What It Is
The NICE Cybersecurity Workforce Framework — formally published as
NIST Special Publication 800-181 (Rev. 1) — is a nationally recognized reference
framework describing cybersecurity work and the knowledge, skills, and abilities
required to perform that work effectively.
Developed by the National Institute of Standards and Technology (NIST) under the
National Initiative for Cybersecurity Education (NICE), the framework provides
updated structure and terminology for workforce alignment.
Purpose & Scope
The NICE Framework serves as a common lexicon for cybersecurity roles, tasks,
knowledge, and skills to support workforce development.
- Improve communication about cybersecurity workforce needs
- Assist employers in defining cybersecurity positions
- Support curriculum alignment for educators and trainers
- Guide career development and workforce planning
The framework is not prescriptive but provides standardized guidance for repeatable workforce structuring.
Core Building Blocks
Tasks
Concrete cybersecurity activities (e.g., analyze data, configure systems).
Knowledge
Information required to perform tasks (e.g., networking, risk management).
Skills
Practical capabilities required to execute cybersecurity functions.
Tasks, Knowledge, and Skills (TKS) collectively describe cybersecurity work activities.
Work Roles & Competency Areas
Work Roles
Standardized groupings of tasks such as Cyber Defense Analyst or Security Control Assessor.
Competency Areas
Clusters of knowledge and skills supporting multiple work roles.
Who Uses It
- Employers – workforce planning and job structuring
- Educators – curriculum alignment
- Students & Professionals – career pathway development
- Certification Bodies – credential alignment
List of Current NICE Work Roles
1. Securely Provision (SP)
Focus: Designing and developing secure systems
- Secure Software Assessor
- Security Architect
- Software Developer
- Systems Developer
- Systems Security Analyst
- Technology Research & Development Specialist
- Requirements Planner
- Enterprise Architect
2. Operate & Maintain (OM)
Focus: Maintaining secure operations
- System Administrator
- Network Operations Specialist
- IT Investment/Portfolio Manager
- Systems Security Administrator
- Technical Support Specialist
- Data Analyst
3. Oversee & Govern (OV)
Focus: Governance and compliance
- Authorizing Official
- Cybersecurity Program Manager
- Information Systems Security Manager (ISSM)
- Security Control Assessor
- Privacy Officer
- Cyber Legal Advisor
- Training & Awareness Specialist
4. Protect & Defend (PR)
- Cyber Defense Analyst
- Incident Responder
- Vulnerability Assessment Analyst
- Threat/Warning Analyst
- Cyber Defense Forensics Analyst
- Intrusion Analyst
5. Analyze (AN)
- All-Source Analyst
- Target Developer
- Cyber Intelligence Analyst
- Exploitation Analyst
- Language Analyst
6. Collect & Operate (CO)
- Cyber Operator
- Collection Operations Manager
- Cyber Operations Planner
- Partner Integration Planner
- Cyber Exploitation Specialist
7. Investigate (IN)
- Cyber Crime Investigator
- Digital Forensics Analyst
- Law Enforcement / Counterintelligence Forensics Specialist
NICE-Aligned Certification Curriculum Framework
- Certified Cybersecurity Professional (CCP)
- SOC Analyst (PR-CDA-001)
- Incident Responder (PR-INC-001)
- GRC – Governance, Risk, and Compliance (OV-SCA-001)
- Security Architect (SP-ARC-001)