Current Version | Data | Translations| Supplemental Material
NIST Special Publication 800-181 revision 1: The Workforce Framework for Cybersecurity (NICE Framework) (November 2020)
NICE Framework Data
NICE Framework data comprises Categories, Work Roles, Competencies, and Task, Knowledge, and Skill (TKS) statements as well as the relationships between those elements. Please note that the 2017 NICE Framework data is currently being reviewed and updated to align with the November 2020 revision. Until those updates occur, the 2017 NICE Framework versions of Categories, Work Roles, and Task, Knowledge, and Skill (TKS) statements along with the draft NICE Framework Competencies are the most up-to-date data available for use.
- Reference Spreadsheet (XLSX)
The Reference Spreadsheet for the 2017 NICE Framework data also provides a mapping to the employment codes as required by the Federal Cybersecurity Workforce Assessment Act.
- NICE Framework Competency Areas
NIST Interagency or Internal Report (NISTIR) 8355, NICE Framework Competency Areas: Preparing a Job-Ready Cybersecurity Workforce (June 2023), provides detail on NICE Framework Competency Areas, including their evolution, development, and example uses from various stakeholder perspectives. It is accompanied by a draft list of 15 proposed Competency Areas and their descriptions.
- JSON File (JSON)
The JSON file format for the NICE Framework is a machine-readable format that can be used in many web applications to transmit structured data from system to system. The JSON file format includes 2017 NICE Framework data (including the now defunct Specialty Areas and Ability statements) a list of Work Roles and Task, Knowledge, and Skill (TKS) statements . It also includes the Categories, Specialty Areas, and Ability statements from the 2017 NICE Framework. For more information, read our JSON FAQ.
We encourage translations of the NICE Framework. To submit a translation, please NICEframework [at] nist.gov (contact us).
- Task, Knowledge, Skill (TKS) Statements Authoring Guide for Workforce Frameworks (PDF)
This working draft, a collaborative NIST effort between NICE and the Privacy Engineering Program (PEP), was developed for use during the 2021 NICE review of the NICE Framework TKS statements and the PEP development of new TKS statements for its Privacy Workforce Framework. The current draft includes updates made in July 2021.
- Competency Area Authoring Guide for Workforce Frameworks (PDF)
This publication identifies best practices in authoring workforce framework Competency Areas. It accompanies the previously released Task Knowledge Skill (TKS) Statements Authoring Guide for Workforce Frameworks. These authoring guides and other materials that support a standard approach to developing workforce frameworks can be found in the Playbook for Workforce Frameworks, which details workforce framework components and provides developers with supporting resources.
- Playbook for Workforce Frameworks
Workforce frameworks provide employers, learners, and training and education providers a common language to describe the work of a particular domain and what workers need to know or be able to do to complete that work. The Playbook for Workforce Frameworks provides a template for other organizations to use when developing workforce frameworks and serves as a reference resource for frameworks that have used the model.
- Proposed NICE Framework Data Update Process (PDF)
An ongoing review and update process for NICE Framework data (Work Roles, Competencies, and Task, Knowledge, and Skill [TKS] statements) is being proposed to ensure that the NICE Framework is agile, flexible, interoperable, and modular. This process will enable NICE Framework implementers and stakeholders to suggest changes, allow for more regular updates, make NICE Framework data available in machine-readable formats, and other improvements. This resource will provide more information about what to expect.
- Measuring Cybersecurity Workforce Capabilities: Defining a Proficiency Scale for the NICE Framework (PDF)
This report discusses proficiency levels broadly to provide overall context and clarity, points to various extant models, summarizes findings regarding existing efforts to assess proficiency in the workforces of both the public and private sector, and provides recommendations for effective methods for measuring the cybersecurity proficiency of learners.