Official websites use .gov
A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS
A lock (
) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
NICE Framework History and Change Logs
NICE Framework History | NICE Framework Change Logs
The Workforce Framework for Cybersecurity (NICE Framework) was first published as a NIST Special Publication in 2017. But development of what was to become the NICE Framework began a decade earlier. This page shares not only about the history of the NICE Framework but also includes Change Logs that track the ongoing evolution of this resource.
NICE Framework History
- 2007: The concept for the NICE Framework grew out of a need to define and assess the federal cybersecurity workforce. In 2007, the Department of Homeland Security forms the IT Security Essential Body of Knowledge (EBK): A Competency and Functional Framework for IT Security Workforce Development. The EBK seeks to establish a national baseline representing the essential knowledge and skills that IT security practitioners should possess.
- 2008: The Federal Chief Information Officers (CIO) Council takes on the task to build on the DHS EBK and provide a standard framework to understand the cybersecurity roles within the federal government.
- 2009: In May 2009, the Comprehensive National Cybersecurity Initiative, originally aimed at making the federal workforce better prepared to handle cybersecurity challenges, expands to include the private sector workforce via Initiative #8. Expand cyber education.
- 2012: The first version of the Federal CIO Council cybersecurity workforce framework is posted in September 2012. A subsequent U.S. government-wide review notes specific areas to be further examined and refined. The Department of Homeland Security (DHS) begins work to gather input and subsequently validate final recommendations via focus groups with subject matter experts from around the country and across industry, academia, and government.
- 2014: The Cybersecurity Enhancement Act of 2014 Title IV establishes the “National cybersecurity awareness and education program” to be led by NIST, thus formally establishing the NICE Program Office. This same year the DHS efforts to update the earlier Federal CIO Council framework result in a second public version of the NICE Framework, version 2.0.
- 2017: Following release of version 2.0, the Office of the Secretary of Defense (OSD) expands on the document through internal engagements with service components and external engagements with the private sector. DHS and NIST co-authors work with OSD to refine their expansion, resulting in the third version of the NICE Framework, formally published for the first time as NIST Special Publication 800-181 in August 2017. This first version of NIST Special Publication 800-181, the National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework, emphasizes private sector applicability and reinforces the vision of the NICE Framework as a reference resource for both public and private sectors.
- 2019: NICE convenes a Core Authoring Team that includes representatives from numerous departments and agencies in the United States Federal Government to begin revisions to the NICE Framework in November 2019. This team receives responses from a Request for Comments and updates the NICE Framework to improve agility, flexibility, interoperability, and modularity.
- 2020: The draft revision to the NICE Framework is made available for public comments and adjusted accordingly. The fourth and current version of the NICE Framework is published as NIST Special Publication 800-181 revision 1, the Workforce Framework for Cybersecurity (NICE Framework), in November 2020.
Additional Links
- NICE Framework Specialty Areas Over Time Spreadsheet (January 2018)
- NICE Framework 2.0 Spreadsheet (April 2014)
- NICE Framework 1.0 - Interactive PDF (April 2013)
- NICE Framework 1.0 Development Process (September 2012)
NICE Framework CHange LOgs
The NICE Program Office maintains an ongoing record of implemented changes to the Workforce Framework for Cybersecurity (NICE Framework) primary publications (NIST Special Publication 800-181 and NIST IR 8355) and association Components: Work Role Categories, Work Roles, Competency Areas, and Task, Knowledge, and Skill (TKS) statements.
See also NICE Framework Latest Updates for information about drafts and calls for comments
Visit the NICE Framework Revisions webpage for details on versioning and release processes
Have a change to request? Find out more on the Change Request FAQ.
- See also the NICE Framework Current Versions webpage
NICE Framework Components Change Log
Version | Date | Components | Changes |
1.0.0 | 5 March 2024 | All | First major revision of NICE Framework Components. Updates were made to align to 800-181 rev. 1 and the TKS Authoring Guide, and include the following updates:
The US Office of Personnel Management (OPM) plans to provide information about alignment of the March 2024 NICE Framework revisions to the original OPM cyber-position codes shortly. |
2017 (2017 components made available as a separate release – no version identifier) | November 2020 | All | First release of NICE Framework components as a separate spreadsheet. This release was made available in conjunction with the 800-181 revision 1, but the components represented here are from the original 2017 publication. |
NICE Framework Publications Change Log
Version | Date | Publication | Change(s) |
| 2023 | June 2023 | NISTIR 8355 | First publication of NIST IR 8355, NICE Framework Competency Areas: Preparing a Job-Ready Cybersecurity Workforce |
| Revision 1 | November 2020 | SP 800-181 |
|
| 2017 | August 2017 | SP 800-181 | First publication of NIST Special Publication 800-181, National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework |
Contacts
FOR FURTHER INFORMATION OR QUESTIONS ABOUT THE NICE FRAMEWORK
-
NICE Framework Program Office