NICE Framework Revisions

Credit: NICE

To remain effective now and in the future, the NICE Framework components — Task, Knowledge, and Skill (TKS) statements; Work Roles and Work Role Categories; and Competency Areas — will be regularly reviewed and adjusted to respond to and anticipate changing needs of the cybersecurity workforce and in support of the Framework's core attributes of agility, flexibility, modularity, and interoperability. These changes are driven by new and evolving technologies, threats, and approaches to securing organizations and the Nation.

The following provides an overview of the NICE Framework versioning and release process. This excerpted information is also available in the PDF document, “NICE Framework Component Updates: Releases and Versioning.”

• Learn about making Change Requests

• NICE Framework Versions Change Log and Version History

• Current NICE Framework Version

Update Types, Frequency, and Versioning

Updates may be identified internally by NICE Program Office staff or may be proposed by private and public stakeholders, including government, industry, academia, learners, and others at any time (see Change Requests). The NICE Program Office will work to achieve consensus on the public and private sector input, balancing the need for both periodic updates based upon emerging needs and the desirability for a stable framework.

Update Types

Updates to NICE Framework components fall into three categories:

• Major Updates: A major update is “A revision of a specification that breaks backward compatibility with the previous revision of the specification in numerous significant ways.” Systems and tools that use NICE Framework components could be significantly impacted.
• Minor Updates: A minor update is defined as “A revision of a specification that may add or enhance functionality, fix bugs, and make other changes from the previous revision, but the changes have minimal impact, if any, on backward compatibility.” 
• Administrative Updates: Errata changes and minor corrections that do not alter the intent of the original. 

Frequency of Releases

It is essential that NICE Framework components be regularly reviewed and updated when necessary to reflect employer needs and address changes to the cybersecurity work that learners need to be prepared for. However, it is equally essential that these changes be released in a planned and coordinated fashion so that the community that depends on and leverages the NICE Framework is aware of upcoming releases. NICE Framework releases will include all NICE Framework components. For example: A new Task statement is being added to the NICE Framework. The release that includes this new statement will comprise all the components, including the statement itself. 

Releases of NICE Framework updates will be made according to the following planned schedule:

• Major Releases: A major release of NICE Framework components will occur no more frequently than once annually. 
• Minor Releases: A minor release of the NICE Framework components will occur no more frequently than twice annually. 
• Administrative Releases: An errata release of the NICE Framework components may occur at any time and without formal notice. 

Note that both major and minor proposed updates will continue to be shared for public comment prior to finalization. The public comment period allows the NICE community to provide feedback on drafts and for the NICE Program office to incorporate changes and consider the validity of proposed drafts prior to release based on comments received.

Version Identifiers

In order to distinguish between various releases, the following versioning identifier system will be adopted: 

Examples

Using 0.0.0 as a starting point, the version will change as follows for the various release types:

• Major Release: 0.0.0 -> 1.0.0
• Minor Release: 0.1.0 -> 0.2.0
• Administrative Release: 0.0.1 -> 0.0.2

These can be combined, as well. For example, following a first major release (1.0.0) there may be several minor releases (1.3.0), then followed by an administrative release (1.3.1). If a major release then followed, that would then reset the second and third place numbers (2.0.0). 

There may be times when components to be included in a minor release may be made available as a pre-release for use by those who are interested in adopting the content prior to the final release. For instance, if a new Work Role is developed, made available for public comment, and then updated based on feedback, that final update may be shared as a pre-release. That way if a second new Work Role or Competency Area is also being readied, the first item may be used while the second is still in development. Then when both are ready they can be packaged together in the minor release.