The NICE Framework defines a structure that is used for describing cybersecurity work. The following terms are defined in that context to better help you understand the framework and how it can be applied. For a complete glossary of terminology used in NIST’s cybersecurity and privacy standards and guidelines, please visit https://csrc.nist.gov/glossary.
> Do you have a suggestion for a new term to add here? Let us know at NICEFramework [at] nist.gov (NICEFramework[at]nist[dot]gov)
Capability
A person’s potential to accomplish something.
Competency Area
A cluster of related Knowledge and Skill statements that correlates with one’s capability to perform Tasks in a particular domain. Competency Areas can help learners discover areas of interest, inform career planning and development, identify gaps for knowledge and skills development, and provide a means of assessing or demonstrating a learner’s capabilities in the domain.
Cybersecurity Workforce
Individuals whose primary focus is on cybersecurity as well as those in the workforce who need specific cybersecurity-related knowledge and skills to perform their work in a way that enables organizations to properly manage cybersecurity-related risks to the enterprise.
Job
A job is a specific instance of employment—in other words, a set of responsibilities based on work roles within an occupation as defined by an employer. A single job may be responsible for one or more Work Role or for only a portion of a role. See also: Occupations, Jobs, and Work Roles
Knowledge
A retrievable set of concepts within memory.
Knowledge Statement
A statement that defines what an individual or team needs to know in order to complete a task.
Learners
Individuals who perform cybersecurity work, including students, job seekers, and employees.
Occupation
A category of jobs that are similar with respect to the work performed and the skills possessed by workers. See also: Occupations, Jobs, and Work Roles
Skill
The capacity to perform an observable action.
Skill Statement
A statement that defines what an individual or team needs to be able to do in order to complete a task.
Task
An activity that is directed toward the achievement of organizational objectives.
Task Statement
A statement that defines work that an individual or team is responsible for; a group of related Task statements can be used to form a Work Role.
TKS Statements
Task, Knowledge, and Skill (TKS) statements; these statements are the building blocks of the NICE Framework. Task statements define the work to be done and Knowledge and Skill statements define what learners (i.e., students, job seekers, and employees) must know and be able to do to complete that work. It uses these statements to build Competency Areas and Work Roles that can be used by organizations and individuals alike. See also: Getting Started with the NICE Framework
Work Role
A grouping of work for which an individual or team is responsible or accountable. See also: Occupations, Jobs, and Work Roles
Work Role Category
Work Role Categories group the NICE Framework Work Roles into common major functions, regardless of job titles or other occupational terms. These are used to broadly describe the variety and interdisciplinarity of cybersecurity work.