679
K0680
K0681
K0682
K0683
K0684
K0696
K0697
K0701
K0710
K0724
K0725
K0726
K0744
K0751
K0752
K0759
K0760
K0761
K0770
K0778
K0786
K0787
K0791
K0793
K0794
K0795
K0796
K0797
K0800
K0802
K0804
K0806
K0807
K0808
K0809
K0810
K0812
K0817
K0837
K0840
K0842
K0850
K0851
K0852
K0853
K0854
K0855
K0856
K0857
K0858
K0859
K0870
K0871
K0892
K0914
K0915
K0916
K0923
K0939
K0959
K0962
K0963
K0977
K0979
K0980
K0983
K1004
K1014
K1016
K1055
K1069
K1079
K1091
K1092
K1115
K1147
K1151
K1152
K1153
K1154
K1155
K1163
K1175
K1193
S0156
S0378
S0472
S0473
S0474
S0475
S0476
S0491
S0499
S0575
S0576
S0589
S0599
S0603
S0604
S0605
S0606
S0607
S0608
S0609
S0611
S0612
S0621
S0622
S0623
S0624
S0625
S0651
S0652
S0653
S0671
S0678
S0821
S0834
S0854
S0856
S0857
S0860
S0866
S0875
S0882
S0884
T0167
T0168
T0172
T0173
T0179
T0182
T0397
T1020
T1051
T1084
T1090
T1102
T1103
T1104
T1118
T1119
T1120
T1121
T1159
T1175
T1191
T1199
T1253
T1260
T1282
T1301
T1322
T1323
T1324
T1325
T1370
T1371
T1372
T1381
T1382
T1383
T1387
T1407
T1486
T1487
T1488
T1489
T1490
T1510
T1607
T1617
Digital Forensics (PD-WRL-002): Responsible for analyzing digital evidence from computer security
incidents to derive useful information in support of system and network vulnerability mitigation.

Skill in performing bit-level analysis
Skill in creating digital evidence copies
Perform Windows registry analysis
Analyze intrusions
Decrypt seized data
Mount a drive image
Perform file and registry monitoring on running systems
Enter digital media information into tracking databases
Prepare cyber defense toolkits
OPM Code: 212

PROTECTION and
DEFENSE (PD)
TKS Statement ID
K0674
K0675
K0676
K0677
K0678
K0679
K0680
K0681
K0682
K0683
K0684
K0685
K0686
K0689
K0701
K0709
K0710
K0716
K0717
K0718
K0724
K0725
K0726
K0732
K0746
K0747
K0751
K0752
K0770
K0778
K0783
K0791
K0829
K0830
K0832
K0833
K0837
K0844
K0845
K0857
K0865
K0866
K0870
K0871
K0891
K0898
K0915
K0916
K0924
K0934
K0969
K0983
K1014
K1049
K1079
S0077
S0080
S0483
S0509
S0544
S0547
S0548
S0549
S0550
S0572
S0589
S0607
S0608
S0609
S0614
S0615
S0651
S0688
S0805
S0806
S0821
S0854
S0866
T0164
T0262
T0510
T1020
T1084
T1085
T1109
T1110
T1118
T1119
T1250
T1251
T1252
T1256
T1257
T1260
T1299
T1315
T1316
T1332
T1333
T1370
T1371
T1372
T1407
T1485
T1489
T1582
T1617
Incident Response (PD-WRL-003): Responsible for investigating, analyzing, and responding to
network cybersecurity incidents.

Skill in performing damage assessments
Skill in identifying malware
Skill in capturing malware
Skill in containing malware
Skill in reporting malware
Employ approved defense-in-depth principles and practices (e.g., defense-in-multiple places,
layered defenses, security robustness)
Coordinate incident response functions
Resolve cyber defense incidents
Coordinate technical support to enterprise-wide cybersecurity defense technicians
Perform cyber defense incident triage
Recommend incident remediation strategies
Determine the scope, urgency, and impact of cyber defense incidents
Perform forensically sound image collection
Recommend mitigation and remediation strategies for enterprise systems
Track cyber defense incidents from initial detection through final resolution
Document cyber defense incidents from initial detection through final resolution
OPM Code: 531

PROTECTION and
DEFENSE (PD)
TKS Statement ID
K0674
K0675
K0676
K0677
K0678
K0679
K0680
K0681
K0682
K0683
K0684
K0685
K0686
K0701
K0710
K0716
K0717
K0724
K0725
K0726
K0728
K0729
K0730
K0746
K0747
K0751
K0752
K0770
K0778
K0781
K0783
K0791
K0792
K0811
K0829
K0830
K0837
K0870
K0871
K0881
K0891
K0915
K0925
K0926
K0950
K0951
K0983
K1014
K1177
K1211
K1237
S0077
S0552
S0553
S0592
S0593
S0596
S0615
S0643
S0645
S0831
S0898
T1020
T1111
T1267
T1268
T1352
T1353
T1432
T1433
T1442
T1503
T1515
T1555
T1561
T1562
Infrastructure Support (PD-WRL-004): Responsible for testing, implementing, deploying,
maintaining, and administering infrastructure hardware and software for cybersecurity.

Knowledge of NIST Risk Management Framework authorization requirements
Knowledge of security assessment authorization requirements
Knowledge of Virtual Private Network (VPN) devices
Skill in applying host access controls
Skill in applying network access controls
Skill in configuring hardware
Skill in testing hardware
Administer rule and signature updates for specialized cyber defense applications
Perform system administration on specialized cyber defense applications and systems
Administer Virtual Private Network (VPN) devices
Coordinate critical cyber defense infrastructure protection measures
Prioritize critical cyber defense infrastructure resources
Build dedicated cyber defense hardware
Install dedicated cyber defense hardware
Assess the impact of implementing and sustaining a dedicated cyber defense infrastructure
Evaluate platforms managed by service providers
Manage network access control lists on specialized cyber defense systems
Implement cyber defense tools
Implement dedicated cyber defense systems
Document system requirements
OPM Code: 521

PROTECTION and
DEFENSE (PD)
TKS Statement ID
K0635
K0636
K0637
K0656
K0657
K0674
K0675
K0676
K0677
K0678
K0679
K0682
K0683
K0684
K0689
K0707
K0710
K0721
K0734
K0735
K0751
K0752
K0778
K0784
K0785
K0862
K0870
K0871
K0909
K1014
K1023
K1031
K1085
K1096
K1115
K1139
K1151
K1152
K1154
K1155
K1180
K1188
K1197
K1209
K1241
K1242
K1243
K1244
K1245
K1246
K1247
K1248
K1249
K1250
K1251
K1252
K1253
K1254
K1255
K1256
K1257
K1258
K1259
K1260
K1261
K1262
K1263
K1265
K1267
K1268
K1269
K1270
K1271
K1272
K1273
K1274
K1275
S0378
S0442
S0477
S0540
S0558
S0559
S0579
S0588
S0606
S0610
S0688
S0690
S0728
S0748
S0791
S0817
S0821
S0848
S0854
S0866
S0874
S0890
S0896
S0900
S0902
S0904
S0905
S0906
S0907
S0908
S0909
S0910
S0911
S0912
S0913
S0916
T1056
T1057
T1062
T1084
T1085
T1119
T1160
T1161
T1162
T1227
T1266
T1324
T1325
T1439
T1510
T1592
T1689
T1690
T1698
T1712
T1737
T1743
T1789
T1790
T1799
T1801
T1969
T1970
T1971
T1973
T1974
T1975
T1976
T1977
T1978
T1979
T1980
T1981
T1982
T1983
T1985
T1986
T1987
T1988
T1989
T1990
T1991
T1992
T1993
T1994
T1995
T1996
T1997
T1998
T1999
T2001
T2003
T2004
T2005
T2006
T2007
T2008
T2009
T2010
T2011
Insider Threat Analysis (PD-WRL-005): Responsible for identifying and assessing the capabilities and
activities of cybersecurity insider threats; produces findings to help initialize and support law
enforcement and counterintelligence activities and investigations.

Knowledge of cultural, political, and organizational assets
Knowledge of cybersecurity review processes and procedures
Knowledge of cybersecurity threat remediation principles and practices
Knowledge of cybersecurity tools and techniques
Knowledge of data exfiltration tools and techniques
Knowledge of data handling tools and techniques
Knowledge of data monitoring tools and techniques
Knowledge of digital and physical security vulnerabilities
Knowledge of digital and physical security vulnerability remediation principles and practices
Knowledge of external organization roles and responsibilities
Knowledge of external referrals policies and procedures
Knowledge of high value asset characteristics
Knowledge of information collection tools and techniques
Knowledge of insider threat hub policies and procedures
Knowledge of insider threat hub operations
Knowledge of insider threat operational indicators
Knowledge of insider threat policies and procedures
Knowledge of insider threat tactics
Knowledge of insider threat targets
Knowledge of intelligence laws and regulations
Knowledge of known insider attacks
Knowledge of network endpoints
Knowledge of notification policies and procedures
Knowledge of organizational objectives, resources, and capabilities
Knowledge of previously referred potential insider threats
Knowledge of risk reduction metrics
Knowledge of security information and event management (SIEM) tools and techniques
Knowledge of suspicious activity response processes
Knowledge of system alert policies and procedures
Knowledge of system components
Knowledge of threat investigation policies and procedures
Knowledge of threat modeling tools and techniques
Knowledge of User Activity Monitoring (UAM) tools and techniques
Skill in analyzing information from multiple sources
Skill in building relationships remotely and in person
Skill in correlating data from multiple tools
Skill in determining what information may helpful to a specific audience
Skill in identifying insider risk security gaps
Skill in identifying insider threats
Skill in determining the importance of assets
Skill in integrating information from multiple sources
Skill in performing cyberintelligence data analysis
Skill in performing data queries
Skill in performing human behavioral analysis
Skill in performing link analysis
Skill in recognizing recurring threat incidents
Contribute insider threat expertise to organizational cybersecurity awareness program
Document system alerts
Escalate system alerts that may indicate risks
Disseminate anomalous activity reports to the insider threat hub
Conduct independent comprehensive assessments of target-specific information
Conduct insider threat risk assessments
Prepare insider threat briefings
Recommend risk mitigation courses of action (CoA)
Coordinate with internal and external incident management partners across jurisdictions
Recommend improvements to insider threat detection processes
Determine digital evidence priority intelligence requirements
Develop digital evidence reports for internal and external partners
Develop elicitation indicators
Identify high value assets
Identify potential insider threats
Identify imminent or hostile intentions or activities
Develop a continuously updated overview of an incident throughout the incident's life cycle
Develop insider threat cyber operations indicators
Integrate information from cyber resources, internal partners, and external partners
Advise insider threat hub inquiries
Conduct cybersecurity insider threat inquiries
Deliver all-source cyber operations and intelligence indications and warnings
Interpret network activity for intelligence value
Monitor network activity for vulnerabilities
Identify potential insider risks to networks
Document potential insider risks to networks
Report network vulnerabilities
Develop insider threat investigation plans
Investigate alleged insider threat cybersecurity policy violations
Refer cases on active insider threat activities to law enforcement investigators
Establish an insider threat risk management assessment program
Evaluate organizational insider risk response capabilities
Document insider threat information sources
Conduct insider threat studies
Identify potential targets for exploitation
Analyze potential targets for exploitation
Vet insider threat targeting with law enforcement and intelligence partners
Develop insider threat targets
Maintain User Activity Monitoring (UAM) tools
Monitor the output from User Activity Monitoring (UAM) tools
OPM Code: TBD

PROTECTION and
DEFENSE (PD)
TKS Statement ID
K0018
K0480
K0655
K0658
K0674
K0675
K0676
K0677
K0678
K0679
K0680
K0681
K0682
K0683
K0684
K0689
K0690
K0697
K0718
K0719
K0751
K0752
K0766
K0773
K0786
K0787
K0788
K0789
K0790
K0792
K0806
K0812
K0818
K0825
K0831
K0844
K0845
K0857
K0858
K0865
K0866
K0915
K0916
K0925
K0926
K0934
K0960
K0969
K0983
K0984
K0989
K0990
K0994
K1002
K1005
K1007
K1008
K1009
K1010
K1011
K1014
K1019
K1025
K1028
K1035
K1049
K1059
K1066
K1067
K1068
K1069
K1100
K1101
K1109
K1113
K1197
S0111
S0194
S0385
S0430
S0433
S0434
S0435
S0436
S0438
S0443
S0444
S0446
S0472
S0473
S0494
S0505
S0506
S0509
S0511
S0512
S0514
S0516
S0517
S0535
S0537
S0540
S0555
S0556
S0579
S0600
S0633
S0673
S0696
S0702
S0704
S0709
S0712
S0713
S0718
S0719
S0724
S0728
S0748
S0751
S0756
S0765
S0777
S0779
S0791
S0869
S0876
T0569
T0685
T0698
T0707
T0718
T0751
T0845
T1020
T1035
T1053
T1054
T1055
T1640
T1641
T1643
T1644
T1645
T1646
T1647
T1651
T1652
T1686
T1762
T1763
T1765
T1766
T1767
T1768
T1770
T1772
T1775
T1776
T1792
T1793
T1798
T1799
T1804
T1835
Threat Analysis (PD-WRL-006): Responsible for collecting, processing, analyzing, and disseminating
cybersecurity threat assessments. Develops cybersecurity indicators to maintain awareness of the
status of the highly dynamic operating environment.

interests
OPM Code: 141

PROTECTION and
DEFENSE (PD)
TKS Statement ID
K0068
K0674
K0675
K0676
K0677
K0678
K0679
K0680
K0681
K0682
K0683
K0684
K0685
K0686
K0688
K0698
K0701
K0710
K0716
K0717
K0728
K0729
K0730
K0742
K0751
K0752
K0760
K0761
K0770
K0778
K0779
K0783
K0791
K0797
K0813
K0832
K0833
K0837
K0844
K0845
K0865
K0866
K0870
K0871
K0879
K0880
K0882
K0891
K0915
K0924
K0934
K0939
K0942
K0955
K0956
K0969
K0983
K1014
K1076
K1079
K1087
K1129
K1130
K1182
S0483
S0492
S0532
S0543
S0544
S0572
S0574
S0578
S0588
S0591
S0597
S0641
S0642
S0656
S0675
S0686
S0688
S0804
T1020
T1041
T1069
T1070
T1079
T1084
T1091
T1118
T1119
T1229
T1279
T1341
T1489
T1619
T1620
Vulnerability Analysis (PD-WRL-007): Responsible for assessing systems and networks to identify
deviations from acceptable configurations, enclave policy, or local policy. Measure effectiveness of
defense-in-depth architecture against known vulnerabilities.

Knowledge of cyber defense auditing laws and regulations
Knowledge of cyber defense auditing policies and practices
Skill in performing threat environment analysis
Skill in assessing an organization's threat environment
Maintain deployable cyber defense audit toolkits
Perform required reviews
Perform risk and vulnerability assessments
Recommend cost-effective security controls
OPM Code: 541

INVESTIGATION (IN)
TKS Statement ID
K0674
K0675
K0676
K0677
K0678
K0679
K0680
K0681
K0682
K0683
K0684
K0685
K0686
K0716
K0717
K0732
K0744
K0751
K0752
K0759
K0770
K0784
K0785
K0788
K0789
K0790
K0795
K0796
K0800
K0802
K0804
K0833
K0837
K0884
K0892
K0899
K0900
K0901
K0909
K0923
K0962
K0963
K0969
K0983
K1014
K1016
K1079
K1115
K1138
K1139
K1151
K1152
K1153
K1154
K1155
S0469
S0470
S0471
S0477
S0509
S0589
S0607
S0608
S0609
S0620
S0651
S0807
S0848
S0854
S0856
S0863
S0866
S0890
S0896
T0193
T1020
T1090
T1094
T1095
T1137
T1187
T1191
T1192
T1196
T1198
T1199
T1200
T1207
T1241
T1242
T1324
T1325
T1439
T1456
T1457
T1477
T1505
T1510
T1526
T1542
T1551
T1600
T1639
T1712
Cybercrime Investigation (IN-WRL-001): Responsible for investigating cyberspace intrusion incidents
and crimes. Applies tactics, techniques, and procedures for a full range of investigative tools and
processes and appropriately balances the benefits of prosecution versus intelligence gathering.

Skill in navigating the dark web
Skill in using the TOR network
Conduct victim and witness interviews
Conduct suspect interrogations
Investigate suspicious activity and alleged digital crimes
Establish internal and external cross-team relationships
Conduct analysis of computer network attacks
Determine if security incidents are indicative of a violation of law that requires specific legal action
Identify data or intelligence of evidentiary value
Identify elements of proof of cybersecurity crimes
Advise trial counsel as technical expert
Analyze cybersecurity threats for counter intelligence or criminal activity
Identify responsible parties for intrusions and other crimes
Prosecute cybercrimes and fraud committed against people and property
Prepare investigative reports
OPM Code: 221

INVESTIGATION (IN)
TKS Statement ID
K0635
K0636
K0637
K0674
K0675
K0676
K0677
K0678
K0679
K0680
K0681
K0682
K0683
K0684
K0696
K0697
K0701
K0710
K0724
K0725
K0726
K0744
K0751
K0752
K0759
K0760
K0761
K0770
K0778
K0784
K0785
K0786
K0787
K0791
K0793
K0794
K0795
K0796
K0797
K0800
K0802
K0804
K0806
K0807
K0808
K0809
K0810
K0812
K0817
K0837
K0840
K0842
K0850
K0851
K0852
K0853
K0854
K0855
K0856
K0857
K0858
K0859
K0870
K0871
K0892
K0914
K0915
K0916
K0923
K0941
K0962
K0963
K0977
K0979
K0980
K0983
K1004
K1014
K1016
K1055
K1069
K1079
K1091
K1092
K1115
K1145
K1147
K1151
K1152
K1153
K1154
K1155
K1163
K1175
K1220
S0156
S0378
S0471
S0472
S0473
S0474
S0475
S0476
S0499
S0575
S0576
S0589
S0599
S0603
S0604
S0605
S0606
S0607
S0608
S0609
S0611
S0612
S0621
S0622
S0623
S0624
S0625
S0651
S0671
S0678
S0834
S0854
S0856
S0857
S0860
S0866
S0882
S0884
T0167
T0168
T0172
T0173
T0179
T0182
T0193
T1020
T1051
T1090
T1102
T1103
T1104
T1120
T1159
T1175
T1191
T1199
T1207
T1253
T1282
T1301
T1322
T1323
T1324
T1325
T1332
T1333
T1370
T1371
T1381
T1382
T1383
T1486
T1510
T1516
T1542
T1607
Digital Evidence Analysis (IN-WRL-002): Responsible for identifying, collecting, examining, and
preserving digital evidence using controlled and documented analytical and investigative
techniques.

Knowledge of data concealment tools and techniques
Knowledge of data encryption practices and principles
Knowledge of steganography practices and principles
Analyze intrusions
Mount a drive image
Detect concealed data
OPM Code: 211

CYBERSPACE
INTELLIGENCE (CI)
TKS Statement ID
K0018
K0480
K0551
K0655
K0658
K0674
K0675
K0676
K0677
K0678
K0679
K0680
K0681
K0682
K0683
K0684
K0689
K0690
K0697
K0718
K0719
K0751
K0752
K0766
K0773
K0786
K0787
K0788
K0789
K0790
K0792
K0806
K0812
K0818
K0825
K0831
K0844
K0845
K0857
K0858
K0865
K0866
K0891
K0892
K0915
K0916
K0925
K0926
K0934
K0960
K0968
K0969
K0983
K0984
K0986
K0987
K0989
K0990
K0994
K1002
K1005
K1007
K1008
K1009
K1010
K1011
K1014
K1023
K1025
K1028
K1035
K1042
K1049
K1058
K1059
K1063
K1066
K1067
K1068
K1069
K1100
K1101
K1109
K1113
K1196
K1197
S0111
S0194
S0385
S0430
S0433
S0434
S0435
S0436
S0438
S0443
S0444
S0446
S0472
S0473
S0494
S0503
S0504
S0505
S0506
S0509
S0511
S0512
S0514
S0515
S0516
S0517
S0535
S0537
S0540
S0555
S0556
S0579
S0600
S0633
S0673
S0686
S0693
S0702
S0704
S0709
S0712
S0713
S0718
S0719
S0724
S0728
S0731
S0748
S0751
S0756
S0765
S0777
S0779
S0791
S0801
S0847
S0866
S0869
S0876
T0569
T0685
T0686
T0698
T0707
T0718
T0751
T0845
T1020
T1022
T1030
T1035
T1042
T1046
T1047
T1054
T1055
T1084
T1085
T1118
T1119
T1489
T1638
T1640
T1641
T1642
T1643
T1644
T1645
T1646
T1647
T1651
T1652
T1661
T1686
T1739
T1741
T1762
T1763
T1765
T1766
T1767
T1768
T1770
T1772
T1775
T1776
T1792
T1793
T1795
T1798
T1799
T1804
T1835
All-Source Analysis (CI-WRL-001): Responsible for analyzing data and information from one or
multiple sources to conduct preparation of the operational environment, respond to requests for
information, and submit intelligence collection and production requirements in support of
intelligence planning and operations.

interests
OPM Code: 111

CYBERSPACE
INTELLIGENCE (CI)
TKS Statement ID
K0018
K0480
K0498
K0551
K0674
K0675
K0676
K0677
K0678
K0679
K0680
K0681
K0682
K0683
K0684
K0689
K0697
K0718
K0719
K0721
K0734
K0735
K0751
K0752
K0773
K0776
K0786
K0787
K0792
K0806
K0812
K0815
K0844
K0845
K0857
K0858
K0864
K0916
K0972
K0976
K0977
K0978
K0983
K0986
K0987
K0991
K0992
K1007
K1011
K1014
K1021
K1023
K1026
K1029
K1030
K1031
K1042
K1045
K1048
K1049
K1052
K1060
K1061
K1062
K1064
K1069
K1085
K1088
K1109
K1178
K1195
K1196
S0335
S0430
S0431
S0432
S0472
S0473
S0494
S0495
S0496
S0498
S0500
S0502
S0503
S0504
S0505
S0506
S0509
S0511
S0512
S0514
S0515
S0518
S0520
S0525
S0528
S0529
S0530
S0535
S0538
S0540
S0586
S0673
S0675
S0721
S0728
S0760
S0762
S0764
S0774
S0775
S0777
S0778
S0779
S0781
S0786
S0788
S0789
S0790
S0791
S0793
S0800
S0801
S0869
T0578
T0645
T0698
T0723
T0734
T0737
T1020
T1031
T1035
T1036
T1038
T1055
T1630
T1631
T1632
T1634
T1636
T1640
T1641
T1647
T1659
T1660
T1677
T1681
T1682
T1686
T1693
T1695
T1696
T1703
T1706
T1723
T1724
T1737
T1739
T1741
T1742
T1743
T1744
T1745
T1746
T1748
T1749
T1769
T1771
T1773
T1783
T1787
T1805
T1807
T1808
T1809
T1813
T1818
T1819
T1820
T1828
All-Source Collection Management (CI-WRL-002): Responsible for identifying intelligence collection
authorities and environment; incorporating priority information requirements into intelligence
collection management; and developing concepts to meet leadership's intent. Determines
capabilities of available intelligence collection assets; constructs and disseminates intelligence
collection plans; and monitors execution of intelligence collection tasks to ensure effective
execution of collection plans.

Knowledge of resource and asset readiness reporting policies and procedures
Knowledge of operational environment risks
Knowledge of priority information requirements
Skill in evaluating feasibility of intelligence collection sources
Determine course of action for addressing changes to objectives, guidance, and operational
environment
Identify potential collection disciplines for application against priority information requirements
Link priority collection requirements to optimal assets and resources
Address identified issues in collection operations and collection plans
Synchronize collections with operational requirements
Develop intelligence collection management processes
Compare allocated and available assets to collection demand
Coordinate resource allocation of collection assets with collection discipline leads
Prepare collection plan documentation
Inventory existing collection management webpage databases, libraries, and storehouses
Determine organizations with collection authority over predefined accessible collection assets
Prepare collections operation instructions
Allocate collection assets
Disseminate tasking messages
Disseminate collection plans
Develop coordination requirements and procedures
Determine effectiveness of processing, exploitation, and dissemination architecture
Determine when reallocated collection efforts are completed
Determine effectiveness of the processing, exploitation, and dissemination architecture
Identify collection operational management process risks
Prioritize collection requirements for collection platforms
Reassign collection assets and resources in response to dynamic operational situations
Request discipline-specific processing, exploitation, and dissemination information
Update collection plans
Update collection matrices
Recommend changes to collection plans
Recommend changes to operational environment
Specify discipline-specific taskings
Synchronize the integrated employment of organic and partner intelligence collection assets
OPM Code: 311

CYBERSPACE
INTELLIGENCE (CI)
TKS Statement ID
K0018
K0480
K0498
K0551
K0674
K0675
K0676
K0677
K0678
K0679
K0680
K0681
K0682
K0683
K0684
K0689
K0697
K0718
K0719
K0721
K0734
K0735
K0751
K0752
K0773
K0776
K0786
K0787
K0792
K0806
K0812
K0815
K0844
K0845
K0858
K0864
K0972
K0976
K0977
K0978
K0983
K0986
K0987
K0991
K0992
K1007
K1014
K1023
K1026
K1031
K1042
K1045
K1048
K1049
K1052
K1060
K1061
K1062
K1064
K1069
K1085
K1088
K1109
K1196
S0335
S0430
S0431
S0432
S0472
S0473
S0494
S0495
S0496
S0498
S0500
S0502
S0503
S0504
S0506
S0511
S0514
S0515
S0518
S0520
S0525
S0528
S0530
S0535
S0538
S0540
S0586
S0673
S0728
S0760
S0764
S0777
S0779
S0780
S0781
S0784
S0786
S0791
S0792
S0793
S0794
S0795
S0800
S0801
T0565
T0577
T0578
T0734
T1020
T1031
T1035
T1036
T1038
T1055
T1222
T1223
T1354
T1632
T1634
T1640
T1641
T1656
T1658
T1660
T1686
T1696
T1713
T1725
T1726
T1729
T1730
T1731
T1733
T1739
T1741
T1742
T1748
T1749
T1753
T1762
T1763
T1788
T1807
T1808
T1821
T1831
T1832
T1833
T1834
T1913
All-Source Collection Requirements Management (CI-WRL-003): Responsible for evaluating
intelligence collection operations and developing effects-based collection requirements strategies
using available sources and methods to improve collection. Develops, processes, validates, and
coordinates submission of intelligence collection requirements. Evaluates performance of
intelligence collection assets and operations.

Skill in resolving conflicting intelligence collection requirements
Skill in establishing timelines
Skill in tracking intelligence collection requirements
Analyze incoming collection requests
Assess efficiency of existing information exchange and management systems
Manage request for information (RFI) processes
Develop feedback procedures
Assess intelligence collection results
Document intelligence collection assessment findings
Determine if collection requests meet priority intelligence requirements
Determine if information collected satisfies intelligence requests
Determine if collection operations meet operational requirements
Inform stakeholders of evaluation results
Promote collection planning as an integrated component of the strategic campaign plans and other
adaptive plans
Submit information requests to collection requirement management section
Track status of information requests
Translate collection requests for discipline-specific collection requirements
Identify opportunities to improve collection management efficiency and effectiveness
Validate information requests
OPM Code: 312

CYBERSPACE
INTELLIGENCE (CI)
TKS Statement ID
K0018
K0480
K0498
K0644
K0674
K0675
K0676
K0677
K0678
K0679
K0680
K0681
K0682
K0683
K0684
K0689
K0697
K0698
K0718
K0719
K0751
K0752
K0766
K0773
K0784
K0785
K0786
K0787
K0792
K0799
K0800
K0806
K0812
K0815
K0818
K0819
K0820
K0821
K0825
K0831
K0834
K0857
K0858
K0865
K0866
K0892
K0899
K0900
K0901
K0915
K0916
K0925
K0926
K0934
K0942
K0959
K0960
K0961
K0964
K0968
K0969
K0976
K0978
K0983
K0984
K0985
K0989
K0990
K0993
K1005
K1007
K1008
K1009
K1011
K1014
K1019
K1020
K1023
K1024
K1025
K1027
K1028
K1029
K1030
K1035
K1036
K1037
K1038
K1049
K1050
K1054
K1058
K1059
K1063
K1066
K1067
K1069
K1100
K1101
K1109
K1187
K1196
S0186
S0310
S0385
S0414
S0415
S0416
S0430
S0431
S0432
S0438
S0439
S0472
S0473
S0493
S0494
S0497
S0498
S0501
S0505
S0509
S0513
S0514
S0515
S0526
S0527
S0529
S0535
S0537
S0540
S0579
S0600
S0610
S0633
S0686
S0687
S0702
S0704
S0709
S0712
S0713
S0728
S0729
S0739
S0756
S0761
S0762
S0763
S0765
S0766
S0767
S0768
S0769
S0770
S0771
S0772
S0773
S0778
S0779
S0782
S0783
S0785
S0787
S0788
S0789
S0790
S0791
S0800
S0801
S0811
S0817
S0847
T0630
T0718
T0734
T1020
T1023
T1033
T1035
T1036
T1037
T1038
T1043
T1044
T1045
T1046
T1047
T1048
T1054
T1456
T1457
T1637
T1638
T1639
T1644
T1647
T1649
T1650
T1657
T1661
T1678
T1679
T1684
T1685
T1686
T1687
T1688
T1702
T1705
T1712
T1717
T1718
T1727
T1728
T1729
T1738
T1739
T1741
T1750
T1752
T1756
T1761
T1779
T1791
T1800
T1815
T1835
T1836
Cyber Intelligence Planning (CI-WRL-004): Responsible for developing intelligence plans to satisfy
cyber operation requirements. Identifies, validates, and levies requirements for intelligence
collection and analysis. Participates in targeting selection, validation, synchronization, and execution
of cyber actions. Synchronizes intelligence activities to support organization objectives in
cyberspace.

Knowledge of all-source intelligence reporting policies and procedures
Knowledge of post implementation review (PIR) processes
Skill in applying analytical standards during intelligence product evaluation
Skill in determining intelligence employment requirements
Skill in coordinating product development
Skill in developing tailored intelligence products
Skill in allocating resources
Skill in creating planning documents
Skill in maintaining planning documents
Skill in tracking services
Skill in monitoring threat effects to partner capabilities
Coordinate intelligence support to operational planning
Communicate information requirements to collection managers
Assess capability to satisfy assigned intelligence tasks
Draft intelligence sections of cyber operations plans
Integrate intelligence guidance into cyber operations planning activities
Provide intelligence guidance to cyber operations requirements
Develop cyber intelligence collection and production requirements
Determine cyber operations partner intelligence capabilities and limitations
Identify intelligence environment preparation derived production needs
Develop cyber intelligence plans
OPM Code: 331

CYBERSPACE
INTELLIGENCE (CI)
TKS Statement ID
K0359
K0476
K0540
K0674
K0675
K0676
K0677
K0678
K0679
K0680
K0681
K0682
K0683
K0684
K0689
K0695
K0710
K0718
K0751
K0752
K0773
K0784
K0785
K0791
K0792
K0793
K0800
K0812
K0816
K0819
K0820
K0821
K0844
K0845
K0855
K0865
K0866
K0892
K0915
K0925
K0926
K0934
K0962
K0963
K0965
K0966
K0967
K0981
K0983
K0984
K0986
K0987
K0990
K1004
K1010
K1014
K1016
K1019
K1028
K1034
K1039
K1043
K1051
K1053
K1056
K1057
K1064
K1100
K1105
K1108
K1128
K1162
K1229
K1230
S0283
S0385
S0430
S0503
S0504
S0506
S0507
S0512
S0518
S0524
S0533
S0537
S0539
S0558
S0559
S0579
S0610
S0689
S0690
S0692
S0695
S0697
S0704
S0710
S0711
S0712
S0713
S0717
S0719
S0720
S0722
S0724
S0747
S0752
S0755
S0791
S0827
S0845
S0847
S0851
S0854
S0865
S0869
S0871
S0874
S0881
S0888
T0650
T0718
T0845
T0858
T1020
T1032
T1638
T1661
T1662
T1677
T1737
T1743
T1745
T1835
T1837
T1838
T1839
T1840
T1841
T1842
T1843
T1844
T1845
T1846
T1847
T1848
T1849
T1850
T1851
T1852
Multi-Disciplined Language Analysis (CI-WRL-005): Responsible for applying language and cultural
expertise with target, threat, and technical knowledge to process, analyze, and disseminate
intelligence information derived from lanugage, voice, and/or graphic materials. Creates and
maintains language-specific databases and working aids to support cyber action execution and
ensure critical knowledge sharing. Provides subject matter experise in foreign language-intensive or
interdisciplinary projects.

Knowledge of approved intelligence dissemination processes
Knowledge of target communication tools and techniques
Knowledge of intelligence collection systems and software
Knowledge of target cultural references
Knowledge of the collection process feedback cycle
Knowledge of language analysis principles and practices
Knowledge of Interactive On-Net (ION) operator roles and responsibilities
Knowledge of foreign languages and dialects
Knowledge of target communication network characteristics
Knowledge of target communications tools and techniques
Skill in transcribing target language communications
Skill in implementing network security
Skill in developing target communication profiles
Skill in developing transcripts
Skill in performing language processing tool analysis
Skill in developing target assessments
Skill in performing Open Source Intelligence (OSINT) research
Skill in identifying target network characteristics
Skill in translating languages
Skill in mapping networks
Skill in performing cultural analysis
Skill in performing language analysis
Skill in performing social network analysis
Identify foreign language terminology within computer programs (e.g., comments, variable names)
Advise managers and operators on language and cultural issues
Assess target motivation
Conduct all-source target research
Conduct quality reviews of transcribed or translated materials
Identify metadata patterns
Identify metadata anomalies
Identify metadata events
Identify foreign languages and dialects in initial source data
Develop language processing tools
Prepare social network analysis documents
Scan target graphic and audio language materials
Communicate critical or time-sensitive information
Transcribe target audio language materials
Translate target graphic language materials
Translate target audio language materials
OPM Code: 151

CYBERSPACE EFFECTS
(CE)
TKS Statement ID
K0018
K0375
K0480
K0635
K0636
K0637
K0656
K0657
K0674
K0675
K0676
K0677
K0678
K0679
K0680
K0681
K0682
K0683
K0684
K0688
K0689
K0695
K0697
K0698
K0701
K0702
K0703
K0712
K0713
K0718
K0738
K0744
K0751
K0752
K0759
K0770
K0773
K0775
K0786
K0787
K0792
K0806
K0810
K0812
K0815
K0837
K0858
K0915
K0923
K0925
K0926
K0942
K0953
K0970
K0971
K0975
K0983
K0988
K0991
K0992
K0993
K0998
K0999
K1000
K1001
K1014
K1015
K1023
K1024
K1032
K1049
K1055
K1069
K1085
K1088
K1102
K1103
S0182
S0208
S0221
S0252
S0378
S0442
S0472
S0473
S0491
S0497
S0506
S0508
S0509
S0519
S0523
S0531
S0532
S0558
S0559
S0579
S0586
S0599
S0650
S0673
S0690
S0694
S0700
S0701
S0704
S0705
S0706
S0710
S0711
S0715
S0723
S0724
S0735
S0738
S0741
S0743
S0744
S0745
S0746
S0754
S0757
S0758
S0778
S0779
S0791
S0803
S0837
S0854
T0796
T1020
T1034
T1035
T1039
T1040
T1041
T1575
T1576
T1577
T1633
T1663
T1664
T1665
T1666
T1668
T1669
T1670
T1671
T1672
T1673
T1674
T1676
T1691
T1692
T1709
T1734
T1747
T1759
T1760
T1774
T1781
T1784
T1803
T1829
T1830
Cyberspace Operations (CE-WRL-001): Responsible for gathering evidence on criminal or foreign
intelligence entities to mitigate and protect against possible or real-time threats. Conducts
collection, processing, and geolocation of systems to exploit, locate, and track targets. Performs
network navigation and tactical forensic analysis and executes on-net operations when directed.

Knowledge of wireless applications vulnerabilities
Knowledge of auditing policies and procedures
Knowledge of logging policies and procedures
Knowledge of software application vulnerabilities
Knowledge of active defense tools and techniques
Knowledge of Wireless Local Area Network (WLAN) tools and techniques
Knowledge of information management principles and practices
Knowledge of remote command line tools and techniques
Knowledge of Graphic User Interface (GUI) tools and techniques
Skill in analyzing target communications internals and externals collected from wireless LANs
Skill in managing enterprise-wide information
Skill in constructing networks
Skill in assessing security hardware and software
Skill in auditing network devices
Skill in installing patches
Skill in identifying patch signatures
Skill in testing tools for implementation
Skill in evaluating tools for implementation
Skill in verifying the integrity of files
Skill in performing partner analysis
Skill in executing computer scripts to automate tasks
Provide real-time actionable geolocation information
Prepare deconfliction report
Identify network artifacts from hardware and software options
Identify impact of network artifacts on exploitation
Identify target operational architecture vulnerabilities
Access wireless computer and digital networks
Process intelligence collection data
Exploit wireless computer and digital networks
Conduct network scouting
Analyze system vulnerabilities within a network
Conduct on-net activities
Exfiltrate data from deployed technologies
Conduct off-net activities
Exfiltrate data from automated technologies
Perform open source data collection
Survey computer and digital networks
Detect exploits against targeted networks and hosts
Counter exploits against targeted networks and hosts
Develop new techniques for accessing target systems
Exploit network devices and terminals
Identify system vulnerabilities within a network
Maintain situational awareness of organic operational infrastructure
Maintain functionality of organic operational infrastructure
Gain and maintain access to target systems
Degrade or remove data from networks and computers
Process exfiltrated data
Document information collection and environment activities
Test internally developed software
OPM Code: 321

CYBERSPACE EFFECTS
(CE)
TKS Statement ID
K0480
K0498
K0644
K0674
K0675
K0676
K0677
K0678
K0679
K0680
K0681
K0682
K0683
K0684
K0689
K0698
K0718
K0719
K0751
K0752
K0766
K0773
K0784
K0785
K0786
K0787
K0792
K0799
K0800
K0806
K0812
K0818
K0819
K0820
K0821
K0825
K0831
K0834
K0857
K0858
K0865
K0866
K0892
K0899
K0900
K0901
K0915
K0916
K0925
K0926
K0934
K0942
K0959
K0960
K0961
K0969
K0978
K0983
K0984
K0985
K0990
K0993
K1008
K1009
K1011
K1014
K1017
K1019
K1020
K1023
K1024
K1025
K1028
K1030
K1035
K1036
K1037
K1038
K1049
K1050
K1054
K1063
K1065
K1066
K1067
K1069
K1100
K1101
K1109
S0186
S0385
S0414
S0415
S0416
S0430
S0431
S0432
S0438
S0439
S0472
S0473
S0493
S0497
S0498
S0501
S0515
S0526
S0527
S0537
S0540
S0579
S0600
S0610
S0686
S0687
S0707
S0708
S0709
S0712
S0713
S0728
S0729
S0756
S0763
S0769
S0770
S0776
S0779
S0782
S0783
S0784
S0785
S0788
S0789
S0790
S0791
S0800
S0801
S0817
T0630
T0704
T0718
T0734
T0741
T0742
T1020
T1023
T1033
T1036
T1037
T1038
T1043
T1044
T1045
T1046
T1047
T1048
T1054
T1055
T1456
T1457
T1639
T1644
T1650
T1678
T1679
T1688
T1699
T1700
T1701
T1704
T1710
T1712
T1717
T1718
T1722
T1728
T1729
T1735
T1752
T1755
T1756
T1761
T1764
T1779
T1794
T1797
T1800
T1810
T1811
T1812
T1822
T1823
T1835
T1836
Cyber Operations Planning (CE-WRL-002): Responsible for developing cybersecurity operations
plans; participating in targeting selection, validation, and synchronization; and enabling integration
during the execution of cyber actions.

Knowledge of network operations principles and practices
Incorporate cyber operations and communications security support plans into organization
objectives
Maintain situational awareness of cyber-related intelligence requirements and associated tasking

Maintain situational awareness of partner capabilities and activities
Develop crisis plans
Maintain crisis plans
Integrate cyber operations guidance into broader planning activities
Prepare cyber operation strategy and planning documents
Advise stakeholders on administrative and logistical elements of operational support plans
Approve operational requirements for research, development, and acquisition of cyber capabilities
Prioritize operational requirements for research, development, and acquisition of cyber capabilities
Submit operational requirements for research, development, and acquisition of cyber capabilities
OPM Code: 332

CYBERSPACE EFFECTS
(CE)
TKS Statement ID
K0470
K0551
K0655
K0674
K0675
K0676
K0677
K0678
K0679
K0680
K0681
K0682
K0683
K0684
K0689
K0690
K0691
K0692
K0695
K0710
K0716
K0717
K0718
K0721
K0728
K0729
K0730
K0732
K0734
K0735
K0744
K0751
K0752
K0759
K0766
K0770
K0773
K0786
K0787
K0791
K0792
K0807
K0812
K0815
K0816
K0828
K0834
K0837
K0838
K0844
K0845
K0860
K0915
K0920
K0923
K0960
K0962
K0963
K0969
K0973
K0974
K0977
K0979
K0980
K0983
K0984
K0986
K0987
K1000
K1001
K1004
K1011
K1013
K1014
K1015
K1024
K1033
K1035
K1041
K1042
K1046
K1047
K1100
K1101
K1105
K1108
K1187
K1221
K1231
S0066
S0156
S0214
S0221
S0248
S0385
S0430
S0433
S0434
S0435
S0436
S0437
S0440
S0441
S0497
S0499
S0503
S0504
S0505
S0507
S0509
S0512
S0515
S0543
S0544
S0555
S0556
S0558
S0559
S0566
S0567
S0579
S0584
S0585
S0600
S0673
S0690
S0698
S0699
S0703
S0704
S0709
S0712
S0715
S0723
S0725
S0727
S0732
S0733
S0736
S0737
S0749
S0752
S0755
S0758
S0759
S0791
S0824
S0854
S0862
S0864
S0869
S0874
T0591
T0775
T1012
T1013
T1020
T1023
T1026
T1031
T1077
T1091
T1096
T1107
T1211
T1359
T1519
T1520
T1563
T1635
T1663
T1667
T1677
T1689
T1690
T1736
T1745
T1751
T1757
T1758
T1772
T1785
Exploitation Analysis (CE-WRL-003): Responsible for identifying access and intelligence collection
gaps that can be satisfied through cyber collection and/or preparation activities. Leverages all
authorized resources and analytic techniques to penetrate targeted networks.

Knowledge of Internet and routing protocols
Knowledge of intelligence collection development processes
Knowledge of midpoint collection principles and practices
Knowledge of scripting principles and practices
Knowledge of terminal collection
Knowledge of environmental collection
Knowledge of target requirements
Skill in evaluating accesses for intelligence value
Skill in creating intelligence collection requirements
Skill in creating plans in support of remote operations
Skill in depicting data on a network map
Skill in performing network visualization
Skill in performing data fusion
Skill in recognizing malicious network activity in traffic
Skill in interpreting malicious network activity in traffic
Skill in researching software vulnerabilities
Skill in researching software exploits
Skill in determining relevant information
Skill in performing geospatial analysis
Skill in performing intercept related information (IRI) analysis
Perform analysis for target infrastructure exploitation activities
Produce network reconstructions
Track targets
Access targeted networks
Conduct independent in-depth target and technical analysis
Communicate tool requirements to developers
Locate targets
Coordinate exploitation operations
Determine potential implications of new and emerging hardware and software technologies
Profile network administrators and their activities
OPM Code: 121

CYBERSPACE EFFECTS
(CE)
TKS Statement ID
K0018
K0480
K0551
K0655
K0658
K0674
K0675
K0676
K0677
K0678
K0679
K0680
K0681
K0682
K0683
K0684
K0689
K0690
K0697
K0718
K0719
K0751
K0752
K0766
K0773
K0786
K0787
K0788
K0789
K0790
K0792
K0806
K0812
K0818
K0825
K0831
K0844
K0845
K0857
K0858
K0865
K0866
K0892
K0915
K0916
K0925
K0926
K0934
K0960
K0968
K0969
K0983
K0984
K0986
K0987
K0989
K0990
K0994
K1002
K1005
K1007
K1008
K1009
K1010
K1011
K1014
K1023
K1025
K1028
K1035
K1042
K1049
K1059
K1063
K1066
K1067
K1068
K1069
K1100
K1101
K1106
K1107
K1109
K1197
S0111
S0194
S0385
S0430
S0433
S0434
S0435
S0436
S0438
S0443
S0444
S0446
S0472
S0473
S0494
S0503
S0504
S0505
S0506
S0509
S0511
S0512
S0514
S0515
S0516
S0517
S0535
S0537
S0540
S0555
S0556
S0579
S0600
S0633
S0673
S0686
S0693
S0702
S0704
S0709
S0712
S0713
S0718
S0719
S0724
S0728
S0731
S0739
S0748
S0751
S0756
S0765
S0777
S0779
S0791
S0801
S0847
S0869
S0876
T0611
T0624
T0684
T0685
T0686
T0707
T0718
T1020
T1022
T1030
T1033
T1035
T1046
T1047
T1053
T1054
T1055
T1638
T1640
T1641
T1642
T1643
T1644
T1645
T1646
T1647
T1648
T1651
T1652
T1661
T1686
T1707
T1762
T1763
T1765
T1766
T1767
T1768
T1770
T1772
T1775
T1776
T1792
T1793
T1795
T1835
Mission Assessment (CE-WRL-004): Responsible for developing assessment plans and performance
measures; conducting strategic and operational effectiveness assessments for cyber events;
determining whether systems perform as expected; and providing input to the determination of
operational effectiveness.

Conduct end-of-operations assessments
OPM Code: 112

CYBERSPACE EFFECTS
(CE)
TKS Statement ID
K0480
K0498
K0644
K0674
K0675
K0676
K0677
K0678
K0679
K0680
K0681
K0682
K0683
K0684
K0689
K0698
K0718
K0751
K0752
K0766
K0773
K0784
K0785
K0786
K0787
K0792
K0799
K0800
K0812
K0819
K0820
K0821
K0857
K0865
K0866
K0892
K0899
K0900
K0901
K0915
K0916
K0925
K0926
K0934
K0942
K0961
K0969
K0978
K0983
K0985
K0990
K0993
K1014
K1019
K1023
K1024
K1025
K1030
K1036
K1037
K1038
K1100
K1101
K1109
S0186
S0385
S0414
S0415
S0416
S0430
S0431
S0432
S0438
S0439
S0497
S0498
S0501
S0515
S0526
S0527
S0579
S0600
S0610
S0686
S0687
S0709
S0712
S0713
S0728
S0729
S0756
S0776
S0785
S0788
S0789
S0790
S0791
S0800
S0801
S0817
T0630
T0729
T0818
T1020
T1033
T1036
T1037
T1038
T1043
T1054
T1642
T1649
T1657
T1678
T1680
T1704
T1710
T1711
T1714
T1715
T1716
T1717
T1718
T1719
T1720
T1721
T1735
T1740
T1755
T1764
T1777
T1778
T1779
T1780
T1791
T1794
T1816
T1822
T1823
T1826
T1827
T1836
Partner Integration Planning (CE-WRL-005): Responsible for advancing cooperation across
organizaitonal or national borders betwen cyber operations partners. Provides guidance, resources,
and collaboration to develop best practices and facilitate organizational support for achieving
objectives in integrated cyber actions.

Inform external partners of the potential effects of new or revised policy and guidance on cyber
operations partnering activities
Serve as a liaison with external partners
Develop cyber operations staffing policies
Develop international cybersecurity strategies, policies, and activities to meet organizational
objectives
Develop partner planning strategies and processes
Develop operations strategies and processes
Develop capability development strategies and processes
Develop cybersecurity cooperation agreements with external partners
Maintain cybersecurity cooperation agreements with external partners
Assess cybersecurity cooperation agreements with external partners
Identify security cooperation priorities
Conduct policy reviews
Assess the consequences of endorsing or not endorsing policies
Develop external coordination policies
Recommend subject matter experts who can assist in the investigation of complex or unusual
situations
Synchronize intelligence engagement activities across partner organizations
Synchronize cybersecurity cooperation plans
OPM Code: 333

CYBERSPACE EFFECTS
(CE)
TKS Statement ID
K0018
K0480
K0551
K0655
K0658
K0674
K0675
K0676
K0677
K0678
K0679
K0680
K0681
K0682
K0683
K0684
K0689
K0697
K0716
K0717
K0718
K0719
K0732
K0751
K0752
K0766
K0773
K0786
K0787
K0792
K0812
K0815
K0818
K0825
K0831
K0844
K0845
K0857
K0860
K0891
K0915
K0916
K0925
K0926
K0960
K0962
K0963
K0968
K0969
K0983
K0984
K0986
K0987
K0989
K0990
K0994
K0995
K0996
K1002
K1003
K1005
K1006
K1008
K1009
K1010
K1011
K1012
K1014
K1017
K1019
K1023
K1028
K1035
K1040
K1042
K1049
K1059
K1064
K1066
K1067
K1068
K1100
K1101
K1104
K1106
K1107
K1109
K1167
K1232
S0111
S0194
S0208
S0248
S0375
S0385
S0430
S0433
S0434
S0435
S0436
S0438
S0443
S0444
S0494
S0497
S0503
S0504
S0505
S0506
S0509
S0511
S0512
S0514
S0515
S0534
S0535
S0537
S0566
S0567
S0600
S0610
S0673
S0693
S0696
S0702
S0704
S0709
S0712
S0713
S0714
S0718
S0719
S0728
S0740
S0744
S0748
S0750
S0751
S0756
S0777
S0779
S0780
S0791
S0801
S0802
S0847
S0866
S0869
S0876
T0624
T0650
T0684
T0707
T0717
T0718
T0744
T0769
T0776
T0778
T1020
T1030
T1032
T1035
T1042
T1053
T1054
T1055
T1084
T1085
T1118
T1119
T1489
T1629
T1638
T1642
T1648
T1653
T1654
T1661
T1683
T1697
T1707
T1754
T1782
T1789
T1790
T1796
T1801
T1814
T1824
T1825
T1835
Target Analysis (CE-WRL-006): Responsible for conducting target development at the system,
component, and entity levels. Builds and maintains electronic target folders to include inputs from
environment preparation and/or internal or external intelligence sources. Coordinates with partner
target working groups and intelligence community members, and presents candidate targets for
vetting and validation. Assesses and reports on damage resulting from the application of military
force and coordinates federal support as required.

Knowledge of dynamic targeting principles and practices
Knowledge of deliberate targeting principles and practices
Knowledge of intelligence cycle principles and practices
Knowledge of target estimated recovery times
Knowledge of information sanitization methods
Knowledge of targeting products
Skill in developing information requirements
Skill in developing target lists
Skill in assessing partner intelligence processes
Identify critical target elements
Maintain target lists (i.e., RTL, JTL, CTL, etc.)
Perform targeting automation activities
Produce target system analysis products
Prepare target analysis reports
Build electronic target folders
Maintain electronic target folders
Vet targets with partners
Prepare all-source intelligence targeting reports
Initiate requests to guide tasking
Develop website characterizations
Determine effectiveness of targeting activities
Protect information sources and methods
Identify cyber collateral damage
Document cyber collateral damage
OPM Code: 131

CYBERSPACE EFFECTS
(CE)
TKS Statement ID
K0480
K0551
K0655
K0658
K0674
K0675
K0676
K0677
K0678
K0679
K0680
K0681
K0682
K0683
K0684
K0689
K0698
K0710
K0716
K0717
K0718
K0732
K0751
K0752
K0766
K0773
K0786
K0787
K0791
K0792
K0812
K0844
K0845
K0857
K0860
K0915
K0916
K0925
K0926
K0942
K0960
K0962
K0963
K0969
K0977
K0979
K0980
K0983
K0984
K0986
K0987
K0990
K0994
K1003
K1004
K1010
K1011
K1012
K1014
K1019
K1028
K1041
K1042
K1043
K1051
K1059
K1064
K1100
K1101
K1104
K1116
K1128
K1174
S0111
S0177
S0194
S0208
S0248
S0385
S0430
S0433
S0434
S0435
S0436
S0438
S0443
S0444
S0497
S0499
S0503
S0504
S0505
S0506
S0507
S0509
S0511
S0512
S0515
S0521
S0522
S0536
S0537
S0558
S0559
S0566
S0567
S0579
S0600
S0610
S0673
S0688
S0690
S0696
S0697
S0702
S0704
S0709
S0712
S0714
S0716
S0718
S0719
S0724
S0726
S0734
S0740
S0743
S0744
S0750
S0753
S0777
S0779
S0780
S0791
S0847
S0854
S0866
S0869
S0871
S0876
S0888
T0624
T0650
T0707
T0718
T0778
T1020
T1032
T1053
T1055
T1084
T1085
T1118
T1119
T1489
T1638
T1642
T1655
T1661
T1662
T1675
T1677
T1698
T1732
T1737
T1743
T1745
T1801
T1802
T1806
T1835
T1840
Target Network Analysis (CE-WRL-007): Responsible for conducting advanced analysis of collection
and open-source data to ensure target continuity; profiling targets and their activities; and
developing techniques to gain target information. Determines how targets communicate, move,
operate, and live based on knowledge of target technologies, digital networks, and applications.

Knowledge of classification guidelines
Knowledge of network components
Skill in integrating information
Skill in summarizing information
Skill in applying target templates
Skill in identifying target communications networks
Skill in performing data normalization
Skill in identifying technical information
Skill in reconstructing target networks
Classify documents
Determine validity and relevance of information gathered about networks
Determine effectiveness of network analysis strategies
Prepare network reports
Research communications trends in emerging technologies
OPM Code: 132


NICE Framework Components v1.0.0

Uploaded by

Copyright:

Available Formats

You might also like

NICE Framework Components v1.0.0

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

NICE Framework Components v1.0.0

Uploaded by

Copyright:

Available Formats

NICE Framework Components Version 1.0.

Responsible for conducting independent comprehensive assessments of management, operational,

Responsible for operating an information system at an acceptable level of risk to organizational

Responsible for setting up and maintaining a system or specific components of a system in

Responsible for collecting, processing, analyzing, and disseminating cybersecurity threat

Responsible for identifying intelligence collection authorities and environment; incorporating

Maintain situational awareness of cyber-related intelligence requirements and associated tasking

Synchronize operational assessment procedures and critical information requirement processes

Determine impact of noncompliance on effectiveness of the enterprise's cybersecurity program

Determine if acquisitions, procurement, and outsourcing efforts address cybersecurity requirements

Artificial Intelligence (AI)

Operating Systems (OS)

Operational Technology (OT)

Supply Chain Security

This Competency Area describes a learner’s capabilities to integrate security as a shared

TKS Statement Description

Click to view TKS Statements

TKS Statement Description

Click to view TKS Statements

TKS Statement Description

Click to view TKS Statements

TKS Statement Description

Click to view TKS Statements

TKS Statement Description

Click to view TKS Statements

TKS Statement Description

Click to view TKS Statements

TKS Statement Description

Click to view TKS Statements

TKS Statement Description

Determine impact of noncompliance on effectiveness of the enterprise's cybersecurity program

Click to view TKS Statements

TKS Statement Description

Determine if acquisitions, procurement, and outsourcing efforts address cybersecurity requirements

Click to view TKS Statements

TKS Statement Description

Determine if acquisitions, procurement, and outsourcing efforts address cybersecurity requirements

Click to view TKS Statements

TKS Statement Description

Determine if acquisitions, procurement, and outsourcing efforts address cybersecurity requirements

Click to view TKS Statements

TKS Statement Description

Determine if acquisitions, procurement, and outsourcing efforts address cybersecurity requirements

Click to view TKS Statements

TKS Statement Description

Click to view TKS Statements

TKS Statement Description

Determine impact of noncompliance on effectiveness of the enterprise's cybersecurity program

Determine if acquisitions, procurement, and outsourcing efforts address cybersecurity requirements

Click to view TKS Statements

TKS Statement Description

Click to view TKS Statements

TKS Statement Description

Click to view TKS Statements

TKS Statement Description

Click to view TKS Statements

TKS Statement Description

Click to view TKS Statements

TKS Statement Description