Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Getting Started with the NICE Framework

The Workforce Framework for Cybersecurity (NICE Framework) (NIST SP 800-181 rev. 1) establishes a standard approach and common language for describing cybersecurity work and learner capabilities. The NICE Framework seeks to improve communication among stakeholders throughout the cybersecurity ecosystem about how to identify, recruit, develop, and retain talent.

The NICE Framework is organized around the core building blocks of Task, Knowledge, and Skill (TKS) statements. Consistent use of the NICE Framework’s building blocks enables communication at a peer level, sector level, state level, national level, or international level, which can drive innovative solutions to common challenges, lower barriers to entry for new organizations and individuals, and facilitate workforce mobility. TKS Statements are then used to develop Work Roles and Competency Areas. These components are separately maintained to provide for an agile updating process. 


The NICE Framework provides a way to describe cybersecurity work through Task statements that define the work to be done and Knowledge and Skill statements that define what learners (i.e., students, job seekers, and employees) must know and be able to do to complete that work (see Figure 1). It uses these statements to build Competency Areas and Work Roles that can be used by organizations and individuals alike.

Task: An activity that is directed toward the achievement of organizational objectives

Knowledge: A retrievable set of concepts within memory

Skill: The capacity to perform an observable action

Task, Knowledge, and Skills (TKS) Statements Figure 1 Image
Figure 1: Relationship Between Task, Knowledge, and Skill (TKS) Statements
Credit: NICE Program Office

A complete list of the NICE Framework Task, Knowledge, and Skills can be found in the Reference Spreadsheet as well as in various NICE Framework tools.

A Competency Area is a cluster of related Knowledge and Skill statements that correlates with one’s capability to perform Tasks in a particular domain. Competency Areas can help learners discover areas of interest, inform career planning and development, identify gaps for knowledge and skills development, and provide a means of assessing or demonstrating a learner’s capabilities in the domain.

Competency Area: A cluster of related Knowledge and Skill statements that correlates with one’s capability to perform Tasks in a particular domain. 

Competency Areas Can Be:

  • Additive to one or more Work Roles
  • Span multiple Work Roles
  • Represent emerging domains

Competency Areas Are Not:

  • Redundant or Duplicative of Work Roles

Competency Areas provide the NICE Framework with a way to extend into areas that cannot be adequately represented as a Work Role. They may be used in conjunction with Work Roles or independently.  Learner capability in a particular Competency Area can be improved through education, training, or other learning experiences. Competency Areas offer an opportunity to increase alignment and coordination between employers, learners, and education, training, and certification providers.

NIST Interagency or Internal Report (NISTIR) 8355, NICE Framework Competency Areas: Preparing a Job-Ready Cybersecurity Workforce (June 2023), provides details on NICE Framework Competency Areas, including their evolution, development, and example uses from various stakeholder perspectives. Competency Areas are available in NICE Framework components v. 1.0.0; these areas currently consist of titles and descriptions only. Development of statements for each area will be conducted with input from the community; if you are interested in supporting this development, please contact us at NICEFramework [at] (NICEFramework[at]nist[dot]gov).

NICE Framework Work Role Categories
Credit: NICE Program Office

A Work Role is a grouping of work for which an individual or team is responsible or accountable. Work Roles are composed of Tasks that correlate to Knowledge and Skill statements. Work Roles are not synonymous with jobs or position titles, and a single job may consist of one or more Work Roles. They are used in career exploration, education and training, hiring and career development. Assessment for Work Roles typically occurs at the Task level. There are currently 52 NICE Framework Work Roles grouped into seven broad Work Role Categories (see Table 1).

Work Role: A grouping of work for which an individual or team is responsible or accountable.

Table 1: NICE Framework Work Role Categories

Work Role CategoryDescriptionNumber of Work Roles

Oversight and Governance (OG)

Provides leadership, management, direction, and advocacy so the organization may effectively manage cybersecurity-related risks to the enterprise and conduct cybersecurity work. 



Design and Development (DD)

Conducts research, conceptualizes, designs, develops, and tests secure technology systems, including on perimeter and cloud-based networks. 


Implementation and Operation (IO)

Provides implementation, administration, configuration, operation, and maintenance to ensure effective and efficient technology system performance and security.


Protection and Defense (PD)

Protects against, identifies, and analyzes risks to technology systems or networks. Includes investigation of cybersecurity events or crimes related to technology systems and networks.


Investigation (IN)

Conducts national cybersecurity and cybercrime investigations, including the collection, management, and analysis of digital evidence.


Cyberspace Intelligence (CI)

Performs highly specialized review and evaluation of incoming cybersecurity information to determine its usefulness for national intelligence. 


Cyberspace Effects (CE)

Plans, supports, and executes cybersecurity for cyberspace capabilities where the primary purpose is to externally defend or conduct force projection in or through cyberspace.


The NICE Framework Components spreadsheet contains the full list of Work Roles as well as identifies the Task, Knowledge, and Skill statements associated with each role.

Work Roles and Competency Areas can both be used to build teams. A Work Role-centered approach to building teams allows organizations to define what types of roles are needed to achieve defined objectives. Teams built with this “top down” approach begin with the identification of the work that needs to be accomplished. A Competency Area-centered approach to building teams recognizes that individual Tasks may be unknown, but the Competency Areas needed to solve a challenge are known. This approach may be considered “bottom up.” Teams built this way can help identify learners who may participate in the Team’s work in the future.

NICE Framework Teams Image

The NICE Framework provides a common language to describe the cybersecurity workforce that can improve communication and align expectations among employers, learners, and education and training providers. 

  • Employers: Conduct workforce assessments and identify staffing gaps; craft more accurate position descriptions and improve recruitment; manage employee performance and establish strategic workforce development initiatives; provide staff training and career development pathways 
  • Universities and Colleges: Develop and align course content; perform knowledge and skills assessments that reflect employer needs; conduct workforce research.
  • K12 Educators: Familiarize students with cybersecurity concepts; help students explore cybersecurity work and chart paths for future learning; develop K12 cybersecurity-specific course content.
  • Training and Certification Providers: Map programs and assessments to a national standard that reflects current marketplace demand; help current and future members of the workforce gain and demonstrate in-demand capabilities. 
  • Students, Job Seekers, and Employees: Explore Work Roles and their associated knowledge and skills; chart pathways for future learning and career advancement.
  • Cybersecurity Workforce Service  Providers: Integrate the NICE Framework into  products and services being developed and supplied.

Detailed examples of how the NICE Framework has been used can be found in our Success Story Catalog in the NICE Framework Resource Center. To explore more about how you might use the NICE Framework, join the NICE Framework Users Group

Created February 27, 2023, Updated March 5, 2024