The National Initiative for Cybersecurity Education (NICE) has released Version 2.0.0 of its Workforce Framework for Cybersecurity, marking a significant advancement in standardizing the description of cybersecurity roles and competencies. This update aims to improve communication among stakeholders in the cybersecurity ecosystem, facilitating better identification, recruitment, development, and retention of talent.
Key Updates in Version 2.0.0
One of the most notable changes in this version is the removal of two Work Role Categories: Cyberspace Effects and Cyberspace Intelligence. These categories, along with their associated Work Roles, have been transitioned to the Department of Defense (DoD) Cyber Workforce Framework (DCWF). This realignment allows the NICE Framework to focus more on roles pertinent to the broader cybersecurity workforce, while the DCWF addresses military and intelligence-specific functions.
In addition to these structural changes, the framework introduces a new Work Role: Operational Technology (OT) Cybersecurity Engineering (DD-WRL-009). This role is designed to address the growing need for securing industrial control systems and operational technology environments. Professionals in this role are responsible for designing and implementing systems, processes, and procedures that ensure the safety, reliability, controllability, and security of industrial systems.
Furthermore, two existing Work Roles have been updated to reflect evolving industry standards and practices:
– Digital Evidence Analysis (IN-WRL-002): Enhancements have been made to the Task, Knowledge, and Skill (TKS) statements to better align with current digital forensic methodologies.
– Insider Threat Analysis (PD-WRL-005): Updates focus on improving the alignment of TKS statements with contemporary strategies for identifying and mitigating insider threats.
The Cyber Resiliency (NF-COM-007) Competency Area has also undergone significant revision. It now includes 56 Knowledge statements and 67 Skill statements, with 22 new additions, providing a more comprehensive framework for assessing and developing cyber resiliency capabilities.
Administrative Enhancements
Version 2.0.0 includes several administrative updates aimed at improving the framework’s clarity and usability:
– Correction of Errors: Typos and spelling errors have been rectified across 14 statements, and grammatical improvements have been made to enhance readability.
– Streamlining TKS Statements: The update adds 111 new TKS statements and removes 275 redundant or outdated ones, resulting in a total of 2,111 TKS statements. This streamlining effort ensures that the framework remains relevant and efficient.
Implications for Stakeholders
The release of Version 2.0.0 represents a major update that may affect organizations and tools utilizing the NICE Framework components. The removal of specific Work Role Categories and the introduction of new roles necessitate a review and potential adjustment of existing workforce development programs, job descriptions, and training curricula.
The National Initiative for Cybersecurity Careers and Studies (NICCS) is in the process of updating its tools and information to reflect these changes. However, users should be aware that some interactive tools, such as the NICE Framework Mapping Tool and the Education & Training Catalog, may still be operating on data from the previous version until updates are fully implemented.
Training providers with courses listed in the NICCS Education & Training Catalog are encouraged to contact NICCS for guidance on aligning their offerings with the updated framework.
Looking Ahead
The NICE Program Office plans to continue evolving the framework through a software update versioning approach, incorporating both minor and major updates over time. Stakeholders are encouraged to engage with the NICE Framework Users Group to stay informed about future developments and to contribute to the ongoing refinement of the framework.
For more information on the NICE Framework and to access the updated components, visit the NICE Framework Resource Center.
