Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

NICE Framework Revisions

NICE Framework Attributes Image
Credit: NICE

To remain effective now and in the future, the NICE Framework components — Task, Knowledge, and Skill (TKS) statements; Work Roles and Work Role Categories; and Competency Areas — will be regularly reviewed and adjusted to respond to and anticipate changing needs of the cybersecurity workforce and in support of the Framework's core attributes of agility, flexibility, modularity, and interoperability. These changes are driven by new and evolving technologies, threats, and approaches to securing organizations and the Nation.

The following provides an overview of the NICE Framework versioning and release process. This excerpted information is also available in the PDF document, “NICE Framework Component Updates: Releases and Versioning.”

Update Types, Frequency, and Versioning

Updates may be identified internally by NICE Program Office staff or may be proposed by private and public stakeholders, including government, industry, academia, learners, and others at any time (see Change Requests). The NICE Program Office will work to achieve consensus on the public and private sector input, balancing the need for both periodic updates based upon emerging needs and the desirability for a stable framework.

Update Types

Updates to NICE Framework components fall into three categories:

  • Major Updates: A major update is “A revision of a specification that breaks backward compatibility with the previous revision of the specification in numerous significant ways.” Systems and tools that use NICE Framework components could be significantly impacted.
  • Minor Updates: A minor update is defined as “A revision of a specification that may add or enhance functionality, fix bugs, and make other changes from the previous revision, but the changes have minimal impact, if any, on backward compatibility.” 
  • Administrative Updates: Errata changes and minor corrections that do not alter the intent of the original. 

Frequency of Releases

It is essential that NICE Framework components be regularly reviewed and updated when necessary to reflect employer needs and address changes to the cybersecurity work that learners need to be prepared for. However, it is equally essential that these changes be released in a planned and coordinated fashion so that the community that depends on and leverages the NICE Framework is aware of upcoming releases. NICE Framework releases will include all NICE Framework components. For example: A new Task statement is being added to the NICE Framework. The release that includes this new statement will comprise all the components, including the statement itself. 

Releases of NICE Framework updates will be made according to the following planned schedule:

  • Major Releases: A major release of NICE Framework data will occur no more frequently than every three years. 
  • Minor Releases: A minor release of the NICE Framework data will occur no more frequently than once annually. 
  • Administrative Releases: An errata release of the NICE Framework data may occur at any time and without formal notice. 

Note that both major and minor proposed updates will continue to be shared for public comment prior to finalization. The public comment period allows the NICE community to provide feedback on drafts and for the NICE Program office to incorporate changes and consider the validity of proposed drafts prior to release based on comments received.

Version Identifiers

In order to distinguish between various releases, the following versioning identifier system will be adopted: 

Examples

Using 0.0.0 as a starting point, the version will change as follows for the various release types:

  • Major Release: 0.0.0 -> 1.0.0
  • Minor Release: 0.1.0 -> 0.2.0
  • Administrative Release: 0.0.1 -> 0.0.2

These can be combined, as well. For example, following a first major release (1.0.0) there may be several minor releases (1.3.0), then followed by an administrative release (1.3.1). If a major release then followed, that would then reset the second and third place numbers (2.0.0). 

There may be times when components to be included in a minor release may be made available as a pre-release for use by those who are interested in adopting the content prior to the final release. For instance, if a new Work Role is developed, made available for public comment, and then updated based on feedback, that final update may be shared as a pre-release. That way if a second new Work Role or Competency Area is also being readied, the first item may be used while the second is still in development. Then when both are ready they can be packaged together in the minor release. 

Contacts

FOR FURTHER INFORMATION OR QUESTIONS ABOUT THE NICE FRAMEWORK

Created July 3, 2017, Updated March 5, 2024