Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

NICE Framework History and Change Logs

NICE Framework History | NICE Framework Change Logs

The Workforce Framework for Cybersecurity (NICE Framework) was first published as a NIST Special Publication in 2017. But development of what was to become the NICE Framework began a decade earlier. This page shares not only about the history of the NICE Framework but also includes Change Logs that track the ongoing evolution of this resource.

NICE Framework History

  • 2007: The concept for the NICE Framework grew out of a need to define and assess the federal cybersecurity workforce. In 2007, the Department of Homeland Security forms the IT Security Essential Body of Knowledge (EBK): A Competency and Functional Framework for IT Security Workforce Development. The EBK seeks to establish a national baseline representing the essential knowledge and skills that IT security practitioners should possess. 
  • 2008: The Federal Chief Information Officers (CIO) Council takes on the task to build on the DHS EBK and provide a standard framework to understand the cybersecurity roles within the federal government. 
  • 2009: In May 2009, the Comprehensive National Cybersecurity Initiative, originally aimed at making the federal workforce better prepared to handle cybersecurity challenges, expands to include the private sector workforce via Initiative #8. Expand cyber education.
  • 2012: The first version of the Federal CIO Council cybersecurity workforce framework is posted in September 2012. A subsequent U.S. government-wide review notes specific areas to be further examined and refined. The Department of Homeland Security (DHS) begins work to gather input and subsequently validate final recommendations via focus groups with subject matter experts from around the country and across industry, academia, and government. 
  • 2014: The Cybersecurity Enhancement Act of 2014 Title IV establishes the “National cybersecurity awareness and education program” to be led by NIST, thus formally establishing the NICE Program Office. This same year the DHS efforts to update the earlier Federal CIO Council framework result in a second public version of the NICE Framework, version 2.0. 
  • 2017: Following release of version 2.0, the Office of the Secretary of Defense (OSD) expands on the document through internal engagements with service components and external engagements with the private sector. DHS and NIST co-authors work with OSD to refine their expansion, resulting in the third version of the NICE Framework, formally published for the first time as NIST Special Publication 800-181 in August 2017. This first version of NIST Special Publication 800-181, the National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework, emphasizes private sector applicability and reinforces the vision of the NICE Framework as a reference resource for both public and private sectors. 
  • 2019: NICE convenes a Core Authoring Team that includes representatives from numerous departments and agencies in the United States Federal Government to begin revisions to the NICE Framework in November 2019. This team receives responses from a Request for Comments and updates the NICE Framework to improve agility, flexibility, interoperability, and modularity. 
  • 2020: The draft revision to the NICE Framework is made available for public comments and adjusted accordingly. The fourth and current version of the NICE Framework is published as NIST Special Publication 800-181 revision 1, the Workforce Framework for Cybersecurity (NICE Framework), in November 2020. 

Additional Links

NICE Framework CHange LOgs

The NICE Program Office maintains an ongoing record of implemented changes to the Workforce Framework for Cybersecurity (NICE Framework) primary publications (NIST Special Publication 800-181 and NIST IR 8355) and association Components: Work Role Categories, Work Roles, Competency Areas, and Task, Knowledge, and Skill (TKS) statements.

NICE Framework Components Change Log






5 March 2024


First major revision of NICE Framework Components. Updates were made to align to 800-181 rev. 1 and the TKS Authoring Guide, and include the following updates:

  • Work Role Categories: Updated names, descriptions, and codes
  • Work Roles:
    • Updated names, descriptions, and codes
    • Deprecated Work Role: Systems Developer (OPM Code 632) (Original Category: Securely Provision)
    • New Work Role: Insider Threat Analysis (Category: Protection and Defense)
  • Competency Areas: Confirmed areas added (NOTE: names and descriptions added; future development of associated statements planned for 2024)
  • TKS updates: 
    • Refactored Ability statements
    • TKS statements largely revised (updated and new statements have new ID codes)

The US Office of Personnel Management (OPM) plans to provide information about alignment of the March 2024 NICE Framework revisions to the original OPM cyber-position codes shortly.

2017 (2017 components made available as a separate release – no version identifier)

November 2020AllFirst release of NICE Framework components as a separate spreadsheet. This release was made available in conjunction with the 800-181 revision 1, but the components represented here are from the original 2017 publication.

NICE Framework Publications Change Log





2023June 2023


First publication of NIST IR 8355, NICE Framework Competency Areas: Preparing a Job-Ready Cybersecurity Workforce
Revision 1November 2020

SP 800-181

  • Updated Title: Workforce Framework for Cybersecurity (NICE Framework)
  • Deprecation of Specialty Areas
  • Deprecation of Ability Statements
  • Addition of Competencies
  • Edits throughout
2017August 2017

SP 800-181

First publication of NIST Special Publication 800-181, National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework



Created February 6, 2018, Updated April 8, 2024