The U.S. Commerce Department’s National Institute of Standards and Technology (NIST) on Wednesday released a resource that it says will help U.S. employers more effectively identify, recruit, develop and maintain cybersecurity talent.
The draft NICE Cybersecurity Workforce Framework (NCWF) provides a common language to categorize and describe cybersecurity work to help organizations build a strong staff to protect their systems and data.
NCWF was developed by the NIST-led National Initiative for Cybersecurity Education and is the culmination of many years of collaboration between industry, government and academia, said NIST. The U.S. Departments of Defense and Homeland Security were significant contributors.
In addition to helping educate, recruit, train and retain a qualified cybersecurity workforce, the NCWF will serve as a building block for the development of training standards, as well as for individual career planning. It will also allow organizations to develop a more realistic image of their cybersecurity workforce.
“When identifying their cybersecurity staff, many organizations overlook cybersecurity tasks being performed by lawyers, auditors and procurement officers,” said Bill Newhouse, NICE deputy director and lead author of the document. “The NCWF can help an organization identify cybersecurity tasks within a work role that are vital to its mission and then examine if its current staff can perform those tasks and, if not, hire staff who can.”
The more than 50 work roles defined in the framework include “cyber legal advisor” and “vulnerability analyst.” Each work role is defined by extensive sets of related knowledge, skills and abilities (KSAs) and tasks.
The federal government will soon be using the NCWF to identify its cybersecurity workforce, as directed by the Federal Cybersecurity Workforce Assessment Act of 2015 (Division N, Consolidated Appropriations Act, 2016 ), said NIST.