The NICE Framework, NIST Special Publication 800-181, is a national focused resource that categorizes and describes cybersecurity work. The NICE Framework, establishes a taxonomy and common lexicon that describes cybersecurity work and workers irrespective of where or for whom the work is performed. The NICE Framework is intended to be applied in the public, private, and academic sectors.
The NICE Framework is comprised of the following components:
- Categories (7) – A high-level grouping of common cybersecurity functions.
- Specialty Areas (33) – Distinct areas of cybersecurity work.
- Work Roles (52) – The most detailed groupings cybersecurity work comprised of specific knowledge, skills, and abilities required to perform tasks in a work role.
- NIST Special Publication 800-181, The NICE Cybersecurity Workforce Framework (August 2017)
- Reference Spreadsheet for the NICE Framework, NIST SP 800-181 (January 18, 2018)
- NICE Framework Revision Process and Documented Revisions
Search the NICE Framework
- DHS Cybersecurity Workforce, Education, and Training Portal (aka NICCS)
- DoD Cyber Workforce - – description of the DoD Cyber Workforce and contact information
- Draft NISTIR 8193 NICE Framework Work Role Capability Indicators: Indicators for Performing Work Roles (Nov 2017). One can use the DHS’s Cybersecurity Careers and Training Portal to see capability indicators associated with each NICE Framework Work Role
- Employers, to help assess their cybersecurity workforce, identify critical gaps in cybersecurity staffing, and improve position descriptions;
- Current and future cybersecurity workers, to help explore Tasks and Work Roles and assist with understanding the KSAs that are being valued by employers for in-demand cybersecurity jobs and positions. The NICE Framework also enables staffing specialists and guidance counselors to use the NICE Framework as a resource to support these employees or job seekers;
- Training and certification providers seeking to help current and future members of the cybersecurity workforce gain and demonstrate the KSAs;
- Education providers who use the NICE Framework as a reference to develop curriculum, courses, seminars, and research that cover the KSAs and Tasks described; and
- Technology providers who can identify cybersecurity Work Roles and specific Tasks and KSAs associated with the services and hardware/software products they supply.
NIST has developed a pre-consensus/pre-publication mapping of the knowledge, skill, and ability statements from the NICE Framework to competencies. This material will become part of a new draft version of NIST SP 800-16, a Role‐Based Model for Federal Information Technology / Cybersecurity Training. Click here to download the spreadsheet that shows the KSA to competency mappings.