The NICE Framework, NIST Special Publication 800-181, is a national focused resource that categorizes and describes cybersecurity work. The NICE Framework establishes a taxonomy and common lexicon that describes cybersecurity work and workers irrespective of where or for whom the work is performed. The NICE Framework is intended to be applied in the public, private, and academic sectors.
The Executive Order (EO) on America’s Cybersecurity Workforce encourages widespread adoption of the NICE Framework, and highlights its voluntary integration into existing education, training, and workforce development efforts undertaken by State, territorial, local, tribal, academic, non‑profit, and private-sector entities. The EO also directs that the NICE Framework be used as a reference for related federal government efforts, including as a basis for developing skill requirements for the federal cybersecurity rotational assignment program and the federal cybersecurity competition proposed by the Executive Order.
The NICE Framework is comprised of the following components:
- Categories (7) – A high-level grouping of common cybersecurity functions.
- Specialty Areas (33) – Distinct areas of cybersecurity work.
- Work Roles (52) – The most detailed groupings of cybersecurity work comprised of specific knowledge, skills, and abilities required to perform tasks in a work role.
- Employers, to help assess their cybersecurity workforce, identify critical gaps in cybersecurity staffing, and improve position descriptions;
- Current and future cybersecurity workers, to help explore Tasks and Work Roles and assist with understanding the KSAs that are being valued by employers for in-demand cybersecurity jobs and positions. The NICE Framework also enables staffing specialists and guidance counselors to use the NICE Framework as a resource to support these employees or job seekers;
- Training and certification providers seeking to help current and future members of the cybersecurity workforce gain and demonstrate the KSAs;
- Education providers who use the NICE Framework as a reference to develop curriculum, courses, seminars, and research that cover the KSAs and Tasks described; and
- Technology providers who can identify cybersecurity Work Roles and specific Tasks and KSAs associated with the services and hardware/software products they supply.
- NIST Special Publication 800-181, The NICE Cybersecurity Workforce Framework (August 2017)
- Reference Spreadsheet for the NICE Framework, NIST SP 800-181 (January 18, 2018)
- Preliminary Draft NIST SP 800-16r2 , Cybersecurity Role Profiles for Training (June 27, 2019)
- NICE Framework Pivot Tool (Draft KSA to Competency Mapping) (July 2019)
- NICE Framework Revision Process and Documented Revisions
Search the NICE Framework
- Using Keywords via DHS's Cybersecurity Careers and Training Portal
- CyberWatch West database (under development)
- Update and put out a new draft of NIST SP 800-16, a Role‐Based Model for Federal Information Technology / Cybersecurity Training, adding competencies that are connected to components in the NICE Framework
- DHS Cybersecurity Workforce, Education, and Training Portal (aka NICCS)
- DHS PushButtonPD™ Tool
- DoD Cyber Workforce – description of the DoD Cyber Workforce and contact information
- Draft NISTIR 8193 NICE Framework Work Role Capability Indicators: Indicators for Performing Work Roles (Nov 2017). One can use the DHS’s Cybersecurity Careers and Training Portal to see capability indicators associated with each NICE Framework Work Role
To help increase the visibility of the National Initiative for Cybersecurity Education (NICE), the NICE Program Office issues quarterly eNewsletters. Each newsletter contains a profile of a cybersecurity practitioner to illustrate application of the NICE Cybersecurity Workforce Framework categories, specialty areas, and work roles.
Interviews are recorded and transcribed. Click any of the links below to listen to the audio and download the transcripts.
- Miguel Ramirez, IT Security and Compliance Apprentice, Department of Information Technology, State of North Carolina, November 21, 2018
- Matthew McCollough, Security Operations Center (SOC) Analyst, Minnesota IT Standards and Resource Management Security Operations Center, August 10, 2018
- Julie Chua, Manager, Risk Management Program, Office of Information Security, HHS, June 25, 2018
- Andy Kleinick, Detective III of Cyber Crimes Section, Los Angeles Police Department, April 10, 2018
- Carolyn Schmidt, Program Manager, NIST, January 19, 2018
- Tina Thorstenson, Arizona State University, CISO, August 28, 2017