The CyberStronger Skills Assessment is carefully designed to meet the recommendations of the NICE Cybersecurity Workforce Framework (NCWF). NCWF is viewed as the “cybersecurity workforce dictionary,” providing the nationally recognized information and standards necessary to educate, recruit, train, develop, and retain a highly-qualified cyber security workforce.

NCWF identifies seven high-level categories of common cyber security functions. These provide the overarching structure of the NCWF. These categories are further divided into work roles. The NCWF also identifies specific competencies and related knowledge, skills, and abilities (KSAs) expected of a professional working in one of the identified work roles.

CYBRScore Skills Assessments utilize the NCWF recommendations to provide a performance-based assessment solution for employers seeking to evaluate their current workforce and position candidates.

What Is the NIST NICE Framework?

Developed by the National Institute of Standards and Technology (NIST), the NICE Cybersecurity Workforce Framework was the result of a 2017 presidential executive order on strengthening the cybersecurity of federal networks and critical infrastructure. The massive 2014 breach of the U.S. Office of Personnel Management underscored the need for federal cybersecurity improvements. The idea behind the NICE national initiative, however, is to strengthen security not only within the government but also in the private sector.

The NICE Framework is similar to another set of guidelines whose goal is to help address cybersecurity risks: the NIST cybersecurity framework, which provides a set of best practices across all industries. Although the NIST cybersecurity framework is voluntary outside of the federal government, many organizations in the private sector have implemented it at least partially. Expect to see similar adoption patterns for NICE.

The NIST NICE Framework focuses on seven category groups:

SECURELY PROVISION (SP)

Conceptualizes, designs, and builds secure information technology (IT) systems, with responsibility for aspects of systems and/or networks development.

OPERATE & MAINTAIN (OM)

Provides the support, administration, and maintenance necessary to ensure effective and efficient information technology (IT) system performance and security

OVERSEE & GOVERN (OV)

Provides leadership, management, direction, or development and advocacy so the organization may effectively conduct cyber security work

PROTECT & DEFEND (PR)

Identifies, analyzes, and mitigates threats to internal information technology (IT) systems and/or networks

ANALYZE (AN)

Performs highly specialized review and evaluation of incoming cyber security information to determine its usefulness for intelligence

COLLECT & OPERATE (CO)

Provides specialized denial and deception operations and collection of cyber security information that may be used to develop intelligence

INVESTIGATE (IN)

Investigates cyber security events or crimes related to information technology (IT) systems, networks, and digital evidence