The NICE Framework, NIST Special Publication 800-181, is a national focused resource that categorizes and describes cybersecurity work. The NICE Framework, establishes a taxonomy and common lexicon that describes cybersecurity work and workers irrespective of where or for whom the work is performed. The NICE Framework is intended to be applied in the public, private, and academic sectors.
The NICE Framework is comprised of the following components:
- Categories (7) – A high-level grouping of common cybersecurity functions.
- Specialty Areas (33) – Distinct areas of cybersecurity work.
- Work Roles (52) – The most detailed groupings cybersecurity work comprised of specific knowledge, skills, and abilities required to perform tasks in a work role.
- NIST Special Publication 800-181, The NICE Cybersecurity Workforce Framework (August 2017)
- Reference Spreadsheet for the NICE Framework, NIST SP 800-181 (January 18, 2018)
- Search for work roles in the NICE Framework using Knowledge, Skill, Ability, or Task keywords or statement
- NICE Framework One Pager
- NICE Framework Revisions
- DHS Cybersecurity Workforce, Education, and Training Portal (aka NICCS)
- DoD Cyber Workforce
- Draft NISTIR 8193 NICE Framework Work Role Capability Indicators: Indicators for Performing Work Roles (Nov 2017)
- Click Here for Earlier Versions
- Employers, to help assess their cybersecurity workforce, identify critical gaps in cybersecurity staffing, and improve position descriptions;
- Current and future cybersecurity workers, to help explore Tasks and Work Roles and assist with understanding the KSAs that are being valued by employers for in-demand cybersecurity jobs and positions. The NICE Framework also enables staffing specialists and guidance counselors to use the NICE Framework as a resource to support these employees or job seekers;
- Training and certification providers seeking to help current and future members of the cybersecurity workforce gain and demonstrate the KSAs;
- Education providers who use the NICE Framework as a reference to develop curriculum, courses, seminars, and research that cover the KSAs and Tasks described; and
- Technology providers who can identify cybersecurity Work Roles and specific Tasks and KSAs associated with the services and hardware/software products they supply.
NIST has developed this initial mapping of the knowledge, skill, and ability statements from the NICE Framework to competencies as we work towards a new draft version of NIST SP 800-16 , a Role‐Based Model for Federal Information Technology / Cybersecurity Training.