NICE Framework Latest Updates

The Workforce Framework for Cybersecurity (NICE Framework) (NIST SP 800-181r1) provides a common language for describing cybersecurity tasks, knowledge, and skills. It can be used in career awareness, education and training, hiring, and workforce planning and development. The NICE office published a first revision of the NICE framework in 2020. Recent and upcoming updates include:

• Work Roles and Work Role Categories
  Comment Period: April 18 - June 23, 2023
  Proposed updates focus on improving clarity, consistency, and accuracy. They include adjustments to Work Role Category names and descriptions and updates to Work Role names, descriptions, and IDs to reflect category updates and remove reference to deprecated Specialty Areas.

• Statement Updates
  • Refactored Ability Statements
    The 2020 revision of the NICE Framework deprecates Ability statements. Refactored statements were previously released for comment. Comments have been reviewed and adjudicated and updated statements (refactored as Knowledge or Skill statements) are being readied for release this summer.
  • Updated Knowledge and Skill Statements
    Knowledge and Skill statements were previously released for comment. Comments have been reviewed and adjudicated and updated statements are being readied for release this summer.
  • Updated Task Statements
    Task statements are currently being reviewed and proposed updates being prepared for release in late 2023. 

• Competency Areas 
  • NICE Framework Competencies: Preparing a Job-Ready Cybersecurity Workforce (NISTIR 8355)
    Newly published! This NIST Internal Report describes Competency Areas as included in the NICE Framework, providing information on how Competency Areas are defined and how they can be used.
  • Proposed Competency Areas List
    Comment Period: June 21 - August 5, 2023
    Weigh in on the proposed Competency Areas for development. The list addresses feedback received on a previously released draft list.
• Competency Areas Authoring Guide
  This publication identifies best practices in authoring workforce framework Competency Areas as part of a standard approach to developing workforce frameworks. It and other related resources can be found in the Playbook for Workforce Frameworks.

• New Work Roles
  The NICE Program Office is working with subject matter experts to develop new draft Work Roles in the following areas: 
  • Operational Technology (OT) Cybersecurity Engineering
    In August 2021, a workshop on control systems cybersecurity was held in response to public comments, recommendations in a Report to the President as required by the 2019 Executive Order on America’s Cybersecurity Workforce, and in our role as co-chair along with CISA of the workforce committee of the Control Systems Working Group.  A NICE webinar on the topic was also held in July 2021 immediately prior the workshop.  In April 2022 NIST released a revised draft Guide to Operational Technology (OT) Security. Informed by these efforts and others, the NICE Program Office has been working with subject matter experts to prepare a new OT Work Role, to be released for comment summer 2023.
  • Cybersecurity Awareness
    In September 2021, a workshop on cybersecurity awareness was held. The genesis for focusing on this topic was first signaled in a NICE webinar in late 2019 and is also in response to a FY21 NDAA task that requires NIST to “publish standards and guidelines for improving cybersecurity awareness of employees and contractors of Federal agencies”. Work to develop this new Work Role is in development; a draft is expected to be released for comment fall 2023.
  • Insider Threat
    A proposed new Work Role was brought to the NICE Program Office as part of an interagency effort. This is currently under review and development, with expected release for comment in fall 2023.
• NICE Framework Proficiency Levels
  The August 2022 report, Measuring Cybersecurity Workforce Capabilities: Defining a Proficiency Scale for the NICE Framework, was provided to Congress in response to the FY21 National Defense Authorization Act (NDAA). The NICE Program Office is developing a draft scale to define proficiency levels at the Work Role and Competency Area levels, expected to be released for comment in fall 2023.

Other work

• NICE Framework Tools
  NICE seeks to expand capabilities for web access to the NICE Framework data, including through the development of new tools and resources. NICE welcomes discussion about current tools and feedback on desired new tool functionality in the NICE Framework Users Group.
• Alignments
  NICE continues to seek opportunities for alignment with other relevant guidance and frameworks including, but not limited to: the Cybersecurity Framework (CSF) (including the CSF 2.0 revision), NIST Privacy Framework, and NIST Risk Management Framework. Comments and suggestions for alignments can be shared via the NICE Framework Users Group.

To find out more about or to propose new NICE Framework updates, get and share ideas about how to use the NICE Framework, and engage with the community, join the NICE Framework Users Group or visit the NICE Framework Resource Center at www.nist.gov/nice/framework

ACTIVITIES

• On April 18, 2023, NICE released proposed updates to NICE Framework Work Role Categories and Work Roles for comment by June 23, 2023. Learn more here.
• On December 5, 2022 at the NICE K12 Cybersecurity Education Conference, the NICE Program Office announced the NICE Framework K12 FAQ. Learn more here. 
• On August 2, 2022 the NICE Program Office submitted the report "Measuring Cybersecurity Workforce Capabilities: Defining a Proficiency Scale for the NICE Framework" to Congress. Learn more here. 
• On June 7, 2022 the NICE Framework Users Group met at the NICE Conference & Expo in Atlanta, Georgia. Learn more here.
• On June 6, 2022 NICE held a workshop at the NICE Conference & Expo on "Using NICE Framework Competencies to Build a Better Cybersecurity Workforce." Learn more here.
• On April 19, 2022 NICE released draft refactored Knowledge and Skill statements for public comment. Learn more here.
• On December 15, 2021 NICE held a webinar on "Witnessing an Evolution- The NICE Framework and its Role in Building a Better Cybersecurity Workforce." Learn more here. 
• On December 15, 2021 NICE released a draft NICE Framework Data Update Process, draft refactored NICE Framework Ability Statements, and a second draft of NICE Framework Competencies (NISTIR 8355) for public comment. A machine-readable version of the NICE Framework data was also released. Learn more here. 
• On October 28, 2021 NICE shared a Playbook for Workforce Frameworks poster at ITL Science Day. 
• On September 29, 2021 the CAE in Cybersecurity Community and NICE held a workshop entitled "Developing a Workforce for Security Awareness and Behavior Change." For more information, see the workshop presentation slides. 
• On August 24, 2021 the CAE in Cybersecurity Community and NICE held a workshop entitled "Developing a Workforce to Secure Operational Technologies." For more information, see the workshop presentation slides.
• On March 23rd and 25th, the CAE in Cybersecurity Community and NICE held a workshop entitled "NICE Framework Competencies: Moving from Concept to Implementation." For more information, see the workshop report or workshop presentation slides. 
• On March 17, 2021, NICE announced draft NISTIR 8355, NICE Framework Competencies: Assessing Learners for Cybersecurity Work, and a draft List of Competencies for public comment by May 3, 2021. Learn more here. 
• On February 11, 2021, NICE announced the NICE Framework Success Stories catalog. 
• On January 27, 2021, NICE launched the NEW NICE Framework Users Group. Learn more here. 
• On December 16, 2020 NICE held a webinar on "Competencies – The Next Frontier for Closing the Cybersecurity Skills Gap" Learn more here. 
• On November 16, 2020, NICE released the NIST SP 800-181 Revision 1, the Workforce Framework for Cybersecurity. Learn more here. 
• On October 29, 2020, NICE held a workshop on “NICE Framework: Adoption Strategies” as part of the 2020 NICE Conference & Expo.
• On July 15, 2020, NICE released a draft revision to the NICE Framework. Learn more here.
• On July 15, 2020, NICE held a webinar on "What’s New - Revisions to the NICE Framework." Learn more here. 
• On March 18, 2020, NICE held a webinar on “NICE Framework Uses and Success Stories.” Learn more and view the recording here. 
• On December 3, 2019, NICE held a webinar on “How You Can Influence an Update to the NICE Framework. Learn more and view the recording here.
• On November 19, 2019, NIST announced plans to update the NICE Cybersecurity Workforce Framework, NIST Special Publication 800-181. The public is invited to provide input by Jan. 13, 2020 for consideration in the update.Learn more here. 
• On November 18, 2019, Bill Newhouse (NICE Program Office) led a seminar focused on applications and uses of the NICE Framework at the NICE Conference and Expo in Phoenix, Arizona.