NICE Framework History

The concept for the NICE Framework began before the establishment of NICE in 2010 and grew out of the recognition that the cybersecurity workforce had not been defined and assessed. In 2007, the Department of Homeland Security formed the IT Security Essential Body of Knowledge (EBK): A Competency and Functional Framework for IT Security Workforce Development. The EBK sought to establish a national baseline representing the essential knowledge and skills that IT security practitioners should possess. The Federal Chief Information Officers (CIO) Council took on the task in 2008 to build on this and provide a standard framework to understand the cybersecurity roles within the federal government. The first version was posted in September 2012.

A subsequent U.S. government-wide review noted specific areas to be further examined and refined. The Department of Homeland Security (DHS) gathered input and validated final recommendations via focus groups with subject matter experts from around the country and across industry, academia, and government resulting in a second version of the NICE Framework, version 2.0, shared publicly in 2014.

The Office of the Secretary of Defense (OSD) expanded on version 2.0 through internal engagements with service components and external engagements with the private sector. The DHS and NIST co-authors worked with OSD to refine their expansion to become the third version of the NICE Framework published as NIST Special Publication 800-181 in August 2017. This first version of NIST Special Publication 800-181 aimed to emphasize private sector applicability and to reinforce the vision that the NICE Framework is a reference resource for both the public and private sectors.

NICE convened a Core Authoring Team that included representatives from numerous departments and agencies in the United States federal government to begin revisions to the NICE Framework in November 2019. This team received responses from a Request for Comments and updated the NICE Framework to improve agility, flexibility, interoperability, and modularity. The draft revision was made available for public comments and adjusted accordingly. The fourth and current version of the NICE Framework was published as NIST Special Publication 800-181 revision 1, the Workforce Framework for Cybersecurity in November 2020. 

Earlier Versions of the NICE Framework

The Workforce Framework for Cybersecurity (NICE Framework), NIST Special Publication 800-181 revision 1, is a national focused resource that categorizes and describes cybersecurity work.

• NIST Special Publication 800-181, the NICE Cybersecurity Workforce Framework (August 2017)
• NICE Framework Specialty Areas Over Time Spreadsheet (January 2018)
• NICE Framework 2.0 Spreadsheet (April 2014)
• NSA DHS CAE Knowledge Unit (KU Mapping to the NICE Framework 2.0)
• NICE Framework 1.0 - Interactive PDF (April 2013)
• NICE Framework 1.0 Development Process (September 2012)
• OPM Federal Cybersecurity Coding Structure 

Development Process