The NICE Framework, NIST Special Publication (SP) 800-181 revision 1, is a national-focused resource that categorizes and describes cybersecurity work. Visit the NICE Framework website to learn more about it and discover some tools and resources for implementing and using it.
The NICE Framework was published as NIST Special Publication 800-181 revision 1 in November of 2020. However, the document is intended to be a “living document” and will reviewed and updated periodically. NICE Framework Supplemental Material will also be updated periodically.
No, the NICE Framework as presented by NIST is presently published as a pdf document and an associated reference spreadsheet. A handful of organizations have independently built databases of the NICE Framework as well which are noted as resources for the NICE Framework.
No, the intention is that the NICE Framework be used as a dictionary to describe cybersecurity work and only portions of it may be used depending on size and scope of an organization. It is meant to be broad enough to apply to multiple sectors and is void of reference to specific tools and products.
In exploring the NICE Framework, you may not find that one work role that describes the cybersecurity work you perform. Your work may be defined by Knowledge, Skills, and Tasks from several work roles. If you would like to request a modification to the NICE Framework, follow the guidance in the change request process.
Competencies are re-introduced to the NICE Framework with 800-181 revision 1. A list of Competencies are being developed and will be provided as draft supplemental material in early 2021. While the NICE Framework does not include measurement of proficiencies, there are supplemental resources that do. Draft NISTIR 8193, NICE Framework Work Role Capability Indicators: Indicators for Performing Work Roles, documents the opinions of Federal subject matter experts regarding education, certification, training, experiential learning, and continuous learning that could signal an increased ability to perform a given NICE Framework work role.
The NICE Framework is a living document that will be updated via revision updates periodically. NICE will consider recommendations (change requests) for expansion, update/correction, withdrawal, or integration of NICE Framework components via the process described on the NICE Framework Revisions web page for input.
The Cybersecurity Framework or Framework for Improving Critical Infrastructure Cybersecurity (currently version 1.1) is a voluntary framework consisting of standards, guidelines, and best practices to manage cybersecurity-related risk [the how and what of cybersecurity]. The NICE Framework (see question above) is a reference resource that describes and categorizes roles and functions [the who of cybersecurity]. Read more about connections between these two frameworks in an article featured in the NICE enewsletter or Appendix D of NIST SP 800-181.