Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Public Comment Invited on Draft NICE Framework Update Process, Refactored Ability Statements, and Second Draft of NISTIR on Competencies


NIST has released three draft items related to the Workforce Framework for Cybersecurity (NICE Framework). 

  1. Proposed NICE Framework Data Update Process
    An ongoing review and update process for NICE Framework data (Work Roles, Competencies, and Task, Knowledge, and Skill [TKS] statements) is being proposed in order to ensure that the NICE Framework is agile, flexible, interoperable, and modular. This process will enable NICE Framework implementers and stakeholders to suggest changes, allow for more regular updates, make NICE Framework data available in machine-readable formats, and other improvements. This resource will provide more information about what to expect. 
  2. Refactored NICE Framework Ability Statements
    The NICE Framework revision 1 was released in November 2020. One significant change in this revision is deprecation of the 2017 Ability Statements. These statements have been reviewed in order to identify unique content, while retaining important content and capabilities that are needed for various Work Roles. The current Framework refinement reflects editorial changes, rather than substantive content changes, to support the common and consistent lexicon. NICE is not adding new content that changes the nature of a Work Role, nor removing content that might eliminate requirements or capabilities, but rather eliminating redundancy and adjusting language for clarity. 
  3. NICE Framework Competencies, NISTIR 8355 (Second Draft)
    A second draft of NIST Interagency or Internal Report (NISTIR) 8355, NICE Framework Competencies: Assessing Learners for Cybersecurity Work, is available for public comment. We listened to your comments from earlier this year about the first version, we’ve adjusted to better define NICE Framework Competencies, clarified the difference between Work Roles and Competencies, and shared how Competencies can be used. At this time we are only sharing an updated NISTIR; we will be working with community stakeholders to update the List of Competencies for release in 2022.

How are comments submitted?
Comments on the proposed NICE Framework Data Update Process, the refactored Ability statements, and second draft of NISTIR 8355 are due by January 31, 2022 at 11:59 p.m. ET. Comments should be submitted by email to NICEFramework [at] As always, we are thankful for your support.  Your ideas will continue to shape our publications and processes to ensure they meets the needs and expectations of our stakeholders.

Learn more


Interested in learning more? Please join us for the NICE Webinar at 2-3pm ET where we will highlight these recent developments with the NICE Framework. You will also hear from invited speakers who will share their own uses of the NICE Framework in order to paint a picture of how the NICE Framework can be used to meet your own needs -- so that as a community we can work together on achieving the common goal of- a diverse, prepared, and effective cybersecurity workforce. The webinar will be recorded and available after the event.

Learn more


The NICE Framework data - Work Roles, Competencies, and Task, Knowledge, and Skill [TKS] statements - from the 2017 version of the NICE Framework is now available for download in JSON format. This new format will allow users to easily incorporate the data into web applications or other automated tools to deliver innovative solutions. Although the NICE Framework was updated in 2020, the 2017 version of the data is still the most current. Read more in our frequently asked questions

Learn More

Released December 15, 2021