NICE Framework Latest Updates

The NICE Program Office is currently prioritizing the following activities:

• Adjudicating comments on Knowledge and Skill (K&S) statements. Proposed updates have been made to NICE Framework K&S statements based on guidance in the Task, Knowledge, Skill (TKS) Statements Authoring Guide for Workforce Frameworks. A summary of updates is available and draft refactored K&S statements were open for public comment April 1 - June 3, 2022. open for public comment. Comments received are being reviewed to determine if any adjustments to the draft statements are necessary before finalization.
• Adjudicating comments on the draft NICE Framework Update Process. Comments received in January 2022 will inform revisions to an online platform that will enable public review and commenting to inform updates to NICE Framework data.
• Adjudicating comments on the refactored Ability Statements. NICE Framework Ability statements were deprecated in the 2020 revision; these statements have been reviewed for refactoring as Task, Skill, or Knowledge statements. Comments on these were received in January 2022 and are being reviewed to determine if any adjustments to the draft statements are necessary before finalization.
• Adjudicating comments on the second draft of NISTIR 8355 on Competencies. The second draft of NIST Interagency or Internal Report (NISTIR) 8355, NICE Framework Competencies: Assessing Learners for Cybersecurity Work received comments in January 2022. These comments are being reviewed for adjudication to determine what adjustments may be needed to the publication.
• Updating the List of Competencies. An initial draft list of Competency Areas was released for comment in March 2021; comments received on that draft list along with feedback received from a 2021 workshop, from discussions and meetings with stakeholders and subject matter experts, and from other engagements with the public and private sectors and academia are being used to update that list. This work is in progress and an updated list is being prepared for release in the first half of 2022.

In addition to these activities, NICE is completing FY21 National Defense Authorization Act (NDAA) tasks this year to include: 

1. Proficiency to perform cybersecurity tasks (see the report the NICE Program Office submitted to Congress on August 2, 2022) – assess the scope and sufficiency of efforts to measure an individual’s capability to perform specific tasks found in the NICE Framework at all proficiency levels and submit a report to Congress with recommendations for effective methods for measuring the cybersecurity proficiency of learners; and
2. Identify multiple cybersecurity career pathways that indicate the knowledge and skills along with relevant education, training, internships, apprenticeships, certifications, and other experiences that align with employers’ cybersecurity skill needs, including proficiency level requirements, for its workforce, and prepare an individual to be successful in entering or advancing in a cybersecurity career. 

Both of these items were recommended in the 2018 Department of Commerce and Department of Homeland Security Report to the President in response to a 2017 Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure.

Looking ahead

Task Statement Update
Updates to the NICE Framework data will be an iterative process. NICE is currently collecting feedback on proposed updates to Knowledge and Skill (K&S) statements. The comments received on the draft statements will inform a next-stage review of Task statements for alignment with the Task, Knowledge, Skill (TKS) Statements Authoring Guide for Workforce Frameworks and subsequent alignment of Knowledge and Skill statements to individual Tasks.

Operational Technology
In August 2021, a workshop on control systems cybersecurity was held in response to public comments, recommendations in a Report to the President as required by the 2019 Executive Order on America’s Cybersecurity Workforce, and in our role as co-chair along with CISA of the workforce committee of the Control Systems Working Group.  A NICE webinar on the topic was also held in July 2021 immediately prior the workshop.  Additionally, NIST is planning to release an update to SP 800-82 in the form of a Guide to Control Systems Cybersecurity. NICE will be returning to that work in 2022 after the release of the new NIST guidance.

Cybersecurity Awareness
In September 2021, a workshop on cybersecurity awareness was held. The genesis for focusing on this topic was first signaled in a NICE webinar in late 2019 and is also in response to a FY21 NDAA task that requires NIST to “publish standards and guidelines for improving cybersecurity awareness of employees and contractors of Federal agencies”. Work to develop tasks related to a cybersecurity awareness Work Role are in development; work is scheduled to be completed at the end of 2022. 

Tools
NICE seeks to expand capabilities for web access to the NICE Framework data, including through the development of new tools and resources. The NICE Program Office has been working to provide the NICE Framework data via an accessible web platform. The NIST Universal Data Platform will provide a publicly available web version of the NICE Framework with browse, search, and download functions and will serve as the foundation for a more transparent public comment process, modeled after the Risk Management Framework public comment portal. NICE welcomes feedback on desired tool functionality for this and other public NICE Framework tools at the NICE Framework Users Group.

Other Alignments

NICE continues to seek opportunities for alignment with other relevant guidance and frameworks including, but not limited to: the Cybersecurity Framework (CSF), NIST Privacy Framework, and NIST Risk Management Framework. Comments and suggestions for alignments can be shared via the NICE Framework Users Group.

Additionally, NICE, working with partners from the Department of Labor (DOL) and Office of Personnel Management (OPM), is seeking to more clearly distinguish the relationships and differences between terms such as Occupation, Job, Work Role, and Competency. The NICE Framework and NICE efforts focus on Work Roles and Competencies, but we aim to ensure that our approaches complement that at organizations like DOL, OPM, and others (and vice versa).

ACTIVITIES

• On December 5, 2022 at the NICE K12 Cybersecurity Education Conference, the NICE Program Office announced the NICE Framework K12 FAQ. Learn more here. 
• On August 2, 2022 the NICE Program Office submitted the report "Measuring Cybersecurity Workforce Capabilities: Defining a Proficiency Scale for the NICE Framework" to Congress. Learn more here. 
• On June 7, 2022 the NICE Framework Users Group met at the NICE Conference & Expo in Atlanta, Georgia. Learn more here.
• On June 6, 2022 NICE held a workshop at the NICE Conference & Expo on "Using NICE Framework Competencies to Build a Better Cybersecurity Workforce." Learn more here.
• On April 19, 2022 NICE released draft refactored Knowledge and Skill statements for public comment. Learn more here.
• On December 15, 2021 NICE held a webinar on "Witnessing an Evolution- The NICE Framework and its Role in Building a Better Cybersecurity Workforce." Learn more here. 
• On December 15, 2021 NICE released a draft NICE Framework Data Update Process, draft refactored NICE Framework Ability Statements, and a second draft of NICE Framework Competencies (NISTIR 8355) for public comment. A machine-readable version of the NICE Framework data was also released. Learn more here. 
• On October 28, 2021 NICE shared a Playbook for Workforce Frameworks poster at ITL Science Day. 
• On September 29, 2021 the CAE in Cybersecurity Community and NICE held a workshop entitled "Developing a Workforce for Security Awareness and Behavior Change." For more information, see the workshop presentation slides. 
• On August 24, 2021 the CAE in Cybersecurity Community and NICE held a workshop entitled "Developing a Workforce to Secure Operational Technologies." For more information, see the workshop presentation slides.
• On March 23rd and 25th, the CAE in Cybersecurity Community and NICE held a workshop entitled "NICE Framework Competencies: Moving from Concept to Implementation." For more information, see the workshop report or workshop presentation slides. 
• On March 17, 2021, NICE announced draft NISTIR 8355, NICE Framework Competencies: Assessing Learners for Cybersecurity Work, and a draft List of Competencies for public comment by May 3, 2021. Learn more here. 
• On February 11, 2021, NICE announced the NICE Framework Success Stories catalog. 
• On January 27, 2021, NICE launched the NEW NICE Framework Users Group. Learn more here. 
• On December 16, 2020 NICE held a webinar on "Competencies – The Next Frontier for Closing the Cybersecurity Skills Gap" Learn more here. 
• On November 16, 2020, NICE released the NIST SP 800-181 Revision 1, the Workforce Framework for Cybersecurity. Learn more here. 
• On October 29, 2020, NICE held a workshop on “NICE Framework: Adoption Strategies” as part of the 2020 NICE Conference & Expo.
• On July 15, 2020, NICE released a draft revision to the NICE Framework. Learn more here.
• On July 15, 2020, NICE held a webinar on "What’s New - Revisions to the NICE Framework." Learn more here. 
• On March 18, 2020, NICE held a webinar on “NICE Framework Uses and Success Stories.” Learn more and view the recording here. 
• On December 3, 2019, NICE held a webinar on “How You Can Influence an Update to the NICE Framework. Learn more and view the recording here.
• On November 19, 2019, NIST announced plans to update the NICE Cybersecurity Workforce Framework, NIST Special Publication 800-181. The public is invited to provide input by Jan. 13, 2020 for consideration in the update.Learn more here. 
• On November 18, 2019, Bill Newhouse (NICE Program Office) led a seminar focused on applications and uses of the NICE Framework at the NICE Conference and Expo in Phoenix, Arizona.