The Workforce Framework for Cybersecurity (NICE Framework)

Current Version | Data | Translations| Supplemental Material 

Current Version

NIST Special Publication 800-181 revision 1: The Workforce Framework for Cybersecurity (NICE Framework) (November 2020)

• SP 800-181 Homepage
• Framework (PDF)

NICE Framework  Data

NICE Framework data comprises Categories, Work Roles, Competencies, and Task, Knowledge, and Skill (TKS) statements as well as the relationships between those elements. Please note that the 2017 NICE Framework data is currently being reviewed and updated to align with the November 2020 revision. Until those updates occur, the 2017 NICE Framework versions of Categories, Work Roles, and Task, Knowledge, and Skill (TKS) statements along with the draft NICE Framework Competencies are the most up-to-date data available for use.

• Reference Spreadsheet (XLSX)
  The Reference Spreadsheet for the 2017 NICE Framework data also provides a mapping to the employment codes as required by the Federal Cybersecurity Workforce Assessment Act.
  • Draft Refactored NICE Framework Ability Statements (XLSX)
  • Draft Refactored NICE Framework Knowledge and Skill Statements (XLSX) 
    • NICE Framework Knowledge and Skill Statement Review: An Introduction and Summary of Updates (PDF)
  • Draft Updates to NICE Framework Work Role Categories and Work Roles (XLSX) 
    • NICE Framework Work Role Categories and Work Roles: An Introduction and Summary of Proposed Updates (PDF)
• NICE Framework Competency Areas
  NIST Interagency or Internal Report (NISTIR) 8355, NICE Framework Competency Areas: Preparing a Job-Ready Cybersecurity Workforce (June 2023), provides detail on NICE Framework Competency Areas, including their evolution, development, and example uses from various stakeholder perspectives. It is accompanied by a draft list of 15 proposed Competency Areas and their descriptions.  
  • NISTIR 8355 Homepage
  • Second Draft List of Competency Areas (PDF) (June 2021)
• JSON File (JSON)
  The JSON file format for the NICE Framework is a machine-readable format that can be used in many web applications to transmit structured data from system to system. The JSON file format  includes 2017 NICE Framework data (including  the now defunct Specialty Areas and Ability statements) a list of Work Roles and Task, Knowledge, and Skill (TKS) statements . It also includes the Categories, Specialty Areas, and Ability statements from the 2017 NICE Framework. For more information, read our JSON FAQ.

Translations

We encourage translations of the NICE Framework. To submit a translation, please NICEframework [at] nist.gov (contact us). 

• Portuguese Translation of the 2020 NICE Framework (NIST SP 800-181r1) (PDF)
  Document translated courtesy of U.S. Department of State with support from the Digital Connectivity and Cybersecurity Partnership (DCCP).
• Portuguese Translation of the 2017 NICE Framework (NIST SP 800-181) (PDF)
  Document translated courtesy of U.S. Department of State under the Digital Connectivity and Cybersecurity Partnership (DCCP). Cover page translated by the National Institute of Standards and Technology. Cover page not an official U.S. Government Translation.
• Slovak Translation of the 2020 NICE Framework (NIST SP 800-181r1) (PDF)
  Document translated courtesy of University of Žilina, University Science Park (Slovakia). Reviewed by Diplomatic Language Services. Official U.S. Government translation.
• Spanish Translation of the 2020 NICE Framework (NIST SP 800-181r1) (PDF)
  Document translated courtesy of U.S. Department of State under the Digital Connectivity and Cybersecurity Partnership (DCCP) in partnership with the Organization of American States.
• Spanish Translation of the 2017 NICE Framework (NIST SP 800-181) (PDF)
   Document translated courtesy of U.S. Department of State under the Digital Connectivity and Cybersecurity Partnership (DCCP). Cover page translated by the National Institute of Standards and Technology. Cover page not an official U.S. Government Translation.
• Ukrainian Translation of the 2020 NICE Framework (NIST SP 800-181r1) (PDF)
  Document translated courtesy of the Ukrainian Academy of Cybersecurity with the support of the U.S. Embassy to Ukraine. Reviewed by Diplomatic Language Services. Official U.S. Government translation.
• Ukrainian Translation of the 2017 NICE Framework (NIST SP 800-181) (PDF)
  Document translated courtesy of the Ukrainian Academy of Cybersecurity with the support of the U.S. Embassy to Ukraine. Reviewed by Diplomatic Language Services. Official U.S. Government translation.

Supplemental Material

• Task, Knowledge, Skill (TKS) Statements Authoring Guide for Workforce Frameworks (PDF)
  This working draft, a collaborative NIST effort between NICE and the Privacy Engineering Program (PEP), was developed for use during the 2021 NICE review of the NICE Framework TKS statements and the PEP development of new TKS statements for its Privacy Workforce Framework. The current draft includes updates made in July 2021.
• Competency Area Authoring Guide for Workforce Frameworks (PDF)
  This publication identifies best practices in authoring workforce framework Competency Areas. It accompanies the previously released Task Knowledge Skill (TKS) Statements Authoring Guide for Workforce Frameworks. These authoring guides and other materials that support a standard approach to developing workforce frameworks can be found in the Playbook for Workforce Frameworks, which details workforce framework components and provides developers with supporting resources. 
• Playbook for Workforce Frameworks
  Workforce frameworks provide employers, learners, and training and education providers a common language to describe the work of a particular domain and what workers need to know or be able to do to complete that work. The Playbook for Workforce Frameworks provides a template for other organizations to use when developing workforce frameworks and serves as a reference resource for frameworks that have used the model.
• Proposed NICE Framework Data Update Process (PDF)
  An ongoing review and update process for NICE Framework data (Work Roles, Competencies, and Task, Knowledge, and Skill [TKS] statements) is being proposed to ensure that the NICE Framework is agile, flexible, interoperable, and modular. This process will enable NICE Framework implementers and stakeholders to suggest changes, allow for more regular updates, make NICE Framework data available in machine-readable formats, and other improvements. This resource will provide more information about what to expect.
• Measuring Cybersecurity Workforce Capabilities: Defining a Proficiency Scale for the NICE Framework (PDF)
  This report discusses proficiency levels broadly to provide overall context and clarity, points to various extant models, summarizes findings regarding existing efforts to assess proficiency in the workforces of both the public and private sector, and provides recommendations for effective methods for measuring the cybersecurity proficiency of learners.