NIST, the National Institute of Standards and Technology has issued NIST 800-181 for Cybersecurity Education. They are calling this framework NICE. If you would like to upload the document it will be at the bottom of this page. It is 144 pages but you don’t need to read every word. I have posted parts of it here for you.
The National Initiative for Cybersecurity Education (NICE), led by the National Institute of Standards and Technology (NIST) of the U.S. Department of Commerce, is a partnership between government, academia, and the private sector working to energize and promote a robust network and an ecosystem of cybersecurity education, training, and workforce development. NICE fulfills this mission by coordinating with government, academic, and industry partners to build on existing successful programs, facilitate change and innovation, and bring leadership and vision to increase the number of skilled cybersecurity professionals helping to keep our nation secure. NICE is committed to cultivating an integrated cybersecurity workforce that is globally competitive from hire to retire and prepared to protect our nation from existing and emerging cybersecurity challenges. NICE promotes nationwide initiatives that increase the number of people with the knowledge, skills, and abilities to perform the tasks required for cybersecurity work. As threats that exploit vulnerabilities in our cyberinfrastructure grow and evolve, an integrated cybersecurity workforce must be capable of designing, developing, implementing, and maintaining defensive and offensive cyber strategies. An integrated cybersecurity workforce includes technical and nontechnical roles that are staffed with knowledgeable and experienced people. An integrated cybersecurity workforce can address the cybersecurity challenges inherent to preparing their organizations to successfully implement aspects of their missions and business processes connected to cyberspace. This publication provides a fundamental reference in support of a workforce capable of meeting an organization’s cybersecurity needs by using a common, consistent lexicon to describe cybersecurity work by category, specialty area, and work role. It provides a superset of cybersecurity Knowledge, Skills, and Abilities (KSAs) and Tasks for each work role. The NICE Framework supports consistent organizational and sector communication for cybersecurity education, training, and workforce development. A user of the NICE Framework will reference it for different aspects of workforce development, education, and/or training purposes, and when that material is used at organizational levels, the user should customize what is pulled from the NICE Framework to standards, regulations, needs, and mission of the user’s organization. The NICE Framework is a reference starting point for the content of guidance and guidelines on career paths, education, training, and credentialing programs. The NICE Framework is a resource that will strengthen an organization’s ability to communicate consistently and clearly about cybersecurity work and its cybersecurity workforce. Organizations or sectors can develop additional publications or tools that meet their needs to define or provide guidance on different aspects of workforce development, planning, training, and education.
The Document Includes:
- NIST Framework
- Purpose and applicability
- Audience/Users, including employers, cybersecurity workers, educators, trainers and technology providers
- Components of the NICE framework, including specialitiy areas, categories, work rolse,, knowledge-skills-abilities (KSA’s) and tasks
- How to use the framework
- Elements of the framwork
- Work role detail
- Workforce development tools
- Cross reference to other documents
If you would like more information, there is also a like to the Department of Homeland Security publication: Cybersecurity Workforce Development Kit.