The NICE Framework, NIST Special Publication 800-181, is a national focused resource that categorizes and describes cybersecurity work. The NICE Framework, establishes a taxonomy and common lexicon that describes cybersecurity work and workers irrespective of where or for whom the work is performed. The NICE Framework is intended to be applied in the public, private, and academic sectors.
The NICE Framework is comprised of the following components:
- Categories (7) – A high-level grouping of common cybersecurity functions.
- Specialty Areas (33) – Distinct areas of cybersecurity work.
- Work Roles (52) – The most detailed groupings cybersecurity work comprised of specific knowledge, skills, and abilities required to perform tasks in a work role.
- Employers, to help assess their cybersecurity workforce, identify critical gaps in cybersecurity staffing, and improve position descriptions;
- Current and future cybersecurity workers, to help explore Tasks and Work Roles and assist with understanding the KSAs that are being valued by employers for in-demand cybersecurity jobs and positions. The NICE Framework also enables staffing specialists and guidance counselors to use the NICE Framework as a resource to support these employees or job seekers;
- Training and certification providers seeking to help current and future members of the cybersecurity workforce gain and demonstrate the KSAs;
- Education providers who use the NICE Framework as a reference to develop curriculum, courses, seminars, and research that cover the KSAs and Tasks described; and
- Technology providers who can identify cybersecurity Work Roles and specific Tasks and KSAs associated with the services and hardware/software products they supply.
- NIST Special Publication 800-181, The NICE Cybersecurity Workforce Framework (August 2017)
- Reference Spreadsheet for the NICE Framework, NIST SP 800-181 (January 18, 2018)
- Preconcensus/Prepublication Spreadsheet showing KSA to Competency Area Mapping (December 19, 2018 updated columns and tab order)
- NICE Framework Revision Process and Documented Revisions
Search the NICE Framework
- Using Keywords via DHS's Cybersecurity Careers and Training Portal
- CyberWatch West database (under development)
- Update and put out a new draft of NIST SP 800-16, a Role‐Based Model for Federal Information Technology / Cybersecurity Training, adding competencies that are connected to components in the NICE Framework
- DHS Cybersecurity Workforce, Education, and Training Portal (aka NICCS)
- DHS PushButtonPD™ Tool
- DoD Cyber Workforce – description of the DoD Cyber Workforce and contact information
- Draft NISTIR 8193 NICE Framework Work Role Capability Indicators: Indicators for Performing Work Roles (Nov 2017). One can use the DHS’s Cybersecurity Careers and Training Portal to see capability indicators associated with each NICE Framework Work Role
To help increase the visibility of the National Initiative for Cybersecurity Education (NICE), the NICE Program Office issues quarterly eNewsletters. Each newsletter contains a profile of a cybersecurity practitioner to illustrate application of the NICE Cybersecurity Workforce Framework categories, specialty areas, and work roles.
Interviews are recorded and transcribed. Click any of the links below to listen to the audio and download the transcripts.
- Matthew McCollough, Security Operations Center (SOC) Analyst, Minnesota IT Standards and Resource Management Security Operations Center, August 10, 2018
- Julie Chua, Manager, Risk Management Program, Office of Information Security, HHS, June 25, 2018
- Andy Kleinick, Detective III of Cyber Crimes Section, Los Angeles Police Department, April 10, 2018
- Carolyn Schmidt, Program Manager, NIST, January 19, 2018
- Tina Thorstenson, Arizona State University, CISO, August 28, 2017