The National Initiative for Cybersecurity Education (NICE) has released the first revision to the Workforce Framework for Cybersecurity (NICE Framework). The NICE Framework improves communications about how to identify, recruit, develop, and retain cybersecurity talent ¬ — offering a common, consistent lexicon that categorizes and describes cybersecurity work.
“The revised NICE Framework provides an improved and simplified conceptual design that helps to better coordinate an integrated ecosystem of cybersecurity education, training, and workforce development,” said Rodney Petersen, Director of NICE, which is led by the National Institute of Standards and Technology (NIST) and is a partnership between government, academia, and the private sector.
The “cybersecurity workforce,” Petersen noted, “includes those whose primary focus is on cybersecurity as well as those in the workforce who need specific cybersecurity-related knowledge and skills in order to perform their work in a way that enables organizations to properly manage the cybersecurity-related risks to the enterprise.”
It expresses that work as Task statements and describes Knowledge and Skill statements that provide a foundation for learners including students, job seekers, and employees. The use of these statements helps students to develop skills, job seekers to demonstrate competencies, and employees to accomplish tasks.
As a common, consistent lexicon that categorizes and describes cybersecurity work, the NICE Framework improves communication about how to identify, recruit, develop, and retain cybersecurity talent. The NICE Framework is a reference source from which organizations or sectors can develop additional publications or tools that meet their needs to define or provide guidance on different aspects of cybersecurity education, training, and workforce development.
A summary of revisions to the NICE Framework (NIST Special Publication 800-181) include:
- A streamlined set of “building blocks” comprised of Task, Knowledge, and Skill Statements.
- The introduction of Competencies as a mechanism for organizations to assess learners.
- A reference to artifacts, such as Work Roles and Task, Knowledge, and Skills statements, that will live outside of the publication to enable a more fluid update process.
“The NICE Framework building blocks (Tasks, Knowledge, and Skill statements) will unleash a variety of ways in which organizations can use and apply the NICE Framework within their unique context and in a manner that is consistent with the attributes of agility, flexibility, interoperability, and modularity,” said Karen Wetzel, Manager of the NICE Framework. “The introduction of Competencies, a mechanism for organizations to assess learners, is designed to increase alignment among employers, learners, and education and training providers and close the cybersecurity skills gap.”
The NICE Framework already has a large following. It is used by organizations in both the private and public sectors to perform workforce audits, develop position descriptions, create learning outcomes for courses, and much more.
Supersedes: SP 800-181 (08/07/2017)