Official websites use .gov
A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS
A lock (
) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
Getting Started with the NICE Framework
The NICE Workforce Framework for Cybersecurity (NICE Framework) establishes a standard approach and common language for describing cybersecurity work and learner capabilities. It was published as NIST Special Publication (SP) 800-181 in 2017, and the first revision was released in 2020. As a common lexicon, the NICE Framework seeks to improve communication among stakeholders throughout the cybersecurity ecosystem about how to identify, recruit, develop, and retain talent.
The NICE Framework is organized around the core building blocks of Task, Knowledge, and Skill (TKS) statements. This building-blocks approach recognizes that all organizations execute both common tasks and context-unique tasks that require knowledge and skills to complete. Consistent use of the NICE Framework’s building blocks enables communication at a peer level, sector level, state level, national level, or international level, which can drive innovative solutions to common challenges, lower barriers to entry for new organizations and individuals, and facilitate workforce mobility.
The NICE Framework data – i.e., Work Roles, Competency Areas, and Task, Knowledge, and Skill (TKS) statements – is maintained in a reference spreadsheet separate from the framework document to provide for an agile updating process. Data from the 2017 version of the NICE Framework is available for download in JSON format. This format allows users to easily incorporate the data into web applications or other automated tools to deliver innovative solutions. Although the NICE Framework was updated in 2020, the 2017 version of the data is still the most current. Learn more here.
The NICE Framework and numerous related resources are available in the NICE Framework Resource Center: www.nist.gov/nice/framework.
The NICE Framework provides a way to describe cybersecurity work through Task statements that define the work to be done and Knowledge and Skill statements that define what learners (i.e., students, job seekers, and employees) must know and be able to do to complete that work (see Figure 1). It uses these statements to build Competency Areas and Work Roles that can be used by organizations and individuals alike.
Task: An activity that is directed toward the achievement of organizational objectives
Knowledge: A retrievable set of concepts within memory
Skill: The capacity to perform an observable action
A complete list of the NICE Framework Task, Knowledge, and Skills can be found in the Reference Spreadsheet as well as in various NICE Framework tools.
A Competency Area is a cluster of related Knowledge and Skill statements that correlates with one’s capability to perform Tasks in a particular domain. Competency Areas can help learners discover areas of interest, inform career planning and development, identify gaps for knowledge and skills development, and provide a means of assessing or demonstrating a learner’s capabilities in the domain.
Competency Areas Can Be:
- Additive to one or more Work Roles
- Span multiple Work Roles
- Represent emerging domains
Competency Areas consist of a name, description of the area, and group of associated TKS statements. Learner capability in a particular Competency Area can be improved through education, training, or other learning experiences. Competency Areas offer an opportunity to increase alignment and coordination between employers, learners, and education, training, and certification providers.
NICE is in the process of preparing a final version of the NIST Interagency or Internal Report (NISTIR) 8355, NICE Framework Competency Areas: Preparing a Job-Ready Workforce for publication, as well as an updated list of Competency Areas for public comment. Learn more.
A Work Role is a grouping of work for which an individual or team is responsible or accountable. Work Roles are composed of Tasks that correlate to Knowledge and Skill statements. Work Roles are not synonymous with jobs or position titles, and a single job may consist of one or more Work Role. They are frequently used when defining positions and responsibilities, and assessment for Work Roles typically occurs at the Task level. There are currently 52 NICE Framework Work Roles grouped into seven broad Categories (see Table 1).
Table 1: NICE Framework Work Role Categories
| Category | Description | Number of Work Roles |
|---|---|---|
| Securely Provision (SP) | Conceptualizes, designs, procures, and/or builds secure information technology (IT) systems, with responsibility for aspects of system and/or network development. | 11 |
| Operate and Maintain (OM) | Provides the support, administration, and maintenance necessary to ensure effective and efficient information technology (IT) system performance and security. | 7 |
| Oversee and Govern (OV) | Provides leadership, management, direction, or development and advocacy so the organization may effectively conduct cybersecurity work. | 14 |
| Protect and Defend (PR) | Identifies, analyzes, and mitigates threats to internal information technology (IT) systems and/or networks. | 4 |
| Investigate (IN) | Investigates cybersecurity events or crimes related to information technology (IT) systems, networks, and digital evidence. | 3 |
| Analyze (AN) | Performs highly-specialized review and evaluation of incoming cybersecurity information to determine its usefulness for intelligence | 7 |
| Collect and Operate (CO) | Provides specialized denial and deception operations and collection of cybersecurity information that may be used to develop intelligence. | 6 |
Work Roles and Competency Areas can both be used to identify teams. A Work Role-centered approach to building teams allows organizations to define what types of roles are needed to achieve defined objectives. Teams built with this “top down” approach begin with the identification of the work that needs to be accomplished. A Competency Area-centered approach to building teams recognizes that individual Tasks may be unknown, but the Competency Areas needed to solve a challenge are known. This approach may be considered “bottom up.” Teams built this way can help identify learners who may participate in the Team’s work in the future.
By describing information about defined areas of cybersecurity work, the NICE Framework provides a common language that can improve communication and align expectations among employers, learners, and education and training providers. A few common use cases are described here, and detailed examples can be found in our Success Story Catalog in the NICE Framework Resource Center.
- Employers: Conduct workforce assessments and identify staffing gaps; craft more accurate position descriptions and improve recruitment; manage employee performance and establish strategic workforce development initiatives.
- Universities and Colleges: Develop course content as well as knowledge and skills assessments that reflect employer needs; develop research projects using a common lexicon.
- K-12 Educators: Familiarize students with cybersecurity concepts; help students explore cybersecurity work and chart paths for future learning; develop K12 cybersecurity-specific course content.
- Training and Certification Providers: Map programs and assessments to a national standard that reflects current marketplace demand; help current and future members of the workforce gain and demonstrate in-demand capabilities.
- Students, Job Seekers, and Employees: Explore Work Roles and their associated knowledge and skills; chart pathways for future learning and career advancement.
- Technology Providers: Identify the Work Roles and related tasks, knowledge, and skills that are associated with the products and services being developed and supplied.
More Resources: