NIST Special Publication 800-181 revision 1, the Workforce Framework for Cybersecurity (NICE Framework), provides a set of building blocks for describing the tasks, knowledge, and skills that are needed to perform cybersecurity work performed by individuals and teams. The NICE Framework is intended to be applied in the public, private, and academic sectors.
The main building blocks of the NICE Framework are:
Tasks - an activity that is directed toward the achievement of organizational objectives
Knowledge - a retrievable set of concepts within memory
Skills - the capacity to perform an observable action
The NICE Framework can be used via:
Competencies - a mechanism for organizations to assess learners
Work Roles - a way of describing a grouping of work for which someone is responsible or accountable
Teams - groups formed to collectively tackle complex challenges by bringing together individuals with complementary skills and experience
Employers, to help assess their cybersecurity workforce, identify critical gaps in cybersecurity staffing, and improve position descriptions;
Current and future cybersecurity workers, to help explore Tasks and Work Roles and assist with understanding the Knowledge and Skills that are being valued by employers for in-demand cybersecurity jobs and positions. The NICE Framework also enables staffing specialists and guidance counselors to use the NICE Framework as a resource to support these employees or job seekers;
Training and certification providers seeking to help current and future members of the cybersecurity workforce gain and demonstrate their Knowledge and Skills;
Education providers who use the NICE Framework as a reference to develop curriculum, courses, seminars, and research that cover the Tasks, Knowledge, and Skills described; and
Technology providers who can identify cybersecurity Work Roles and specific Tasks, Knowledge, and Skills associated with the services and hardware/software products they supply.